CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

*** NOTE: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the module vendor.

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#	Vendor / CST Lab	Cryptographic Module	Module Type	Val. Date	Level / Description
1941	IBM Internet Security Systems, Inc. 6303 Barfield Road Atlanta, GA 30328 USA -Scott Sinsel TEL: 404-236-2722 FAX: 404-236-2632 CST Lab: NVLAP 200416-0	Proventia GX Series Security Appliances (Hardware Versions: GX7800 and GX7412; with FIPS-LABELS: FIPS 140 tamper evidence labels; Firmware Version: 4.3) (When operated in FIPS mode when installed with Firmware v4.3 and with the tamper evidence seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/30/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #2006); HMAC (Cert. #1211); RNG (Cert. #1049); RSA (Cert. #1035); SHS (Cert. #1756) -Other algorithms: RSA (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1940	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	IOS Common Cryptographic Module (IC2M) (Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	04/30/2013	Overall Level: 1  -Tested: Cisco Catalyst 2960 with IOS 15.0SE; Cisco 3925 ISR with IOS 15.2; Cisco 2811 ISR with IOS 15.2 -FIPS-approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360) -Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
1939	Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0	HiCOS PKI Native Smart Card (Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/30/2013	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155) -Other algorithms: N/A Single-chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
1938	SafeLogic, Inc. 530 Lytton Avenue Suite 200 Palo Alto, CA USA -SafeLogic Inside Sales CST Lab: NVLAP 200556-0	CryptoComply™ | Mobile (Software Version: 2.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/30/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); Multi-chip standalone "CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
1937	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0	Symantec App Center Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/30/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); Multi-chip standalone "The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
1936	Mxtran Inc. 9F, No.16, Li-Hsin Road, Science Park Hsin-chu, 300 Taiwan, R.O.C. -C.W. Pang TEL: +886-3-6661778#29300 FAX: +886-3-6662568 CST Lab: NVLAP 200824-0	Mxtran Payeeton Solution (Hardware Version: MX12E320128E; Firmware Version: Simker v3.20) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/24/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1691); ECDSA (Cert. #340); HMAC (Cert. #1339); RNG (Cert. #1107); RSA (Cert. #1127); SHS (Cert. #1479); Triple-DES (Cert. #1091) -Other algorithms: Triple-DES (Cert. #1091, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "Mxtran Payeeton Solution of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via Short Message Service for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1935	Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco 5915 Embedded Services Routers (Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/18/2013	Overall Level: 1  -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310) -Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1934	VT iDirect, Inc. 13865 Sunrise Valley Drive Suite 100 Herndon, VA 20171 USA -Paul Harr TEL: 703-648-8225 FAX: 703-648-8088 CST Lab: NVLAP 200556-0	Evolution e8350™ - FIPSL2 Satellite Router [1], iConnex e800™ - FIPSL2 Satellite Router Board [2], iConnex e850MP™ - FIPSL2 Satellite Router Board [3], Evolution eM1D1™ - FIPSL2 Line Card [4] and Evolution eM0DM™ - FIPSL2 Line Card [5] (Hardware Versions: Part #E0000051-0005 [1]; Part #E0001340-0001 [2]; Part #E0000731-0004 [3]; Part #E0001306-0001 [4]; Part #E0001306-0002 [5]; Firmware Version: iDX version 2.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/18/2013	Overall Level: 1  -Physical Security: Level 2 -FIPS-approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant) Multi-chip embedded "iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1933	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode with Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758, Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module validated to FIPS 140-2 under Cert. #1901, Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module validated to FIPS 140-2 under Cert. #1757 and NSS Cryptographic Module validated to FIPS 140-2 under Cert. #1837, each module shall be obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policies specifies the precise RPM file containing each module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/15/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1657, #1658, #1659, #1660, #1661, #1662, #1663, #1664, #1725, #1726, #1741 and #1742); HMAC (Certs. #1128, #1129, #1130, #1131, #1132, #1133, #1134, #1135, #1199 and #1200); RNG (Certs. #988, #991, #992 and #993); DSA (Certs. #628, #629, #634 and #635); PBKDF (vendor affirmed) -Other algorithms: DES; AES-CTR (non-compliant); AES-XTS (non-compliant); AES-CBC (non-compliant) Multi-chip standalone "Device-mapper is an infrastructure in the Linux kernel that provides a generic way to create virtual layers of block devices on top of real block devices. dm-crypt is a device-mapper target that provides transparent encryption of block devices using the Kernel Crypto API shipped with RHEL 6.2. The user can specify one of the symmetric ciphers, a key (of any allowed size), an IV generation mode which allows the user to create a new block device in /dev. Writes to this device will be encrypted and reads decrypted transparent to the user."
1932	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances (Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3] or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 8.4.4.1) (Validated when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy and when operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #105, #1407, #2047, #2049 and #2050); HMAC (Certs. #125, #301, #1244, #1246 and #1247); RNG (Certs. #144, #329, #772, #1068 and #1070); RSA (Certs. #106, #261, #1064, #1065 and #1066); SHS (Certs. #196, #630, #1791, #1793 and #1794); Triple-DES (Certs. #217, #559, #960, #1320 and #1321) -Other algorithms: DES; HMAC MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes"
1931	INSIDE Secure 41 Parc Club du Golf Aix-en-Provence, 13856 France -Bob Oerlemans TEL: +31 73 6581 900 FAX: +31 73 6581 999 CST Lab: NVLAP 200427-0	SafeZone FIPS Cryptographic Module (Software Version: 1.0.3) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/08/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard; Android 2.3 running on a Pandaboard; Android 4.0 running on a Pandaboard (single-user mode) -FIPS-approved algorithms: AES (Cert. #2041); CVL (Cert. #21); CVL (SP 800-135rev1, vendor affirmed); DRBG (Cert. #203); DSA (Cert. #648); ECDSA (Cert. #299); HMAC (Cert. #1240); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #1061); SHS (Cert. #1787); Triple-DES (Cert. #1318) -Other algorithms: AES (Cert. #2041, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices."
1930	SUSE Linux Products GmbH Maxfeldstr. 5 Nuremberg, 90409 Germany -Roman Drahtmüller TEL: +49-911-74053127 CST Lab: NVLAP 200658-0	OpenSSL Module (Software Version: 0.9.8j) (The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in the security policy section 9.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/08/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 with AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Certs. #2052, #2053, #2054 and #2055); Triple-DES (Certs. #1323 and #1324); DSA (Certs. #650 and #651); SHS (Certs. #1797 and #1798); RNG (Certs #1073 and #1074); HMAC (Cert #1249 and #1250); RSA (Certs #1069 and #1070) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The OpenSSL Module is a software library supporting FIPS 140-2 -approved cryptographic algorithms for the purposes of protecting data in transit and at rest on the SUSE Linux platforms."
1929	SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 USA -Usha Sanagala TEL: 408-962-6248 FAX: N/A CST Lab: NVLAP 100432-0	SRA EX9000 (Hardware Version: P/N 101-500352-50 Rev A; Firmware Version: SRA 10.6.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/08/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG; MD5; RC4 Multi-chip standalone "Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell® SonicWALL® Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices."
1928	Christie Digital Systems Canada, Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 CANADA -Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0	Christie IMB-S2 4K Integrated Media Block (IMB) (Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641 or 1.0.3-3047 or 1.1.0-3271 or 1.2.0-3400 or 1.2.1-3546) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/08/2013; 04/19/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Cert. #1066); RSA (Cert. #1062) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box Multi-chip embedded "The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
1927	Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion No.9 Xueqing Road Haidan District Beijing, 100085 China -Tibi Zhang TEL: 86-010-62304466 x821 FAX: 86-010-62304416 -Xiaozhi Zheng TEL: 86-010-62304466 x531 FAX: 86-010-62304416 CST Lab: NVLAP 200427-0	FEITIAN-FIPS-COS (Hardware Version: 1.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/08/2013	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader."
1926	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/08/2013	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Single-chip
1925	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Key Management Module (Software Version: KM1.1) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/04/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 on Galaxy S2 and Galaxy S3; Android Jelly Bean 4.1 on Galaxy Note II (single-user mode) -FIPS-approved algorithms: AES (Certs. #2048, #2098, #2142, #2143 and #2257); SHS (Certs. #1792, #1822, #1864, #1865 and #1944); RNG (Certs. #1069, #1080, #1097, #1098 and #1127); HMAC (Certs. #1245, #1273, #1309, #1310 and #1384); PBKDF (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform."
1924	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP MSR30/50 Routers with Encryption Accelerator Modules (Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A and HP MSR50-60 with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/26/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Certs. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1923	Crossbeam Systems, Inc. 80 Central Street Boxborough, MA 01719 USA CST Lab: NVLAP 200556-0	X60 and X80-S Platforms (Hardware Versions: (APM-9600, CPM-9600, NPM-9610 and NPM-9650) with XS-FIPS-LABEL-KIT; Firmware Version: XOS v9.9.0.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #1877 and #1878); Triple-DES (Certs. #1220 and #1221); RSA (Cert. #958); SHS (Certs. #1650 and #1651); RNG (Certs. #983); DSA (Cert. #587) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (Cert #961; non-compliant); PRNG (Cert #986; non-compliant); DSA (Cert #590; non-compliant); Blowfish; RC4; CAST128 Multi-chip standalone "Crossbeam’s X-Series network security platform offers enterprises, service providers and governments an open, high-performance architecture that easily scales multiple security applications to meet changing security threats. Crossbeam intelligently manages risk and protects businesses from evolving threats."
1922	Hewlett-Packard Company 1160 Enterprise Way Sunnyvale, CA 94089 USA -Theresa Conejero TEL: 650-265-3634 FAX: 650-265-5528 CST Lab: NVLAP 100432-0	HP Enterprise Secure Key Manager (Hardware Version: P/N AJ585A, Version 3.0; Firmware Version: 5.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); DSA (Cert. #653); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
1921	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1920	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1919	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1918	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco 7600 Series Routers with Supervisor RSP720 (Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3) (Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312) -Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip standalone "The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers."
1916	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/22/2013	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Single-chip
1915	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Kernel Cryptographic Module (Software Versions: SKC1.4.1 and SKC 1.4.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	03/20/2013	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S3; Android Jelly Bean 4.1 running on Note II (single-user mode) -FIPS-approved algorithms: AES (Certs. #2056, #2097, #2141, #2144 and #2256); SHS (Certs. #1799, #1821, #1863, #1866 and #1943); RNG (Certs. #1075, #1079, #1096, #1099 and #1126); Triple-DES (Certs. #1325, #1334, #1361, #1362 and #1411); HMAC (Certs. #1251, #1272, #1308, #1311 and #1383) -Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash) Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1914	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP MSR30/50 Routers (Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-20 with JG585A and JG579A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR 30-40 PoE with JG585A and JG580A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A, HP MSR50-60 with JG586A and JG584A, HP MSR50-40 DC with JG586A and JG583A and HP MSR50-60 DC with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1913	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP A-Series Routers (Hardware Versions: HP 6602 with JG586A and JG575A, HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1912	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP Networking Switches (Hardware Versions: HP 5120-24G EI with JG585A and JG557A, HP 5120-48G EI with JG585A and JG557A, HP 5120-24G-PoE+ EI with JG585A and JG559A, HP 5120-48G-PoE+ EI with JG585A and JG559A, HP 5500-24G EI with JG585A and JG557A, HP 5500-24G-PoE+ EI with JG585A and JG559A, HP 5500-24G-SFP EI with JG585A and JG558A, HP 5500-48G EI with JG585A and JG557A, HP 5500-48G-PoE+ EI with JG585A and JG559A, HP 5800-24G with JG585A and JG563A, HP 5800-24G-PoE+ with JG585A and JG560A, HP 5800-24G-SFP with JG585A and JG562A, HP 5800-48G with JG585A and JG563A, HP 5800-48G-PoE with JG585A and JG560A, HP 5800-48G-2slot with JG585A and JG561A, HP 5820-14XG-SFP with JG585A and JG561A, HP 5820-24XG-SFP with JG585A and JG564A, HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12508 with JG586A and JG574A and HP 12518 with JG586A and JG573A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	03/20/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Multi-chip standalone "HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter application and are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes fixed-port L2/L2+ managed Ethernet switch appliances, fixed-port L3 managed Ethernet switch appliances, and modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1911	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP A-Series Routers with VPN Firewall Module (Hardware Versions: HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1910	Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA -Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0	HP Networking Switches with VPN Firewall (Hardware Versions: HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12508 with JG586A and JG574A and HP 12518 with JG586A and JG573A; Software Version: 5.2; Firmware Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter applicationan are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1909	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 FAX: n/a CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Version: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K-K9 [B], WS-SVC-WISM2-K-K9= [B], WS-SVC-WISM2-K9= [A, B], WS-SVC-WISM2-5-K9= [A, B], WS-SVC-WISM2-3-K9= [A, B], WS-SVC-WISM2-1-K9= [A, B], WS-SVC-WISM2-5-K9 [A, B], WS-SVC-WISM2-3-K9 [A, B] or WS-SVC-WISM2-1-K9 [A, B]]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1, or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.230.0 [A] or 7.2.103.0 [B]) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1908	Panzura, Inc. 22 Great Oaks Blvd # 150 San Jose, CA 95119 USA -Randy Chou TEL: 408-457-8504 CST Lab: NVLAP 100432-0	Panzura Cryptographic Module 4.2 (Software Version: 4.2) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/20/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with Panzura Cloud Controller 8.0 running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 (single user mode) -FIPS-approved algorithms: AES (Cert. #2269); DRBG (Cert. #278); DSA (Cert. #707); HMAC (Cert. #1389); RNG (Cert. #1130); RSA (Cert. #1162); SHS (Cert. #1951); Triple-DES (Cert. #1417); ECDSA (Cert. #366); CVL (Cert. #42) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The Panzura Cryptographic Module provides validated cryptographic services for multiple Panzura products."
1907	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco Aironet® CAP3602E and CAP3602I Wireless LAN Access Points (Hardware Versions: CAP3602E Revision B0 and CAP3602I Revision B0; FIPS Kit AIR-AP-FIPSKIT=, Version B0; Firmware Version: 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/14/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1991, #1992 and #1993); HMAC (Certs. #1204 and #1205); RNG (Cert. #1046); RSA (Cert. #1033); SHS (Certs. #1746 and #1747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet® 3600 Series sustains reliable connections at higher speeds further from the access point than competing solutions, resulting in up to three times more availability of 450 Mbps rates, and optimizing the performance of more mobile devices. Cisco Aironet® 3600 Series is an innovative, modular platform that offers unparalleled investment protection with future module expansion to support incoming 802.11ac clients with 870 Mbps rates, or offer comprehensive security and spectrum monitoring and control."
1906	Biscom, Inc. 321 Billerica Road Chelmsford, MA 01824 USA -Bill Ho TEL: 978-367-3544 FAX: 978-367-9624 -Sharif Rahman TEL: 978-367-3544 FAX: 978-367-9624 CST Lab: NVLAP 200427-0	Biscom Cryptographic Library Version 1.0 (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/12/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) with Sun JRE 6.0 running on a Dell Optiplex 790 (single-user mode) -FIPS-approved algorithms: AES (Cert. #2029); HMAC (Cert. #1231); RNG (Cert. #1062); SHS (Cert. #1778) -Other algorithms: N/A Multi-chip standalone "The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application"
1905	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module (Hardware Versions: ST900MM0036 [1], ST600MM0036 [1], ST4000NM0063 [1] and ST4000NM0073 [2]; Firmware Versions: A000 [1] and F001 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/12/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Savvio+ 10K.6 and Constellation+ ES.3 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1904	Fortress™ Technologies 2 Technology Park Drive Westford, MA 01886 USA -Michael Chapman TEL: 978-923-6430 FAX: 813-288-7389 CST Lab: NVLAP 200427-0	Fortress Mesh Points (Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/20/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1903	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Loadable Kernel Module (Software Version: 5.5f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/22/2013; 03/28/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200 (single-user mode) -FIPS-approved algorithms: AES (Cert. #2039 and #2272); Triple-DES (Cert. #1316); SHS (Cert. #1785); HMAC (Cert. #1238); RNG (Cert. #1065); DRBG (Cert. #201) -Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1902	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Laurence Hamid TEL: 819-595-3069 CST Lab: NVLAP 100432-0	Imation S250/D250 (Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.5.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/21/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1901	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/21/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs #628, #629, #634 and #635) -Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant) Multi-chip standalone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1900	Gemalto Avenue du Pic de Bertagne - BP100 Gemenos, 13881 France -Anthony Vella TEL: +33 4 42 36 61 38 FAX: +33 4 42 36 52 36 CST Lab: NVLAP 100432-0	MultiApp ID V2.1 Platform (Hardware Version: P5CC081 [1] and P5CC145 [2]; Firmware Version: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2]) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/21/2013	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17) -Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman Single-chip "MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment."
1890	IBM Internet Security Systems, Inc. 6303 Barfield Road Atlanta, GA 30328 USA -Scott Sinsel TEL: 404-236-2722 FAX: 404-236-2632 CST Lab: NVLAP 200416-0	SiteProtector Cryptographic Module (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/19/2013	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270 -FIPS-approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090) -Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1889	Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA -Mr. Robert Strong TEL: 317-806-3288 -Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0	Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3], and WXC [4] Controllers (Hardware Versions: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/13/2013	Overall Level: 1  -FIPS-approved algorithms: SHS (Cert. #1583); AES (Cert. #1802) -Other algorithms: N/A Multi-chip embedded "The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System."
1888	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco Aironet 1552E Outdoor Access Point (Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0, 7.0.240.0 or 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/11/2013; 03/28/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera."
1887	Cambium Networks Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ12 7UP UK -Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0	Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS and PTP600-10-05-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/08/2013; 02/22/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations."
1886	Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA -Wallace Davis TEL: 480-333-2189 CST Lab: NVLAP 200427-0	DMD2050E TRANSEC Module (Hardware Version: PL-0000192-1, Revision A; Firmware Version: 1.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/08/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5 Multi-chip embedded "The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic."
1885	Curtiss-Wright Controls Defense Solutions 2600 Paramount Place, Suite 200 Fairborn, OH 45324 USA -Paul Davis TEL: 937-252-560 FAX: 937-252-2729 -Matt Young TEL: 937-252-2729 FAX: 937-252-2729 CST Lab: NVLAP 200427-0	3U VPX-1TB FSM Flash Storage Module (Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732) -Other algorithms: TRNG Multi-chip embedded "The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications."
1884	Totemo AG Freihofstrasse 22 Küsnacht, CH-8700 Switzerland -Marcel Mock TEL: +41 44 914 99 00 -Daniel Raap TEL: +41 44 914 99 00 CST Lab: NVLAP 200928-0	Totemo Cryptographic Module (TCM) (Software Version: 2.0) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/08/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode) -FIPS-approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252) -Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites."
1883	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Andrew Young TEL: 443-327-1183 FAX: 410-931-7524 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 100432-0	eToken 5100, 5105, 5200 and 5205 (Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/08/2013; 02/15/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1882	Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -Jim Feeley TEL: 613-270-3198 FAX: 613-270-2505 CST Lab: NVLAP 100432-0	Entrust IdentityGuard PIV Credential (Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799) (PIV Card Application: Cert. #33) (When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5) -Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model."
1881	WinMagic Inc. 200 Matheson Boulevard West Suite 201 Mississauga, ON L5R 3L7 Canada -Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0	SecureDoc® Disk Encryption Cryptographic Engine for MacOS X (Software Version: 6.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/04/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro; Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode) -FIPS-approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159) -Other algorithms: AES (Certs. #1924 and #1925, key wrapping) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops."
1880	WinMagic Inc. 200 Matheson Boulevard West Suite 201 Mississauga, ON L5R 3L7 Canada -Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0	SecureDoc® Disk Encryption Cryptographic Engine for Windows (Software Version: 6.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/04/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159) -Other algorithms: AES (Certs. #1924 and #1925, key wrapping) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1879	TechGuard Security 28 Hawk Ridge Circle Suite 107 Lake St. Louis, MO 63367 USA -David Maestas TEL: 636-489-2230 CST Lab: NVLAP 200002-0	PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance (Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	02/04/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries."
1878	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.5f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	01/31/2013; 03/28/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200 (single-user mode) -FIPS-approved algorithms: AES (Certs. #2039 and #2272); Triple-DES (Cert. #1316); SHS (Cert. #1785); HMAC (Cert. #1238); RSA (Cert. #1059); DSA (Cert. #647); ECDSA (Cert. #298); RNG (Cert. #1065); DRBG (Cert. #201) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1877	Palo Alto Networks 3300 Olcott Street Santa Clara, CA 95054 USA -Jake Bajic TEL: 408-753-3901 FAX: 408-753-4001 CST Lab: NVLAP 100432-0	PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls (Hardware Versions: HW P/Ns 910-000006-00H Rev. H with FIPS Kit P/N 920-000005-004 Rev. 4 (PA-500), 910-000004-00Q Rev. Q with FIPS Kit P/N 920-000004-004 Rev. 4 (PA-2020), 910-000003-00Q Rev. Q with FIPS Kit P/N 920-000004-004 Rev. 4 (PA-2050), 910-000002-00U Rev. U with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00U Rev. U with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050), 910-000005-00L Rev. L with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060), 910-000010-008 Rev. 8 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5020), 910-000009-009 Rev. 9 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5050) and 910-000008-008 Rev. 8 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5060); Firmware Version: 4.0.10 or 4.0.12-h2) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/30/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications."
1876	Apricorn Inc. 12191 Kirkham Road Poway, CA 92064 USA -Robert Davidson TEL: 858-513-4430 FAX: 858-513-2020 CST Lab: NVLAP 100432-0	Apricorn Aegis Secure Key (Hardware Versions: ASK-256-4GB [1], ASK-256-8GB [2], ASK-256-16GB [3] and ASK-256-32GB [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4]) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/30/2013 03/08/2013; 03/28/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)."
1875	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/25/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1874	Ultra Stereo Labs, Inc. 181 Bonetti Drive San Luis Obispo, CA 93401 USA -Larry McCrigler TEL: 805-549-0161 FAX: 805-549-0163 CST Lab: NVLAP 100432-0	IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks (Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/18/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI Multi-chip embedded "The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1873	iStorage Limited Research House Fraser Road Greenford, Middlesex UB6 7AQ England -John Michael TEL: +44 20 8537-3435 FAX: +44 20 8537-3438 CST Lab: NVLAP 100432-0	datAshur Secure USB Flash Drive (Hardware Versions: IS-FL-DA-256-4 [1], IS-FL-DA-256-8 [2], IS-FL-DA-256-16 [3] and IS-FL-DA-256-32 [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4]) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/08/2013; 01/24/2013; 03/28/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked."
1872	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150F (Hardware Version: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/08/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1871	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150F (Hardware Version: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/08/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1870	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100F (Hardware Version: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/08/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1869	WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA -Peter Eng TEL: 206 613 6600 CST Lab: NVLAP 200556-0	XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23] (Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/21/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5 Multi-chip standalone "WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1868	Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA -Main Office TEL: 601-519-0123 FAX: 601-510-9080 -Stella Kwon TEL: 703-736-8363 FAX: 601-510-9080 CST Lab: NVLAP 200002-0	B200™, B300™ and B400™ Remote Support Appliances (Hardware Versions: B200 [1], B300r1 [2] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3]; Front Bezels: (FB000300 [2] and FB000400 [3]); Software Version: 12.1.6FIPS; Firmware Version: 3.3.2FIPS) (When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/15/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #2219); Triple-DES (Cert. #1389), RSA (Cert. #1136), SHS (Cert. #1910); HMAC (Cert. #1350); RNG (Cert. #1113) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1867	Pitney Bowes Inc. 37 Executive Drive Danbury, CT 06810 USA -David Riley TEL: 203-796-3208 FAX: 203-796-3129 CST Lab: NVLAP 100432-0	Cygnus X3 Hardware Security Module (XHSM) (Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed) -Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1866	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0	FortiGate-3950B/3951B (Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/19/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware (Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/18/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1864	Cambium Networks, Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ13 7UP UK -Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0	Cambium Networks PTP 800 Compact Modem Unit (CMU) (Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-05-02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/04/2013; 02/22/2013	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1863	Kaseya US Sales, LLC 901 N. Glebe Road Suite 1010 Arlington, VA 22203 USA -Bill Durant TEL: 415-694-5700 CST Lab: NVLAP 200996-0	Virtual System Administrator Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	12/13/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8; Windows 7 (32-bit); Windows 7 (64-bit); Windows Server 2008; Red Hat Enterprise Linux 5.5 (32-bit); Red Hat Enterprise Linux 5.5 (64-bit) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185) -Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant) Multi-chip standalone "The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1862	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module (Hardware Version: 1BU282; Firmware Version: 0003) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/07/2013; 01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1861	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Youngjin Son TEL: +82-10-6700-6735 CST Lab: NVLAP 200900-0	RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks) (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/10/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with VxWorks (single user mode) -FIPS-approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1860	CMS Products 12 Mauchly Unit E Irvine, CA 92618 USA -Les Kristof TEL: 714-424-5521 FAX: 949-754-9060 CST Lab: NVLAP 100432-0	CE Secure (Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption."
1859	Red Hat®, Inc. 314 Littleton Road Raleigh, NC 27606 USA -Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	12/03/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5 Multi-chip standalone "The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858	Vidyo, Inc. 433 Hackensack Ave, 6th Floor Hackensack, NJ 07601 USA CST Lab: NVLAP 200556-0	Cryptographic Security Kernel (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without AES-NI; Mac OS X 10.6.8 32-bit running on Intel Core Duo without AES-NI; Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without AES-NI; Windows 7 32-bit running on Intel Core Duo without AES-NI; Windows 7 64-bit running on Intel Core 2 Duo without AES-NI; Windows XP 32-bit running on Intel Core Duo without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with AES-NI; Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with AES-NI; Windows XP 32-bit running on Intel Core i5 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777) -Other algorithms: N/A Multi-chip standalone "The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1857	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/29/2012; 12/03/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1855	Nexus Wireless Artists Court 15 Manette Street London, W1D 4AP United Kingdom -Paul Richards TEL: +44-207-734-0200 FAX: +44-207-734-0210 CST Lab: NVLAP 200416-0	Nexus FIPS 140-2 Crypto Module (Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/18/2013	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524) -Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1854		Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/28/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1853	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Version: 7.0.230.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiWiFi-60C (Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise Control Center (Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012; 12/12/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012; 01/24/2013	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #2018); DRBG (Cert. #192); DSA (Cert. #643); ECDSA (Certs. #293 and #294); HMAC (Cert. #1222); RNG (Cert. #1058); RSA (Cert. #1047); SHS (Cert. #1768); Triple-DES (Cert. #1303) -Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-60 and AP-61 Wireless Access Points (Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150E (Hardware Version: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150E (Hardware Version: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100E (Hardware Version: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843	Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0	Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2 (Hardware Versions: A1025258 and A1023393; Firmware Version: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10) (PIV Card Application: Cert. #30) (When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842	SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 USA -Usha Sanagala TEL: 408-962-6248 FAX: N/A CST Lab: NVLAP 100432-0	SRA EX6000 and SRA EX7000 (Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG; MD5; RC4 Multi-chip standalone "Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841	InZero Systems 13755 Sunrise Valley Drive Suite 750 Herndon, VA 20171 U.S.A. -FIPS Product Team TEL: 703-636-2048 FAX: 703-793-1805 CST Lab: NVLAP 200002-0	InZero Gateway (Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1840	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware (Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS or ArubaOS_MMC_6.1.4.1-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/11/2013; 03/08/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1839	Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -James Kendry TEL: 972-726-0419 FAX: 972-713-5805 CST Lab: NVLAP 100432-0	Entrust Authority™ Security Toolkit for the Java®Platform (Software Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755 -FIPS-approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RNG (Cert. #1019); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE Multi-chip standalone "Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1838	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points (Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1837	Red Hat, Inc. 1801 Varsity Drive Raleigh, NC 27606 USA -Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0	NSS Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/08/2012	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240) -Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1836	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Youngjin Son TEL: +82-10-6700-6735 CST Lab: NVLAP 200900-0	RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS) (Software Versions: 3.0.0.1 and 3.0.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	11/08/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with pSOS (single user mode) -FIPS-approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1835	Cavium Networks 2315 N First Street San Jose, CA 95131 USA -TA Ramanujam TEL: 408-931-2952 FAX: 408-577-1992 CST Lab: NVLAP 100432-0	NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Version: CN16XX-NFBE-FW-2.1-110015) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1834	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3] (Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1833	Motorola Solutions, Inc. One Motorola Plaza Holtsville, NY 11742 USA -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164 CST Lab: NVLAP 200968-0	Fusion 802.1x Authentication Supplicant (Software Version: H_3.40.0.0.19) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	01/07/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002; Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. 1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4 Multi-chip standalone "Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government"
1832	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/07/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1831	Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	KMF CryptR (Hardware Version: P/N CLN8566A; Firmware Version: R01.02.10 or R01.05.00) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 12/07/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670) -Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL Multi-chip standalone "The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1830	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-5140 Chassis with FortiGate 5000 Series Blades (Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco 5508 Wireless LAN Controller (Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Version: 7.0.230.0 or 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points (Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0	Symantec Scanner Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/05/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with CentOS 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1826	Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA -Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 100432-0	Seagate Secure® TCG Opal SSC Self-Encrypting Drive (Hardware Versions: 9WU142, 9WU14C and 9WU141; Firmware Version: 0001SDM7 or 0001SED7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1825	TIBCO LogLogic®, Inc. 110 Rose Orchard Way Suite 200 San Jose, CA 95134 USA -Thor Taylor TEL: (408) 215-5941 -Phuong Hoang TEL: (408) 731-7022 CST Lab: NVLAP 200928-0	LogLogic Communications Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	01/25/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode) -FIPS-approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data."
1824	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Telepresence C20 Codec (Hardware Version: C20 v1; Firmware Version: TC5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/14/2012; 11/21/2012; 12/03/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Telepresence C40, C60, and C90 Codecs (Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 11/21/2012; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1822	Data-Pac Mailing Systems Corp. 1217 Bay Road Webster, NY 14580 USA -Ken Yankloski TEL: 585-787-7074 FAX: 585-671-1409 -John Keirsbilck TEL: 585-787-7077 FAX: 585-671-1409 CST Lab: NVLAP 200427-0	iButton Postal Security Device (Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/01/2012	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526) -Other algorithms: N/A Multi-chip standalone "The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821	Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middelsex NW10 0UF United Kingdom -Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 - Samik Halai TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0	Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2] (Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/01/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666) -Other algorithms: NDRNG Multi-chip standalone "The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points (Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/05/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0	Symantec Control Center Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/12/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone
1818	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco EX60 and EX90 TelePresence Systems (Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012; 11/21/2012; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Event Manager (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1816	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S250/D250 (Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.1 or 4.0.2) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012; 01/04/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Robbie Gill TEL: 408-754-8406 CST Lab: NVLAP 200427-0	Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points (Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814	Websense Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA -Joshua Rosenthol TEL: 858-320-3684 CST Lab: NVLAP 200928-0	Crypto Module C (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012; 01/22/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2; 32-bit Red Hat Enterprise Linux 6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant) Multi-chip standalone "Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Guillaume Gavillet FAX: 408-936-1801 -Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0	Junos-FIPS 10.4 L2 OS Cryptographic Module (Firmware Version: 10.4R5) (When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	10/11/2012	Overall Level: 2  -Design Assurance: Level 3 -Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]; Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]); Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]); Blanking Plate (540-015089 Rev02 [5]); Control Boards: (750-009188 [2] and 750-024570 [6]); with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6]) -FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise Control Center Virtual Appliance (Software Versions: 5.2.0 and 5.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012; 10/31/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with CGLinux (single-user mode) -FIPS-approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1811	Diversinet Corp. 2235 Sheppard Avenue East Suite 1700 Toronto, Ontario M2J 5B5 Canada -Charles Blair TEL: 416-756-2324 ext 234 -Diversinet Sales TEL: 416-756-2324 CST Lab: NVLAP 200928-0	Diversinet Java Crypto Module (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017) -Other algorithms: Multi-chip standalone "Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1810	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiGate-1240B [1] and FortiGate-3140B [2] (Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1809	Systematic Development Group, LLC 350 Jim Moran Blvd. Suite 122 Deerfield Beach, FL 33442 USA -George Wolf TEL: 954-889-3535 x315 CST Lab: NVLAP 100432-0	LOK-IT® 10 KEY (Series SDG003FM) (Hardware Versions: HW003-32 Rev:01 [2], HW003-16 Rev:03 [1], HW003-16 Rev:04 [2], HW003-08 Rev:02 [1], HW003-08 Rev:03 [2] , HW003-04 Rev:02 [1] and HW003-04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14-F05 [2]; Security Controller Firmware Revision SDG003FM-010) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/02/2012; 01/22/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164) -Other algorithms: NDRNG Multi-chip standalone "This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Log Manager (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Console (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Windows System Monitor Agent (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 AI Engine Server (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804	Diversinet Corp. 2235 Sheppard Avenue East Suite 1700 Toronto, Ontario M2J5B5 Canada -Charles Blair TEL: 416-756-2324 ext 234 -Diversinet Sales TEL: 416-756-2324 CST Lab: NVLAP 200928-0	Diversinet Java Crypto Module for Mobile (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/03/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018) -Other algorithms: N/A Multi-chip standalone "Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1803	Websense Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA -Joshua Rosenthol TEL: 1-858-320-3684 CST Lab: NVLAP 200928-0	Crypto Module Java (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/25/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5 Multi-chip standalone "The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802	Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA -Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0	VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware (Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01)) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/07/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1801	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	µMACE (Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619) -Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Andrew Young TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 100432-0	eToken 4300 (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0) (PIV Card Application: Cert. #32) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1799	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/04/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/06/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps."
1797	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP10G VSE (Hardware Version: [CEP10G VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/04/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps."
1796	Brocade Communications Systems, Inc. 130 Holger W San Jose, CA 95134 USA -Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0	Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch (Hardware Version: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B]) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/31/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
1795	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129 -Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0	Sm@rtCafé Expert 6.0 FIPS (Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1794	Thales e-Security Meadow View House Crendon Industrial Estate, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Datacryptor-Certifications TEL: +44 (0)1844 201800 CST Lab: NVLAP 200002-0	Secure Generic Sub-System (SGSS), Version 3.5 (Hardware Versions: 1213H130 Issue 6E, 1213R130 Issue 1, 1213P130 Issue 2 and 1213P130 Issue 2A; Software Version: 3.0.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/28/2012; 09/27/2012	Overall Level: 3  -FIPS-approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717) -Other algorithms: N/A Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation."
1793	HID Global 15370 Barranca Pkwy Irvine, CA 92618 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101 CST Lab: NVLAP 100432-0	HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2 (Hardware Version: P/N P5CD145; Firmware Version: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1) (PIV Card Application: Cert. #29) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/28/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885) -Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
1792	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength) Multi-chip standalone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1791	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength) Multi-chip standalone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1790	ARX (Algorithmic Research) 10 Nevatim Street Petah-Tikva, 49561 Israel -Ezer Farhi TEL: +972-39279529 FAX: +972-39230864 CST Lab: NVLAP 200002-0	PrivateServer (Hardware Version: 4.7; Firmware Version: 4.8.1) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196) -Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; DES MAC Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1789	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032 (Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Version: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1788	Q1 Labs 890 Winter Street Suite 230 Waltham, MA 02451 USA -Ellen Knickle TEL: 506-444-6870 FAX: 506-459-7016 -Peter Clark TEL: 506-635-4900 FAX: 506-459-7016 CST Lab: NVLAP 200427-0	Cryptographic Security Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/22/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7; CentOS 5.7 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5, RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
1787	GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA -Pranay Kumar TEL: (877) 743-2872 FAX: (877) 643-2872 CST Lab: NVLAP 100432-0	IMB (Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box Multi-chip embedded "A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
1786	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 01/24/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1785	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 01/24/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1784	Hewlett-Packard Company 8000 Foothills Blvd Rosevillle, CA 95747 USA -Sunil Amanna TEL: 916-785-1183 FAX: 916-785-1103 -Harjit Dhillon TEL: 916-785-0341 FAX: 916-785-1103 CST Lab: NVLAP 200002-0	HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series (Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B]); Fabric Module: (two J9093A [3,4] [A] [B]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A] and K.15.07.0012 [B]) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/15/2012; 12/13/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership."
1783	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/08/2012; 03/19/2013	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms:
1782	SafeNet, Inc. 20 Colonnade Drive Suite 200 Ottowa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-221-5032 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	ProtectServer Internal Express (PSI-e) (Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00 and 3.20.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 11/05/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip embedded "The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1781	Valid S/A Av. Paulista, 1000, terreo Sao Paulo, 01310-100 Brazil -Carlos Okada TEL: +55 11 2575-6800 FAX: +55 11 2575-6500 CST Lab: NVLAP 100432-0	IDflex V (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1780	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 09/26/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1779	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 09/26/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1778	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 04/15/2013	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1777	Thales e-Security, Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Nathan Turajski TEL: 954-888-6201 CST Lab: NVLAP 200427-0	Thales e-Security keyAuthority® (Hardware Version: 1.0; Firmware Version: 3.0.3) (This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices."
1776	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/01/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1775	SafeNet, Inc. 20 Colonnade Road Suite 200 Nepean, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCM Key Export (KE) Cryptographic Module (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/01/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1774	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/01/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1773	Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA -Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0	565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3] (Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/01/2012; 02/06/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish Multi-chip standalone "The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service."
1772	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Guillaume Gavillet FAX: 408-936-1801 -Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0	Junos-FIPS 10.4 L1 OS Cryptographic Module (Firmware Version: 10.4R5) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	07/31/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i] -FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1771	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/31/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987). -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1770	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/31/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1769	Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, QC H4S 0A4 Canada -Gilbert Moineau TEL: +1-514-920-4250 CST Lab: NVLAP 200002-0	HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller (Hardware Version: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Version: 5.6.0 [A] and K.15.07.0003 [B]) (When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921) -Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions."
1768	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3] (Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Versions: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987). -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1767	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6] (Hardware Version: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 08/16/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat"
1766	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5] (Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 08/16/2012; 09/27/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1765	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0	BlackBerry Cryptographic Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/31/2012; 10/10/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit] (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products."
1764	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Duo with PIV (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0) (PIV Card Application: Cert. #31) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/23/2012; 04/12/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications."
1763	Motorola Solutions, Inc. Unit A1, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom -Richard Carter TEL: +44 1364 655504 FAX: +44 1364 654625 CST Lab: NVLAP 100432-0	Motorola PTP 800 Series CMU Cryptographic Module (Hardware Version: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1762	INSIDE Secure 41 Parc Club du Golf Aix-en-Provence, 13856 France -Jerome Ducros TEL: +333 (0)413758653 CST Lab: NVLAP 100432-0	VaultIC420™, VaultIC440™ and VaultIC460™ (Hardware Versions: P/N: ATVaultIC420, ATVaultIC440 and ATVaultIC460, Platform: AT90SO128 - Silicon Rev F; Firmware Version: 1.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012; 09/06/2012	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: AES (Cert. #1822); DRBG (Cert. #142); DSA (Cert. #572); ECDSA (Cert. #251); HMAC (Cert. #1077); RSA (Cert. #927); SHS (Cert. #1601); Triple-DES (Cert. #1175) -Other algorithms: DES; DES MAC; Triple-DES MAC (non-compliant); HOTP; TOTP; RSA (encrypt/decrypt); AES (Cert. #1822, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "The VaultIC™ 420, VaultIC™ 440 and VaultIC™ 460 is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
1761	Motorola Solutions, Inc. 1303 E. Algonquin Rd Schaumburg, IL 60196 USA -Richard Carter TEL: 44-0-1364-655500 FAX: 44-0-1364-654625 CST Lab: NVLAP 100432-0	Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); RADIUS Multi-chip standalone "PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1760	Catbird Networks, Inc. 1800 Green Hills Road Suite 113 Scotts Valley, CA 95066 USA -Michael Berman TEL: 1-800-673-6775 CST Lab: NVLAP 100432-0	Catbird vSecurity Crypto Module v1.0 (Software Version: v1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track."
1759	Cummings Engineering Consultants, Inc. 145 S. 79th St. Suite 26 Chandler, AZ 85226 USA -Darren Cummings TEL: 480-809-6024 CST Lab: NVLAP 100432-0	Cummings Engineering's Secure Mobility Suite B Crypto Module (Software Version: v1.0 or v1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 04/19/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON; Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON; Ubuntu 10.04 running on Intel Pentium; Fedora 14 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Celeron; Android 2.2 running on Intel Pentium; Android 2.2 running on Intel Core i5 with AES-NI: Apple OS X 10.7 running on Intel Core i7-3615QM; Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (single-user mode) -FIPS-approved algorithms: AES (Certs. #1916 and #2373); DRBG (Certs. #161 and #309); DSA (Certs. #607 and #744); HMAC (Certs. #1151 and #1475); RNG (Certs. #1007 and #1178); RSA (Certs. #984 and #1228); SHS (Certs. #1681 and #2045); Triple-DES (Certs. #1246 and #1484); ECDSA (Certs. #272 and #391); CVL (Certs. #13 and #64) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens."
1758	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module (Software Version: 2.1) (When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs #1129, #1130, #1134 and #1135) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); MD5 Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2."
1757	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 TEL: 919-754-3700 FAX: 919-754-3701 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2."
1756	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2] (Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1755	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	NetScreen-5200 [1] and Netscreen-5400 [2] (Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1754	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0	FortiOS™ (Firmware Version: 4.0 MR3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	07/17/2012	Overall Level: 1  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate 3950B -FIPS-approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1753	Utimaco Safeware AG Germanusstr. 4 Aachen, 52080 Germany -Dr. Gesa Ott TEL: +49 241-1696-200 FAX: +49 241-1696-199 CST Lab: NVLAP 100432-0	SafeGuard® CryptoServer Se (Hardware Version: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant) Multi-chip embedded "SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1752	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012; 07/18/2012 12/12/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1751	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012; 07/18/2012; 12/12/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1750	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Key with LASER PKI (Hardware Version: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/17/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1749	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Duo with LASER PKI (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/17/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1748	Vocality International Ltd Lydling Barn, Puttenham Lane Shackleford, Surrey GU8 6AP United Kingdom -Martin Saunders TEL: +44 1483 813130 FAX: +44 1483 813121 CST Lab: NVLAP 100432-0	BASICS IP PC104 (Hardware Versions: 68551-01-1/68551C6; Firmware Version: 08_42.05) (When configured in FIPS mode as specified in Section 8 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG Multi-chip embedded "The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones."
1747	OpenSSL Software Foundation 1829 Mount Ephraim Road Adamstown, MD 21710 USA -Steve Marquess TEL: 877-673-6775 CST Lab: NVLAP 100432-0	OpenSSL FIPS Object Module (Software Version: 2.0, 2.0.1, 2.0.2 or 2.0.3) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2012; 07/09/2012; 07/18/2012; 10/24/2012; 01/22/2013; 02/06/2013; 02/22/2013 02/28/2013; 03/28/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0); Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0); Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00); uCLinux 0.9.29 (gcc Compiler Version 4.2.1); Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1); HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP C/aC++ B3910B); Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3); Android 3.0 (gcc Compiler Version 4.4.0); Linux 2.6.27 (gcc Compiler Version 4.2.4); Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00); Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3); Linux 2.6.33 (gcc Compiler Version 4.1.0); Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0); VxWorks 6.8 (gcc Compiler Version 4.1.2); Linux 2.6 (gcc Compiler Version 4.3.2); Linux 2.6.32 (gcc Compiler Version 4.3.2); Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2); Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2); CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5); Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2); Oracle Linux 6 (gcc Compiler Version 4.4.6); Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6); Oracle Solaris 11 (32 bit) (Sun C Version 5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12); Android 4.0 (gcc Compiler Version 4.4.3); Apple iOS 5.1 (gcc Compiler Version 4.2.1); Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM); Linux 2.6 (gcc Compiler Version 4.1.0); DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13); Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3); NetBSD 5.1 (gcc Compiler Version 4.1.3); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00 for 80x86); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (Microsoft C/C++ Optimizing Compiler Version 16.00 for x64); RHEL 6 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6); RHEL 6 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (gcc Complier Version 4.4.6); Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64); Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6); Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6); Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3); Vmware Horizon Mobile 1.3 under Vmware running on Qualcomm MSM8X60 (ARMv7) with NEON (gcc Compiler Version 4.4.6); Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2); Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1884, #2116, #2234 and #2342); DRBG (Certs. #157, #229, #264 and #292); DSA (Certs. #589, #661, #693 and #734); HMAC (Certs. #1126, #1288, #1363 and #1451); RNG (Certs. #985, #1087, #1119 and #1166); RSA (Certs. #960, #1086, #1145 and #1205); SHS (Certs. #1655, #1840, #1923 and #2019); Triple-DES (Certs. #1223, #1346, #1398 and #1465); ECDSA (Certs. #264, #270, #315, #347, #378 and #383); CVL (Certs. #10, #12, #24, #36, #49 and #53) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
1746	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1745	Vormetric Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA -Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 -Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0	Vormetric Data Security Server Module (Hardware Version: 1.0; Firmware Version: 4.4.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
1744	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1743	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4] (Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1742	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1741	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1740	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 500 [1] and nShield F2 10 PCI [2] (Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1739	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1738	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@ncipher.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nToken (Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.50.16-2) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72) -Other algorithms: N/A Multi-chip embedded "The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
1737	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3] (Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3023P-500 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012;03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1736	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 600-10 [1], 600-20 [2] and 600-35 [3] (Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/21/2012; 07/24/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat"
1735	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module (Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	06/25/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode) -FIPS-approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2 Multi-chip standalone "z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
1734	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S250/D250 (Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.0.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/21/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1733	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/20/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1732	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Gorczyca CST Lab: NVLAP 200556-0	Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0.0.2) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/20/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1731	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 320M and SSG 350M (Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/12/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1730	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SSG 520M and SSG 550M (Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/12/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1729	Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, Ontario L4W 0B5 Canada -Kris Orr TEL: 905-507-4220 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200928-0	Security Builder® FIPS Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	06/08/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with QNX Neutrino 6.6; QNX Neutrino 6.5; Red Hat Linux AS 5.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1159); AES (Cert. #1789); SHS (Cert. #1571); HMAC (Cert. #1054); RNG (Cert. #949); DRBG (Cert. #127); DSA (Cert. #563); ECDSA (Cert. #242); RSA (Cert. #894); KAS (Cert. #25); CVL (Cert. #7) -Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides less than 80 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1728	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Jennifer Gilbert TEL: 703-484-0168 CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/01/2012; 06/21/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1727	Aruba Networks 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware (Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/24/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform."
1726	Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA -Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0	Voltage IBE Cryptographic Module for z/OS (Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Software Version: 4.0; Firmware Version: 4764-001(2096a16d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	05/31/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108 -FIPS-approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139) -Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES Multi-chip standalone "The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic."
1725	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	Postal mRevenector DE 2011 (Hardware Version: 580036020300/01; Firmware Versions: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2011515001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/29/2012; 01/22/2013	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification."
1724	Hughes Network Systems, LLC. 11717 Exploration Lane Germantown, MD 20876 USA -Tim Young TEL: 301-428-1632 CST Lab: NVLAP 200427-0	Hughes SPACEWAY Crypto Kernel (Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	05/23/2012	Overall Level: 1  -Tested: ST HN9500 with VxWorks 5.4; AGW2 with VxWorks 5.4; AGW5 with VxWorks 5.4 -FIPS-approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1723	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 140 (Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/23/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1722	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	Postal mRevenector US 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2012; 01/22/2013	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG Multi-chip embedded "The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
1721	Vormetric Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA -Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 -Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0	Vormetric Encryption Expert Cryptographic Module (Software Version: 4.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	05/23/2012; 06/05/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2003 32-bit; Windows 2008 64-bit; Solaris 10 64-bit; Redhat Linux 5.7 64-bit; HPUX 11i v3 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	mRevenector 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2012	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346) -Other algorithms: NDRNG Multi-chip embedded "mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1719	Green Hills Software 30 W Sola Street Santa Barbara, CA 93101 USA -David Sequino TEL: 206-310-6795 FAX: 978-383-0560 -Douglas Kovach TEL: 727-781-4909 FAX: 727-781-3915 CST Lab: NVLAP 200427-0	INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 1.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	05/22/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with RHEL 5; Green Hills Software INTEGRITY OS v5.0.11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546) -Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (non-compliant) Multi-chip standalone "Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems."
1718	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks LN1000 Mobile Secure Router (Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/07/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1717	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL) (Hardware Version: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/03/2012; 12/21/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1716	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/02/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1715	Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, QC H4S 0A4 Canada -Gilbert Moineau TEL: +1-514-920-4250 CST Lab: NVLAP 200002-0	HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9] (Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/03/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916) -Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn."
1714	Honeywell Scanning and Mobility (HSM) - USA 700 Visions Dr, PO Box 208 Building A Skaneateles Falls, NY 13153-0208 USA -Mike Robinson TEL: 315-554-6387 FAX: 856-232-2932 -Tom Amundsen TEL: 856-374-5589 FAX: 856-232-2932 CST Lab: NVLAP 200928-0	Scanning and Mobility FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	07/11/2012; 07/12/2012	Overall Level: 1  -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1713	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0	BlackBerry Cryptographic Library (Software Versions: 2.0.0.10 and 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	05/03/2012; 01/24/2013	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products."
1712	Kanguru Solutions 1360 Main Street Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0	Kanguru Defender 2000 (Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/03/2012; 12/21/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1711	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect with LASER PKI (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/30/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1710	Red Hat, Inc. 1801 Varsity Drive Raleigh, NC 27606 USA -Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0	NSS Freebl Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/30/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode) -FIPS-approved algorithms: DSA (Cert. #602); SHS (Cert. #1675) -Other algorithms: MD2; MD5 Multi-chip standalone "The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1709	Hewlett-Packard TippingPoint 14231 Tandem Blvd Austin, TX 78728 USA -Dinesh Vakharia TEL: 512-432-2628 -Freddie Jimenez Jr. TEL: 512-432-2907 CST Lab: NVLAP 200427-0	HP TippingPoint Intrusion Prevention System (Hardware Version: S6100N; Firmware Version: 3.2.1.1639) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/27/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1708	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/27/2012; 03/08/2013	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1707	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiMail-3000C (Hardware Version: C4GY52; Firmware Version: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/12/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1706	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiMail™ OS (Firmware Version: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	04/12/2012	Overall Level: 1  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiMail-3000C -FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1705	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/12/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1704	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX650 Services Gateways (Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/05/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1703	S&C Electric Company 6601 Northridge Boulevard Chicago, IL 60626-3997 USA -Prakash Ramadass TEL: 510-749-5648 FAX: 510-864-6860 CST Lab: NVLAP 100432-0	IntelliCom WAN 1720 (Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/03/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133) -Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "IntelliCom™ WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node."
1702	Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -James Kendry TEL: 972-726-0419 FAX: 972-713-5805 CST Lab: NVLAP 100432-0	Entrust Authority™ Security Kernel (Software Version: 8.1sp1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/12/2012	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755 -FIPS-approved algorithms: AES (Cert. #1923); HMAC (Cert. #1158); SHS (Cert. #1689); DRBG (Cert. #167); RSA (Cert. #992); Triple-DES (Cert. #1253); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Cert. #15 and SP 800-135, vendor affirmed, key agreement); RNG (Cert. #1011); ECDSA (Cert. #275); DSA (Cert. #610) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC Multi-chip standalone "By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms."
1701	Apple Inc. 11921 Freedom Drive Reston, VA 20190 USA -Shawn Geddis TEL: 703-264-5103 CST Lab: NVLAP 200002-0	Apple FIPS Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/30/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216) -Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant key generation) Multi-chip standalone "Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications."
1700	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs) (Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2012; 04/02/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients."
1699	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 CST Lab: NVLAP 200556-0	McAfee EMM Cryptographic Module (Software Version: 1.0) (When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081) -Other algorithms: N/A Multi-chip standalone "The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for Pre-boot (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0017 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for Kernel-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0016 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode. Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for User-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0015 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode. Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695	NEC Corporation 1753 Shimonumabe Nakahara-ku Kawasaki, Kanagawa 211-8666 Japan -NEC Corporation TEL: +81-44-455-8326 CST Lab: NVLAP 200835-0	iPASOLINK MODEM AES Card (Hardware Version: 5.00; Firmware Version: NWA-055300-004) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/18/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #1834) -Other algorithms: N/A Multi-chip embedded "iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1694	SafeNet, Inc. 20 Colonnade Dr, Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI-e Cryptographic Module (Hardware Version: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/30/2012; 09/27/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1693	SafeNet, Inc. 20 Colonnade Drive, Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 -Mark Yakabuski TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2012; 09/27/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1692	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module (Hardware Version: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	03/12/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1691	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 3  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1690	Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0	Protiva PIV v1.55 on TOP DL v2 (Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55) (PIV Card Application: Cert. #27) (When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1689	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G (Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1688	Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA -Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 200427-0	Momentus® FDE Attached Storage Drives FIPS 140 Module (Hardware Version: ST9500326AS; Firmware Version: 566) (When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697) -Other algorithms: DES Multi-chip embedded "The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1687	Mitsubishi Space Software Co., Ltd. Tsukuba Mitsui Bldg., 1-6-1, Takezono Tsukuba-shi, Ibaraki-ken 305-0032 Japan -Shinichi Shimazaki TEL: +81-29-856-0154 FAX: +81-29-859-0320 -Ikuo Shionoya TEL: +81-29-856-0154 FAX: +81-29-859-0320 CST Lab: NVLAP 200928-0	Command Encryption Module (Firmware Version: 2.0) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	03/30/2012	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000 -FIPS-approved algorithms: Triple-DES (Cert. #1119) -Other algorithms: Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2] (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with AES-NI; Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with AES-NI) [1]; (McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without AES-NI; McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with AES-NI) [2] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Cert. #1124 and #1125); SHS (Certs. #1653 and #1654); -Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone
1685	ZyFLEX Technologies Incorporation 4F, No.5-2, Industry E. 9th Rd. Science Park Hsinchu Hsin-Chu, 30075 Taiwan, R.O.C. -Nick Tseng TEL: +886-3-5679168 FAX: +886-3-5679188 CST Lab: NVLAP 200824-0	ZyFLEX Crypto Module ZCM-100 (Hardware Version: AAM; Firmware Version: 1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio."
1684	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -Vinnie Moscaritolo TEL: 650-527-9000 CST Lab: NVLAP 200802-0	PGP Cryptographic Engine (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7; IOS 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043) -Other algorithms: AES (EME2 mode; non-compliant) Multi-chip standalone "The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1683	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9447 FAX: 585-248-9185 CST Lab: NVLAP 100432-0	Communication Server (Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500) (When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)]) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/15/2012	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7; Microsoft Windows Server 2008 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1650); RNG (Cert. #882) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1682	Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA -Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0	Voltage IBE Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/14/2012; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit; Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115) -Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits encryption strength); MD5; Diffie-Hellman; DES Multi-chip standalone "Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES"
1681	Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA -Vinnie Moscaritolo TEL: 650-527-8000 CST Lab: NVLAP 200802-0	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/28/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3; Mac OS X 10.7; Linux, 32-bit: CentOS 5.5; iOS 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1680	Absolute Software Corporation Suite 1600, Four Bentall Centre 1055 Dunsmuir Street PO Box 49211 Vancouver, BC V7X 1K8 Canada -Tim Parker TEL: 604-730-9851 ext. 194 FAX: 604-730-2621 CST Lab: NVLAP 200556-0	Absolute Encryption Engine (Software Version: 1.2.0.46) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/14/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit; Windows 7 32-bit; Windows XP 32-bit; Windows Vista 32-bit; Windows Vista 64-bit; Red Hat Enterprise Linux (RHEL) 6 32-bit; Mac OS X v10.6.7 32-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1610); RNG (Cert. #864) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product."
1679	Senetas Corporation Ltd. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia -John Weston TEL: +61 (3) 9868 4515 FAX: +61 (3) 9821 4899 -Horst Marcinsky TEL: +61 (3) 9868 45555 FAX: +61 (3) 9821 4899 CST Lab: NVLAP 200426-0	CN1000 Fibre Channel Encryptor (Hardware Version: A5175B; Firmware Version: 1.9.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	02/14/2012	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
1678	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129 -Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0	StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0 (Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength) Multi-chip standalone "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0 (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/09/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with AES-NI; Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654) -Other algorithms: RC5; AES (non-compliant) Multi-chip standalone
1676	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0	Symantec Java Cryptographic Module Version 1.1 (Software Version: 1.1) (When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant) Multi-chip standalone "The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1675	Uplogix, Inc. 7600B N. Capital of Texas Highway Austin, TX 78731 USA -Martta Howard TEL: 512-857-7043 CST Lab: NVLAP 200427-0	Uplogix 430 [1] and 3200 [2] (Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
1674	Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA -Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0	Secure Router 4134 (Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Certs. #496 and #501); DRBG (Cert. #79) -Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant) Multi-chip standalone "The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1673	Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA -Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0	Secure Router 2330 (Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert.#942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80) -Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant) Multi-chip standalone "The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672	IBM Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 FAX: 845-433-7510 -James Sweeny TEL: 845-435-7453 FAX: 845-435-8530 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module (Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software-Hybrid	02/06/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool Multi-chip standalone "The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1671	Sensage, Inc. 1400 Bridge Parkway Suite 202 Redwood City, CA 94065 USA -Brad Kekst TEL: 415-215-3567 FAX: 650-631-2810 -Rao Yendluri TEL: 650-830-0484 FAX: 650-631-2810 CST Lab: NVLAP 200002-0	CryptoCore Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/06/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1; Redhat Enterprise Linux Version 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product."
1670	Dolby Laboratories, Inc. 100 Potrero Avenue San Francisco, CA 94103 USA -Dean Bullock TEL: 415-645-5336 FAX: 415-645-4000 CST Lab: NVLAP 100432-0	CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC (Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/02/2012; 02/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1669	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2], 3.8.7.5 [2] and 3.8.7.6 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	01/19/2012; 10/10/2012	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2] -FIPS-approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1668	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Common Cryptographic Module (C3M) (Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	01/19/2012; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with AES-NI; Red Hat Enterprise Linux v5 running on Intel Xeon with AES-NI or Intel Core i7 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1667	Qube Cinema, Inc. 601 S. Glenoaks Blvd. Ste. 102 Burbank, CA 91502 USA -Rajesh Ramachandran TEL: 818-392-8155 FAX: 818-301-0401 CST Lab: NVLAP 100432-0	Secure Media Block (Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2012; 06/21/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip embedded "The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium."
1666	Motorola Mobility, Inc. 600 North US Highway 45 Libertyville, IL 60048 USA -Ed Simon TEL: 800-617-2403 CST Lab: NVLAP 100432-0	Motorola Mobility Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	01/25/2012; 03/07/2012; 03/14/2012; 05/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home."
1665	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-8000 S (Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/10/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1664	Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, ON L4W 0B5 Canada -Certicom Sales TEL: 905-507-4220 FAX: 905-507-4230 -Kris Orr TEL: 289-261-4104 FAX: 905-507-4230 CST Lab: NVLAP 200928-0	Security Builder® FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	01/10/2012; 03/30/2012	Overall Level: 1  -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1663	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1662	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150F (Hardware Version: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1661	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150F (Hardware Version: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications"
1660	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100F (Hardware Version: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1659	A10 Networks, Inc. 2309 Bering Drive San Jose, CA 95131 USA -John Chiong TEL: 408-325-8668 FAX: 408-325-8666 CST Lab: NVLAP 200648-0	AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11 (Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011; 06/14/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933) -Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1658	Samsung Electronics San #16 Banwol-Dong Hwasung-City, Gyeonggi-Do 445-701 Republic of Korea -Jisoo Kim TEL: +82-31-208-3870 FAX: +82-10-3204-4201 CST Lab: NVLAP 200648-0	Samsung SSD PM810 SED FIPS 140 Module (Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878) -Other algorithms: N/A Multi-chip standalone "SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
1657	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Catalyst 3560-X and 3750-X Switches (Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 02/23/2012; 05/29/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength) Multi-chip standalone "Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev"
1656	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI Cryptographic Module for Luna® IS and RSS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 01/11/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed) -Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1655	Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA -David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0	Concepteers Teleconsole TCS6U4W (Hardware Version: A2; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (2) (non-compliant); RC4; Multi-chip standalone "The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1654	Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA -Michael Hong TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200648-0	Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW (Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); AES (non-compliant); SHS (non-compliant) Multi-chip standalone "Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS"
1653	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1652	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 5 and SSG 20 (Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/15/2011; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1651	Nexgrid, LLC 4444 Germanna Hwy Locust Grove, VA 22508 USA -Thomas McLure TEL: 888-556-0911 ext 1010 FAX: 703-562-8385 -Haim Shaul TEL: 888-556-0911 ext 1003 FAX: 703-562-8385 CST Lab: NVLAP 200427-0	ecoNet smart grid gateways: ecoNet SL and ecoNet MSA (Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 224 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring."
1650	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 6921, 6941, 6945 and 6961 (Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/14/2011; 02/23/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1649	AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA -Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0	SpectraGuard® Enterprise Server (Firmware Version: 6.5.35) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	12/14/2011; 01/31/2012	Overall Level: 1  -Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2 -FIPS-approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 178 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 270 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160 Multi-chip standalone "The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks"
1648	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Kernel Crypto API Cryptographic Module (Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2) (When operated in FIPS mode and only on the specific platforms specified on the reverse) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/14/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009) -Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash) Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1647	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 6901 and 6911 (Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 02/23/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1646	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-8000 P (Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1645	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Web Gateway WG5000 and WG5500 Appliances (Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011; 01/17/2012; 08/24/2012; 08/24/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875) -Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
1644	VMware, Inc. 3401 Hillview Avenue Palo Alto, CA 94304 USA -Pam Takahama TEL: 650-427-2063 CST Lab: NVLAP 200556-0	PCoIP Cryptographic Module for VMware View (Software Version: 3.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/06/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850; Microsoft Windows XP running on a Dell Optiplex GX260; Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850 -FIPS-approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964) -Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications."
1643	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Common Cryptographic Module (C3M) (Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2011; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit); Red Hat Enterprise Linux v5 (32-bit and 64-bit); Linux Kernel 2.6.27.7; Yellow Dog Linux 6.2; Windows 7 SP1 (32-bit and 64-bit); Mac OS X 10.6 (32-bit and 64-bit); Openwall Linux 3.0 (32-bit); Android 2.3.3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1642	U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA -Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0	PKI BLADE Cosmo (Hardware Version: P/N B0; Firmware Version: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2) (PIV Card Application: Cert. #25) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/21/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3) -Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics."
1641	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/17/2011; 05/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1640	Watchdata Technologies Pte Ltd No.2 Yandong Business Park Wanhong West Street Capital Airport Road Beijing, Chaoyang District 100015 People's Republic of China -Bai Jing CST Lab: NVLAP 200658-0	WatchKey USB Token (Hardware Version: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/17/2011	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425) -Other algorithms: SHA-1 (non-compliant) Multi-chip standalone "The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users."
1639	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 5940 Embedded Services Routers (Hardware Versions: Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(3)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/16/2011; 02/23/2012; 07/18/2012; 02/08/2013	Overall Level: 1  -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #962, #1535 and #1643); DRBG (Cert. #89); HMAC (Certs. #537 and #965); RSA (Cert. #811); SHS (Certs. #933 and #1444); Triple-DES (Certs. #757 and #1073) -Other algorithms: DES; DES MAC; HMAC-MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5940 is a high-performance, ruggedized router. With onboard hardware encryption, the Cisco 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5940 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
1638	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0	HiKey - Flash and HiKey PKI Token (Hardware Versions: 2.0 and 2.1; Software Version: Card OS version 3.2 with PKI Applet: 2.1; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/16/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839) -Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1637	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0	Security Builder® FIPS Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/16/2011; 08/24/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1636	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure Constellation® ES [16-25] and Constellation®.2 [1-15] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XU268 [1, 6], 9XU268-251 [2, 7, 9, 11], 9XU268-257 [3, 8, 10, 12, 13], 9XU268-047 [4], 9XU268-090 [5], 9XU264 [1, 6], 9XU264-251 [2, 7, 9, 11], 9XU264-257 [3, 8, 10, 12, 13], 9XU264-047 [4], 9XU264-090 [5], 9XU168 [14, 15], 9XU164 [14, 15], 9XU162 [14, 15], 1AV268 [16, 18], 1AV264 [16, 18], 1AV264-257 [17, 20, 22], 1AV264-251 [19, 21, 23], 1AV262 [16, 18], 1AV168 [24, 25], 1AV164 [24, 25] and 1AV162 [24, 25]; Firmware Versions: A002 [1], ASF2 [2], ANF1 [3], NS01 [4], QF70 [5], 0003 [6, 14], ASF5 [7], AEF3 [8], ASF8 [9], AEF5 [10], ASF9 [11], AEF6 [12], AEF7 [13], 0002 [14, 18, 25], A001 [16, 24], PNF0 [17], PSF1 [19], and PEF3 [20], PSF4 [21], PEF4 [22] and PSF5 [23]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011; 03/14/2012: 06/21/2012; 10/17/2012; 12/12/2012; 01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Constellation®.2 and Constellation® ES SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1635	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure Constellation® ES.2 [30-49], Savvio® 10K.5 [1-19] and Savvio® 15K.3 [20-29] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XS066 [1, 7], 9XS066-251 [2, 8, 13, 16], 9XS066-257 [3, 9, 14, 17, 18], 9XS066-047 [4], 9XS066-090 [5, 11], 9XS066-031 [10, 19], 9XS066-037 [10, 19], 9XS066-046 [12], 9XR066 [1, 7], 9XR066-251 [2, 8, 13, 16], 9XR066-257 [3, 9, 14, 17, 18], 9XR066-047 [4], 9XR066-090 [5, 11], 9XR066-038 [6, 15], 9XR066-046 [12], 9XP066 [1, 7], 9XP066-047 [4], 9XP066-090 [5, 11], 9XP066-046 [12], 9XN066 [1, 7], 9XN066-251 [2, 8, 13, 16], 9XN066-257 [3, 9, 14, 17, 18], 9XN066-047 [4], 9XN066-090 [5, 11], 9XN066-046 [12], 9XM066 [20, 23], 9XM066-251 [21, 24, 26, 28], 9XM066-257 [22, 25, 27, 29], 9XL066 [20, 23], 9XL066-251 [21, 24, 26, 28], 9XL066-257 [22, 25, 27, 29], 9XT260 [30, 36], 9XT260-251 [31, 37, 41, 44], 9XT260-257 [32, 38, 42, 45, 46], 9XT260-038 [33, 43], 9XT260-047 [34], 9XT260-090 [35], 9XT260-031 [39, 47], 9XT260-037 [39, 47], 9XT260-046 [40], 9XT267 [36] and 9XT160 [48, 49]; Firmware Versions: A002 [1, 20], CSF2 [2], CNF1 [3], NS03 [4], HF72 [5], NA00 [6, 43], 0003 [7, 23], CSF4 [8], CEF3 [9], CE01 [10], HF75 [11], 6E01 [12], CSF7 [13], CEF4 [14], F740 [15], CSF8 [16], CEF5 [17], CEF6 [18], CE06 [19], YSF3 [21], YNF2 [22], YSF5 [24], YEF4 [25], YSF8 [26], YEF5 [27], YSF9 [28], YEF6 [29], 0002 [30], RSF3 [31], RNF3 [32], NQE1 [33], NS01 [34], NF72 [35], 0005 [36], RSF5 [37], REF5 [38], YE01 [39], 6EA1 [40], RSF8 [41], REF6 [42], RSFA [44], REF7 [45], REF8 [46], YE04 [47], F000 [48] and F003 [49]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011; 11/17/2011; 03/14/2012; 06/21/2012; 10/17/2012; 12/12/2012; 01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module 2 is embodied in Seagate Constellation® ES.2, Savvio® 15K.3, and Savvio® 10K.5 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1634	Pierson Capital Technology LLC 129 North La Salle Street Suite 3800 Chicago, IL 60602 USA -Frank Psaila TEL: +86 13501108625 FAX: +86 1085183930 -Likely Lee TEL: +86 13810220119 FAX: +86 1085183930 CST Lab: NVLAP 200658-0	MIIKOO (Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network."
1633	Doremi Cinema LLC 1020 Chestnut St. Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0	Dolphin DCI 1.2 (Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5 Multi-chip embedded "The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1632	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Key Management Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	11/10/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform."
1631	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/24/2012; 05/03/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1630	Advantor Systems, LLC 12612 Challenge Parkway Suite 300 Orlando, FL 32826 USA -Chuck Perkinson TEL: 407-926-6960 FAX: 407-857-1635 CST Lab: NVLAP 200427-0	Infraguard Processor Module (Hardware Version: 5.1; Firmware Version: 1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product."
1629	Protected Mobility LLC 6259 Executive Blvd Rockville, MD 20852 USA -Paul Benware TEL: 585-582-5601 FAX: 585-582-3297 -Donald Paris TEL: 301-770-4556 FAX: 240-238-6637 CST Lab: NVLAP 200697-0	PMCryptolib (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/16/2011	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with iOS 4.2; iOS 4.3; Android 2.2; Android 2.3; Android 3.0; (single-user mode) -FIPS-approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222) -Other algorithms: Multi-chip standalone "PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)."
1628	NAL Research Corporation 9300 West Courthouse Rd. Suite 102 Manassas, VA 20110 USA -Peter Kormendi TEL: 703-392-1136 CST Lab: NVLAP 200697-0	XM Crypto Module (Firmware Version: 1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	11/07/2011	Overall Level: 1  -Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0 -FIPS-approved algorithms: AES (Cert. #1698) -Other algorithms: N/A Multi-chip standalone "A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port."
1627	Communication Devices Inc. 85 Fulton St., Unit #2 Boonton, NJ 07005-1912 USA -Donald Snook TEL: 973-334-1980 CST Lab: NVLAP 200002-0	Port Authority Series (Hardware Versions: PA111-SA CDI 01-03-0912B, PA111-RM CDI 01-03-0912B, PA155-RM CDI 01-03-0912B and PA199-RM CDI 01-03-0912B; Firmware Version: 10.00.78) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/01/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1375); SHS (Cert. #1257); HMAC (Cert. #808); RNG (Cert. #758) -Other algorithms: AES (Cert. #1375, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip standalone "Secure Out of Band Management appliance with network port, internal modem, and up to 9 serial ports. Allows Secure Out of Band Access to Firewalls, Routers, Network appliances etc.. Supports up to 256 bit AES CFB encryption."
1626	ViaSat UK Ltd. Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25 CST Lab: NVLAP 200556-0	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/31/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano."
1625	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.3.1v) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/30/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with ThreadX v5.3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910) -Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1624	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/24/2011; 12/21/2011	Overall Level: 4  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1623	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/24/2011; 12/21/2011	Overall Level: 4  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1622	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0	CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/24/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 to 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1621	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B (Hardware Versions: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(3)S3) (When operated in FIPS mode with the tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/28/2011; 02/09/2012; 02/23/2012; 07/09/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1634); DRBG (Cert. #88); HMAC (Cert. #961); RSA (Cert. #808); SHS (Cert. #1439); Triple-DES (Cert. #1070) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); DES; DES MAC; HMAC MD5; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 7606-S and 7609-S routers are designed for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching services are necessary to meet the requirements of both enterprises and service providers. It enables Carrier Ethernet service providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. They also deliver WAN and metropolitan-area network networking solutions at the enterprise edge."
1620	Klas Ltd 1101 30th Street NW Suite 500 Washington, DC 20007 USA -Frank Murray TEL: (866)-263-5467 FAX: (866)-532-3091 CST Lab: NVLAP 100432-0	KlasRouter (Hardware Version: KlasRouter, Versions 3.02 and 3.03; Firmware Version: KlasOS3, Version 3.1.0 rc0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/19/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant) Multi-chip standalone "KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment."
1619	Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089-1206 USA -Seyed Safakish TEL: 408-745-2000 FAX: 408-745-2100 -Bishakha Banerjee TEL: 408-745-2000 FAX: 408-745-2100 CST Lab: NVLAP 100432-0	FIPS Multi Service PIC (Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/19/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES Multi-chip embedded "The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future."
1618	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/18/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1617	Dell, Inc. One Dell Way Round Rock, TX 78682 USA CST Lab: NVLAP 200697-0	Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways (Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS."
1616	Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA -David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0	Concepteers Teleconsole E (Hardware Version: rev A1; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/05/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1615	Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA -John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0	Symantec Java Cryptographic Module (Software Version: 1.0) (This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/30/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1614	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/30/2011; 10/26/2011; 11/08/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Vx Works 6.7; Android 2.2; VxWorks 5.5; VxWorks 6.2; VxWorks 6.4; WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RSA (Cert. #738); DSA (Cert. #472); ECDSA (Cert. #187); RNG (Cert. #819); DRBG (Cert. #64) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt) Multi-chip standalone "The Mocana Cryptographic Suite B Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1613	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways (Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1612	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Loadable Kernel Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/29/2011; 10/26/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.2; WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819) -Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1611	Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA. 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX3400 and SRX3600 Services Gateways (Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1610	EMC Corporation 176 South Street Hopkinton, MA 01748 USA -Dan Reddy TEL: 508-249-2733 -Kerry Mahoney TEL: 508-249-4940 FAX: 508-249-3172 CST Lab: NVLAP 200427-0	4 Gb/s FC I/O Module with Encryption (Hardware Version: 303-176-100B B04) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/26/2011	Overall Level: 1  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1638) -Other algorithms: AES (Cert. #1638, key wrapping) Multi-chip embedded "Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once. EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported."
1609	AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA -Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0	SpectraGuard® Enterprise Sensor (Hardware Version: SS-300-AT-C-10 with SS-FIPS-TPL; Firmware Version: 6.2.39p1) (When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1310); SHS (Cert. #1199); RNG (Cert. #732); RSA (Cert. #628); HMAC (Cert. #763) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
1608	Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 USA -Gloria English TEL: 408-447-3979 -Mihai Damian TEL: 408-447-3977 CST Lab: NVLAP 200002-0	NonStop Volume Level Encryption (NSVLE) (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/26/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0; Debian Linux HPTE Ver. 4.0.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5 Multi-chip standalone
1607	Verdasys, Inc. 404 Wyman St. Suite 320 Waltham, MA 02451 USA -Harvey Morrison TEL: 781-788-8180 CST Lab: NVLAP 200002-0	Verdasys Secure Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	09/26/2011; 08/24/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows XP 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (non-compliant) Multi-chip standalone "The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
1606	Fortress(TM) Technologies 4023 Tampa Road Suite 2200 Oldsmar, FL 34677 USA -Tony Margalis TEL: 813-288-7388 FAX: 813-288-7389 CST Lab: NVLAP 200427-0	Fortress Mesh Points (Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1) (When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/26/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits security strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5 Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1605	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0	CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/26/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1604	Centrify Corporation 785 N. Mary Avenue Suite 200 Sunnyvale, CA 94085 USA -Kitty Shih TEL: 408-542-7500 FAX: 408-542-7575 CST Lab: NVLAP 200648-0	Centrify Cryptographic Module (Software Version: 1.0) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/20/2011; 12/01/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.6.5; Mac OS X 10.7; RedHat Enterprise Linux ES v5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 219 bits of encryption strength) Multi-chip standalone "Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
1603	Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA -Mark Kettle TEL: 613-763-2422 FAX: 613-763-7191 -Bao-Chau Nguyen TEL: 613-763-1671 FAX: 613-763-7191 CST Lab: NVLAP 200556-0	Optical Metro 5130 (Hardware Version: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/20/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler Multi-chip standalone "The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day."
1602	Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA. 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX5600 and SRX5800 Services Gateways (Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/20/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1601	McAfee, Inc. 27201 Puerta Real, Suite 400 Mission Viejo, CA 92691 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption for PCs (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/08/2011; 10/04/2011	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows Vista 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments."
1600	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	09/08/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1599	STMicroelectronics, Inc. 750 Canton Drive Suite 300 Coppell, TX 75019 USA -Gianfranco Scherini TEL: 408-919-8426 FAX: 408-919-0250 CST Lab: NVLAP 200802-0	HardCache™-SL3/PC v2.1 (Hardware Version: STM7007) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/20/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security."
1598	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0	Symantec Cross-Platform Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server (32-bit); RHEL 5 (32-bit); Solaris 10 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83) -Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 80 and 192 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1597	Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA -Main Office TEL: 601-519-0123 FAX: 601-510-9080 -Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0	B200™ and B300™ Remote Support Appliances (Hardware Version: B200, B300 or B300r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2011; 10/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1596	Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA -Main Office TEL: 601-519-0123 FAX: 601-510-9080 -Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0	B400™ Remote Support Appliance (Hardware Version: B400 or B400r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2011; 10/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1595	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Gorczyca CST Lab: NVLAP 200556-0	Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/31/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1594	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Ethernet Encryptor, Branch Office (Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2]) (When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/27/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Camellia; SEED Multi-chip standalone "The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1593	Mxtran Inc. 9F, No.16, Li-Hsin Road, Science Park Hsin-chu, 300 Republic of China -C.W. Pang TEL: +886-3-6661778#29300 FAX: +886-3-6662568 CST Lab: NVLAP 200824-0	Mxtran Payeeton Solution (Hardware Version: MX11E25644E; Firmware Version: Simker v2.30) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/22/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820) -Other algorithms: N/A Single-chip "Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1592	Harris Corporation 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Brian Justice TEL: 434-455-9586 -Joyce O'Quinn TEL: 434-455-6458 CST Lab: NVLAP 200427-0	Harris Unified Audio Card (Hardware Version: EA-103168-002; Firmware Versions: MPC 860: SK-007765-007 v R03A08, DSP: SK-007765-013 v R03A05, Boot Loader / Factory Test: R03A02, Low Level Boot: R01D01 and DSP Factory Test: R01D02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1652 and #1653), HMAC (Cert. #970), RNG (Cert. #883), SHS (Cert. #1450) -Other algorithms: AES MAC (AES Cert. #1652, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network."
1591	Symantec Corporation 20330 Stevens Creek Blvd Cupertino, CA 95014 USA -John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0	Symantec Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/12/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit); Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943) -Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (Cert. #789, key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1590	BAE Systems 2525 Network Place Herndon, VA 22171 USA -John Ata TEL: 703-736-4384 FAX: 703-736-4348 CST Lab: NVLAP 200427-0	STOP OS 7 Kernel Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048) -Other algorithms: DES Multi-chip standalone "The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules."
1589	ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China -Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0	UEP Cryptographic Module (Software Version: 4.11.10) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74) -Other algorithms: N/A Multi-chip standalone "UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest."
1588	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Agent Cryptographic Module (Software Version: 1.0 or 1.1) (When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	08/05/2011; 04/26/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199); -Other algorithms: NDRNG Multi-chip standalone "McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products."
1587	McAfee Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	ePO Cryptographic Module (Software Version: 1.0, 1.1, 1.2, 1.3, or 1.4) (When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	08/05/2011; 11/17/2011; 04/02/2012; 08/16/2012; 01/04/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode) -FIPS-approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707); -Other algorithms: NDRNG Multi-chip standalone "McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products."
1586	ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China -Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0	Unified Platform Cryptographic Library (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/09/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish Multi-chip standalone "Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest."
1585	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Version: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1584	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4] (Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Version: FortiOS 4.0, build6341, 100617) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1583	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7] (Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Version: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1582	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	IPCryptR2 (Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -Operational Environment: Level 3 -FIPS-approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG Multi-chip standalone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
1581	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418) -Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1580	Hewlett-Packard TippingPoint 7501 N. Capital of Texas Highway Austin, TX 78737 USA -Dinesh Vakharia TEL: 512-681-8271 -Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0	HP TippingPoint Security Management System (Firmware Version: 3.2.0.8312.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	08/10/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server -FIPS-approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068) -Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SEED Multi-chip standalone "The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments."
1579	Certicom Corp. 4701 Tahoe Blvd., Building A Mississauga, Ontario L4W 0B5 Canada -Randy Tsang TEL: 289-261-4189 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200426-0	Security Builder FIPS Module (Software Version: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/20111; 06/05/2012; 08/16/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with QNX Neutrino Version 6.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1054); AES (Cert. #1609); SHS (Cert. #1422); HMAC (Cert. #945); RNG (Cert. #863); DRBG (Cert. #82); DSA (Cert. #500); ECDSA (Cert. #200); RSA (Cert. #791); KAS (Cert. #14; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1578	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Security Certifications Team TEL: (519) 888-7465 x 72921 FAX: (519) 888-9852 CST Lab: NVLAP 200426-0	BlackBerry OS Cryptographic Library (Software Version: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/2011; 06/05/2012; 08/16/2012;01/24/2013; 02/22/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with BlackBerry® Tablet OS Version 2.0 (Binary compatible to BlackBerry® Tablet OS Version 1.0) (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The BlackBerry OS Cryptographic Library is a software module that provides the cryptographic functionality required for secure operation of the BlackBerry® PlayBook™ and devices running the BlackBerry® 10 OS ."
1577	Futurex 864 Old Boerne Rd. Bulverde, TX 78163 USA -Paul Enman TEL: 830-980-9782 FAX: 830-438-8782 CST Lab: NVLAP 100432-0	EXP9000 Hardware Security Module (Hardware Version: P/N 9750-2075, Revision B; Firmware Version: 4.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/05/2011	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #810); AES (Cert. #1636); Triple-DES (Cert. #1072); SHS (Cert. #1441); HMAC (Cert. #962); RNG (Cert. #877) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; DES; TR-31 Multi-chip embedded "The EXP9000 cryptographic module provides secure encryption, storage, and transmission of sensitive data used in a wide variety of applications including Futurex Hardware Security Modules (HSM) and Key Management Servers (KMS)."
1576	Teledyne Webb Research 82 Technology Park Drive East Falmouth, MA 02536 USA -David Pingal TEL: 508-548-2077 x 146 CST Lab: NVLAP 200002-0	MiniCrypt (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26 -FIPS-approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738) -Other algorithms: N/A Multi-chip standalone "MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions."
1575	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200556-0	BlackBerry Smartcard Reader (Hardware Version: 2.0; Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/15/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth(R) enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers."
1574	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit); Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1573	U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA -Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0	PKI BLADE Applet and Protiva PIV DL Card (Hardware Version: P/N P5CD144 Version A1047808; Firmware Version: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2) (PIV Card Application: Cert. #22) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450) -Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics."
1572	Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA -Hang Liu TEL: 434-455-9610 -Dennis Boyer TEL: 919-609-0608 CST Lab: NVLAP 200426-0	Harris AES Software Load Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/13/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1482) -Other algorithms: N/A Multi-chip standalone "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1571	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200002-0	nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3] (Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30) (When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/13/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681) -Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures."
1570	SanDisk Corporation Atir Yeda 7 Kfar-Saba, Israel -Boris Dolgunov TEL: +972-9-7645000 FAX: +972-3-5488666 CST Lab: NVLAP 100432-0	Cruzer Enterprise FIPS Edition (Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/12/2011	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises."
1569	Doremi Cinema LLC 1020 Chestnut St. Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0	IMB (Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/11/2011; 08/16/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box Multi-chip embedded "The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault™, allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB."
1568	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/30/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (32-bit); Windows Server 2008 (64 bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1567	Lumension Security, Inc. 15880 Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 USA -Chris Chevalier TEL: 480-970-1025 FAX: 480-970-6323 -Ron Smith TEL: 480-663-8763 FAX: 480-970-6323 CST Lab: NVLAP 200002-0	Lumension Cryptographic Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2011	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version); Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version); Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version); Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version) -FIPS-approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5; HMAC-MD5; ECIES Multi-chip standalone "The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media."
1566	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® CNG Cryptographic Primitives Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2011; 01/24/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit); Microsoft Windows 7 (x86_64 64-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed."
1565	Xceedium, Inc. 30 Montgomery Street Suite 1020 Jersey City, NJ 07302 USA -Dave Olander TEL: 201-536-1000 x121 FAX: 201-536-1200 CST Lab: NVLAP 200556-0	Xceedium Xsuite (Hardware Versions: 5 and 5a; Firmware Version: 1.0.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/23/2011; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (Cert. #483; non compliant) Multi-chip standalone "Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1564	Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163 USA -Joe Casebolt TEL: 509-332-1890 FAX: 509-332-7990 CST Lab: NVLAP 100432-0	SEL-3044 (Hardware Version: 1.0; Firmware Version: R101 or R103) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/23/2011; 02/15/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412) -Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1563	3e Technologies International, Inc. Suite 500, 9715 Key West Avenue Rockville, MD 20850 USA -Chris Guo TEL: 301-944-1294 FAX: 301-670-6989 CST Lab: NVLAP 200002-0	3e-030-2 Security Server Cryptographic Core (Software Version: 4.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	06/20/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5 Multi-chip standalone "The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5"
1562	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren CST Lab: NVLAP 200416-0	Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2] (Hardware Versions: 1600x433 [1] and 1600x437 [2]; Firmware Version: 4.5) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/20/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1561	Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -David Hostetter TEL: 303-272-7126 FAX: 303-272-6555 CST Lab: NVLAP 100432-0	StorageTek™ T10000C Tape Drive (Hardware Version: P/N 316052503; Firmware Version: 1.51.318) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/17/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763) -Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution."
1560	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs) (Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1559	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 610113-002 Rev. C; Firmware Version: Loader Version 0.65, PSMCU Version 0.98) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 09/19/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1558	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 CST Lab: NVLAP 200802-0	Gemini (Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 07/19/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367) -Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1557	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150E (Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1556	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100E (Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1555	BlockMaster AB Kyrkogatan 17 Lund, S-222 22 Sweden -Johan Söderström TEL: +46 (0) 46-2765100 -Anders Pettersson TEL: +46 (0) 46-2765100 CST Lab: NVLAP 200002-0	BM-C1000 (Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -FIPS-approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683), RSA (Cert. #617) -Other algorithms: NDRNG; RSA-512 (non-compliant) Multi-chip embedded "The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)."
1554	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150E (Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1553	Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA -Wallace Davis TEL: 480-333-2189 FAX: 480-333-2147 CST Lab: NVLAP 200427-0	SLM-5650A TRANSEC Module (Hardware Version: 1.2; Firmware Version: 1.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1537 and #1538); ECDSA (Cert. #189); HMAC (Cert. #893); RNG (Cert. #827); RSA (Cert. #746); SHS (Cert. #1363); Triple-DES (Cert. #1012) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The SLM-5650 satellite modem includes a single FIPS card called the SLM-5650A TRANSEC Module that will perform bulk encryption of all packets for transmission over the satellite regardless of the protocol, the format of data, or existing encryption on the incoming data. The SLM-5650A TRANSEC Module uses 256-bit AES in CBC mode for bulk encryption of all data requiring encryption. The module is managed using a proprietary graphical user interface (GUI) over TLS, referred to as the Management & Control Console, and a command line management interface over SSH."
1552	Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP1280 (CPAP-IP1285-D-GFIP [Nokia NBB1270000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001), IP2450 (CPAP-IP2455-D-GFIP [Nokia NBB3450000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) and IP2455 (CPAP-IP2455-D- GFIP, CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) ; Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA 30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011; 10/04/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #709 and #91); Triple-DES (Certs. #637, #638, #729 and #204); HMAC (Certs. #384, #385, #499 and #203); SHS (Certs. #734, #735, #883 and #500); DSA (Cert. #271); RSA (Certs. #332 and #333); RNG (Certs. #417 and #418) -Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1551	Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP390 (CPAP-IP395-D-GFIP [Nokia NBB0302000] and N431174001) and IP560 (CPAP-IP565-D-AC [Nokia NBB0562000] and CPIP-A-4-1C, CPIP-A-PCMCIA-CA, N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/21/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435, #406 and #729); HMAC (Certs. #248, #251, #207, #208, #176, #146 and #499); SHS (Certs. #564, #567, #508, #509, #469, #417 and #883); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230) -Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1550	SafeNet, Inc. 20 Colonnade Drive Suite 200 Ottowa, Ontario K2E 7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	ProtectServer Internal Express (PSI-e) (Hardware Version: VBD-04-0302; Firmware Version: 3.00.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1582); DSA (Cert. #488); ECDSA (Cert. #193); HMAC (Cert. #928); RNG (Cert. #851); RSA (Cert. #772); SHS (Cert. #1401); Triple-DES (Cert. #1038); Triple-DES MAC (Triple-DES Cert. #1038, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1582; non-compliant); ARIA; CAST-128; CAST-128 MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (Key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC; Multi-chip embedded "The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1549	Sophos Ltd. The Pentagon Abingdon Science Park Oxford, Oxfordshire OX14 3YP United Kingdom -Curt W. Lindenberger TEL: 781-494-5800 FAX: 781-494-5801 -Joachim Schneider TEL: +49 (0) 6171-88-1968 FAX: +49 (0) 89-30703123 CST Lab: NVLAP 200002-0	SafeGuard Cryptographic Engine (Software Version: 5.60) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	05/27/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition 32-bit; Microsoft Windows 7 Ultimate Edition 64-bit; FreeBSD 6.1 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1447 and #1448); Triple-DES (Cert. #982); HMAC (Cert. #849); SHS (Certs. #1311, #1312 and #1317); RNG (Cert. #792) -Other algorithms: N/A Multi-chip standalone "SafeGuard Cryptographic Engine is the core cryptographic component of Sophos' encryption products SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto. It provides a solid implementation of standard algorithms used for disk and file encryption, key generation, key management, and integrity protection."
1548	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola Network Router (MNR) S2500 (Hardware Version: Base Unit P/N CLN1713F, Version Rev D with Encryption Module P/N CLN8262C, Version Rev F; Firmware Version: XS-16.0.1.44) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1547	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit HW P/N CLN1780H, Version Rev A with Encryption Module HW P/N CLN8261D, Version Rev L; Firmware Versions: PS-16.0.1.44 and GS-16.0.1.44) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1546	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola GGM 8000 Gateway (Hardware Version: Base Unit P/N: CLN1841A, Version Rev B with Encryption Module P/N: CLN8492D, Version Rev B; FIPS Kit: P/N CLN1854A, Rev. B; Power Supply: P/N CLN1850A, Rev. C (AC) or P/N CLN1849A, Rev. C (DC); Firmware Version: XS-16.0.1.44) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #685 and #989); AES (Certs. #803 and #1469); DSA (Cert. #465); SHS (Certs. #801 and #1329); RNG (Cert. #803); RSA (Cert. #718); HMAC (Certs. #443 and #864) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1545	Hewlett-Packard TippingPoint 7501N. Capital of Texas Highway Austin, TX 78731 USA -Dinesh Vakharia TEL: 512-681-8271 -Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0	HP TippingPoint Intrusion Prevention System (Hardware Versions: S10 [1], S110 [1], S330 [1], S660N [2], S1400N [2], S2500N [2] and S5100N [2]; Firmware Versions: 3.1.4.1427 [1] and 3.2.0.1530 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/27/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #1557, #1558 and #1559); HMAC (Certs. #909, #910 and #911); RNG (Certs. #838, #839 and #840); RSA (Certs. #756, #757 and #758); SHS (Certs. #1381, #1382 and #1383); Triple-DES (Certs. #1021, #1022 and #1023) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; Non-Approved RNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1544	LaserCard Corporation 1875 N. Shoreline Blvd. Mountain View, CA 94043 USA -Alex Giakoumis TEL: 650-335-4348 FAX: 650-969-6121 CST Lab: NVLAP 100432-0	LaserCard LCCIDProtect (Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/10/2011; 07/27/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) LaserCard LCCIDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. LCCIDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. LCCIDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1543	CareFusion 10020 Pacific Mesa Blvd. San Diego, CA 92121 USA -Robert Canfield TEL: 858-617-4753 FAX: 858-617-5981 CST Lab: NVLAP 100432-0	Alaris® PC Unit Model 8015 (Hardware Version: Model 8015 with FIPS Kit 11935165; Firmware Versions: 9.7.0, 9.9.0 or 9.12.0) (When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/27/2011; 01/11/2012; 09/27/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1436); SHS (Cert. #1301) -Other algorithms: AES (2) (non-compliant); RC4; MD5; SHS (non-compliant); RIPEMD; DES; Triple-DES (non-compliant); RC2-CBC, RC2-ECB, RC2-CFB64, RC2-OFB64; Blowfish; CAST; RSA (non-compliant); DSA (non-compliant); Diffie-Hellman; RNG (non-compliant) Multi-chip standalone "The CareFusion Alaris® PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris® System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care."
1542	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/05/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1541	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989 CST Lab: NVLAP 200427-0	3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points (Hardware Versions: (1.0, 1.1 or 1.2) (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/29/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1021, #1022 and #1023); HMAC (Certs. #570, #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #975, #976 and #977); Triple-DES (Cert. #783) -Other algorithms: AES (Cert. #1021, key wrapping); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1540	XYPRO Technology Corporation 3325 Cochran Street Suite 200 Simi Valley, CA 93063 USA -Sheila Johnson TEL: 805-583-2874 FAX: 805-583-0124 -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124 CST Lab: NVLAP 200427-0	XYGATE /ESDK (Software Version: 3.3.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/28/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with Service Pack 3; HP NonStop Server G06; HP NonStop Server H06; HP NonStop Server J06; HP-UX 10.2; HP-UX 11.11; Solaris 10; IBM AIX 5.2; SuSE Linux Enterprise Server 10; Red Hat Enterprise Linux v5.1; IBM z/OS 1.11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1571); DSA (Cert. #482); HMAC (Cert. #918); RNG (Cert. #845); RSA (Cert. #764); SHS (Cert. #1391); Triple-DES (Cert. #1028) -Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant) Multi-chip standalone "The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS and e-mail protocols such as PGP and S/MIME. Based on cryptlib by Peter Gutmann, the XESDK, written in C, provides encryption services for applications, communications and databases across multiple computer platforms."
1539	Xirrus, Inc. 2101 Corporate Center Dr Thousand Oaks, CA 91320 USA -Steve Smith TEL: 805-262-1600 FAX: 805-262-1601 CST Lab: NVLAP 100432-0	Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16 (Hardware Versions: P/Ns 190-0109-001 Version D [XN4], 190-0110-002 Version B [XN8], 190-0128-001 Version D [XN12] and 190-0111-001 Version D [XN16]; Firmware Version: 4.1 or 5.0) (When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/05/2011	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1009); SHS (Cert. #1325); HMAC (Cert. #860); AES (Certs. #1508 and #1515); RSA (Cert. #715); RNG (Cert. #800) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4 Multi-chip standalone "The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1538	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren CST Lab: NVLAP 200416-0	Datacryptor® 100M Ethernet (Hardware Version: 1600x439; Firmware Version: 4.5) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/28/2011; 05/12/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1033, #1490 and #1549); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1537	Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA, CA 95110 USA -Michael Hong TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200648-0	Brocade Mobility RFS7000 Controller (Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Brocade Mobility RFS7000 Controller provides robust, highly scalable support for seamless mobility for government agencies. The innovative architecture simplifies network deployment and management, provides superior performance, security and scalability. The Brocade Mobility RFS7000 enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1536	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen  TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 07/27/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1535	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen  TEL: 847-576-2352  CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 07/27/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1534	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Nexus 7000 18 Slot (Hardware Version: N7K-C7018= N7K-C7018-V01; Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 02/23/2012; 07/18/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047) -Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip standalone "The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1533	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Nexus 7000 10 Slot (Hardware Version: N7K-C7010= N7K-C7010-V02, FIPS Kit (CISCO-FIPS-KIT=); Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/15/2011; 02/23/2012; 07/18/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047) -Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip standalone "The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1532	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road, Suite 428 Stamford, CT 06905 USA -Niel Weicher TEL: 203-246-6507 CST Lab: NVLAP 200416-0	NetLib® Encryptionizer® DE/FIPS (Software Versions: 2010.201.10.0 and 2010.501.10.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/12/2011	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 7 (x86); Windows Server 2003 (x86); Windows Server 2008 (x86); Windows 7 (x64); Windows Server 2003 (x64); Windows Server 2008 (x64) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1502 and #1528); SHS (Certs. #1376 and #1377); HMAC (Certs. #905 and #906) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® DE/FIPS versions 2010.201.10.0 and 2010.501.10.0 provide encryption of data stored in server-based and desktop-based databases and files, including MS SQL Server databases and backups . It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database or file unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed. It supports both 32-bit and 64-bit applications."
1531	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Sameer Kanagala TEL: 408-528-2886 FAX: 408-528-2500 -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903 CST Lab: NVLAP 200648-0	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/12/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "RFS7000-GR Wireless Switch from Motorola provides robust, highly scalable support for seamless mobility for government agencies. Motorola's architecture simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. The RFS7000-GR enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1530	CST Lab: NVLAP 200802-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/04/2011; 10/10/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1529	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs) (Hardware Versions: 881, 881G, 891 and [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527, #962 and #1535); HMAC (Certs. #891 and #537); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #933); Triple-DES (Certs. #1010 and #757) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Cisco 880, and Cisco 890 series ISRs provide Internet, VPN, voice, data, and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users. These routers are capable of bridging and multiprotocol routing between LAN and WAN ports, and provide advanced features such as antivirus protection."
1528	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/30/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1527	Systematic Development Group, LLC 350 Jim Moran Blvd. Suite 122 Deerfield Beach, FL 33442 USA -George Wolf TEL: 954-889-3535 x315 CST Lab: NVLAP 100432-0	LOK-IT™ 10 KEY (Series SDG003FM) and LOK-IT™ 5 KEY (Series SDG004FP) (Hardware Versions: HW003-16 Rev:01, HW003-16 Rev:02, HW003-08 Rev:01, HW003-04 Rev:01 (10 Key) and HW004-08 Rev:01 (5 Key);  Firmware Version: USB Controller Firmware Revision V01.12A09-F01 (10 Key and 5 Key) or V01.12A12-F01 (10 Key) ; Security Controller Firmware Revisions SDG003FM-008 (10 Key) and SDG004FP-008 (5 Key)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2011; 10/04/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514) -Other algorithms: N/A Multi-chip standalone "LOK-IT™ is a USB Flash drive with a multi-chip embedded cryptographic module architecture as defined by FIPS 140-2. It consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16F688 security controller. The product supports 256 bit AES encryption of data stored in NAND Flash memory. The drive provides self-contained user authentication without the need for host computer applications. Two derivations of the product exist differing in the number of numeric buttons; the SDG003FM has 10 numeric buttons and the SDG004FP has 5 numeric buttons."
1526	Lexmark International Inc. 740 West New Circle Rd. Lexington, KY 40550 USA -Graydon Dodson TEL: 859-232-6483 CST Lab: NVLAP 200416-0	Lexmark PrintCryption™ (Firmware Version: 1.3.2f) (Requires Option P/N 57X9000 to enable the PrintCryption firmware) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	03/24/2011	Overall Level: 1  -Tested: Lexmark X548 Printer with IBM 750CL processor on Lexmark Linux 2.6.28; Lexmark X792 Printer with Freescale 7448 processor on Lexmark Linux 2.6.28; -FIPS-approved algorithms: AES (Certs. #1209 and #1487); SHS (Certs. #1112 and #1343); RNG (Certs. #670 and #811); RSA (Certs. #579, #730 and FIPS 186-3, vendor affirmed); HMAC (Certs. #704 and #876) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Lexmark PrintCryption™ is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the Lexmark PrintCryption™ module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption™ analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the document to be printed."
1525	Xirrus, Inc. 2101 Corporate Center Dr Thousand Oaks, CA 91320 USA -Steve Smith TEL: 805-262-1600 FAX: 805-262-1601 CST Lab: NVLAP 100432-0	Xirrus Wi-Fi Array XS4 and XS8 (Hardware Versions: P/Ns: 190-0092-002 Rev D1 [XS4] and 190-0091-005 Rev A1 [XS8]; Firmware Version: 3.5) (When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1005); SHS (Cert. #1326); HMAC (Cert. #861); AES (Certs. #470 and #1503); RSA (Cert. #716); RNG (Cert. #801) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4 Multi-chip standalone "The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1524	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	SafeNet Luna EFT (Hardware Version: GRK-09-0100 or GRK-15-0100 [2]; Firmware Version: MAL00000E [1] or MAL000001E [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/23/2011; 10/04/2011	Overall Level: 3  -FIPS-approved algorithms: RNG (Cert. #806); RSA (Certs. #723 and #899); SHS (Certs. #1335 and #1560); Triple-DES (Cert. #994) -Other algorithms: MD5 Multi-chip standalone "SafeNet Luna EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
1523	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	Athena IDProtect (Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/05/2011; 04/27/2011; 06/09/2011; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774); -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) IDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. IDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1522	IBM® Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 CST Lab: NVLAP 200427-0	IBM LTO Generation 5 Encrypting Tape Drive (Hardware Versions: 45E8192 EC Level M11221 (Fibre Channel) and 45E8193 EC Level M11221 (SAS); Firmware Versions: pf100923e.A9Q5.FC.fips.ro (Fibre Channel) and pf100923e.A9Q5.SAS.fips.ro (SAS)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/23/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1530, #1531 and #1532); RNG (Cert. #825); RSA (Cert. #744); SHS (Cert. #1361) -Other algorithms: AES (Cert. #1530, key wrapping; key establishment methodology provides 256-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Generation 5 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Two different host interface types of the LTO Generation 5 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1521	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs) (Hardware Versions: 2951 [1][2], 3925 [1][3], 3945 [1][3], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-2951= [2] and FIPS-SHIELD-3900= [3]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/18/2011; 04/04/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527, #963 and #1536); HMAC (Certs. #891 and #538); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #934); Triple-DES (Certs. #1010 and #758) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 2951, 3925 and 3945 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1520	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911 and Cisco 2921 Integrated Services Routers (ISRs) (Hardware Version: 1905 [1][2], 1921 [1][2], 1941 [1][2], 2901 [1][3], 2911 [1][4], 2921 [1][5], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-1900= [2], FIPS-SHIELD-2901= [3], FIPS-SHIELD-2911= [4] and FIPS-SHIELD-2921= [5]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 04/04/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527 and #1115); HMAC (Certs. #891 and #627); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #1038); Triple-DES (Certs. #1010 and #812) -Other algorithms: DES, HMAC-MD5, MD5, RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 1905, 1921, 1941, 2901, 2911 and 2921 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1519	Code Corporation 14870 S. Pony Express Rd. Suite 200 Bluffdale, UT 84065 USA -Tim Jackson TEL: 801-984-7865 FAX: 801-495-0280 CST Lab: NVLAP 100432-0	Code Reader 2500 FIPS and Code Reader 3500 FIPS (Hardware Versions: P/Ns 2512FIPS_01 and 3512FIPS_01; Firmware Version: 4641) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 04/04/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1457); DRBG (Cert. #55) -Other algorithms: NDRNG Multi-chip standalone "Code Corporation’s Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, when used in conjunction with a CodeXML® FIPS Bluetooth® Modem, provide an encrypted wireless bar code reading solution with a working range of up to 300 feet. Code Corporation’s FIPS bar code readers employ a FIPS approved AES-256 algorithm to generate per session keys to encrypt data and a separate key to encrypt overhead communications ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1518	GDC Technology (USA), LLC 3500 W. Olive Ave. Suite 940 Burbank, CA 91505 USA -Tim Folk TEL: (877) 743--2872 FAX: 877-643-2872 CST Lab: NVLAP 100432-0	IMB (Hardware Version: GDC-IMB-v1; Firmware Version: 1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5 Multi-chip embedded "A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1517	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010 CST Lab: NVLAP 200427-0	Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS Firmware (Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); 3200 Revision C4: 3200-8-AOS-STD-FIPS-US Revision C4; 3400 Revision C4: 3400-32-AOS-STD-FIPS-US Revision C4; 3600 Revision C4: 3600-64-AOS-STD-FIPS-US Revision C4; 6000 Revision C4: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X Revision C4)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS; 6000 or A3000_3.4.5.1-FIPS: ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 07/19/2011; 02/06/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #465, #762 and #823); HMAC (Certs. #416, #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768, #769 and #823); Triple-DES (Certs. #482, #667 and #694) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1516	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	HP Enterprise Secure Key Manager (Hardware Version: P/N AJ575A, Version 2.1; Firmware Version: 4.8.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 09/19/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1480); DSA (Cert. #467); HMAC (Cert. #871); RNG (Cert. #807); RSA (Cert. #726); SHS (Cert. #1338); Triple-DES (Cert. #997) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration, and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1515	Motorola Solutions, Inc. 1303 E. Algonquin Road Schaumburg, IL 60196  USA -Richard Carter TEL: 44-0-1364-655500 FAX: 44-0-1364-654625 CST Lab: NVLAP 100432-0	Motorola PTP 600 Series (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 08-50) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2011; 03/28/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #399); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #700); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1514	Apple Inc. 11921 Freedom Drive Reston, VA 20190 USA -Shawn Geddis TEL: 703-264-5103 CST Lab: NVLAP 200002-0	Apple FIPS Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Apple Mac OS X 10.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1400); DSA (Cert. #453); ECDSA (Cert. #176); HMAC (Cert. #823); RNG (Cert. #767); RSA (Cert. #681); SHS (Cert. #1271); TDES (Cert. #955) -Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (non-compliant key generation) Multi-chip standalone "Mac OS X's security services are built using the open source Common Data Security Architecture. CDSA is a set of layered security services in which the AppleCSP provides the cryptography for services such as FileVault, Encrypted Disk Images, Keychains, Safari, Mail, etc."
1513	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Encryptor, Model 600 (Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00p, 904-511i1-00p, 943-511i0-00p and 943-511i1-00p; Firmware Versions: 4.0.2 and 4.0.3) (When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter i, p and x designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011; 06/21/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1512	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Encryptor, Model 650 (Hardware Versions: 904-53260-007, 904-53261-007, 904-53361-20p, 943-53270-007, 943-53271-007 and 943-53371-20p; Firmware Versions: 4.0.2 and 4.0.3) (When operated in FIPS mode. Refer to the cryptographic module’s security policy for the details on the letter p designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011; 06/21/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1511	Cavium Networks 805 E. Middlefield Road Mountain View, CA 94043 USA -TA Ramanujam TEL: 650-623-7039 FAX: 650-625-9751 CST Lab: NVLAP 100432-0	NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0-G, CN1620-NFBE2NIC-2.0-G, CN1620-NFBE3NIC-2.0-G, CN1610-NFBE1NIC-2.0-G, CN1620-NFBE1-2.0-G, CN1620-NFBE2-2.0-G, CN1620-NFBE3-2.0-G and CN1610-NFBE1-2.0-G, Version: 2.0; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Certs. #150 and #188); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Certs. #607 and #742); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898); DSA (Cert. #474) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world’s fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1510	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548 CST Lab: NVLAP 200427-0	F-Secure Kernel Mode Cryptographic Driver for Linux (Software Version: 2.3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1556); HMAC (Cert. #908); RNG (Cert. #837); SHS (Cert. #1380); Triple-DES (Cert. #1020) -Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; RC2; RIPEMD-160 Multi-chip standalone "The F-Secure Cryptographic Library is a software module for Red Hat Enterprise Linux v5 . The module provides an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under Red Hat Enterprise Linux v5 ."
1509	Code Corporation 14870 S. Pony Express Rd. Suite 200 Bluffdale, UT 84065 USA -Tim Jackson TEL: 801-984-7865 FAX: 801-495-0280 CST Lab: NVLAP 100432-0	CodeXML® FIPS Bluetooth® Modem (Hardware Version: P/N BTHDFIPS-M2_01; Firmware Version: 0187) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/02/2011; 04/04/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1456) -Other algorithms: N/A Multi-chip standalone "Code Corporation’s CodeXML® FIPS Bluetooth® Modem, when used in conjunction with the Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, provides an encrypted wireless bar code reading solution with a working range of up to 300 feet. The CodeXML® FIPS Bluetooth® Modem employs a FIPS approved AES-256 algorithm with per session keys to ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1508	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	ASTRO CDEM Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Version: R01.01.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/02/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR; DES Single-chip "The ASTRO CDEM MACE provides secure key management and data encryption for the Astro System."
1507	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548 CST Lab: NVLAP 200427-0	F-Secure Kernel Mode Cryptographic Driver (Software Version: 2.3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 with Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1543); HMAC (Cert. #894); RNG (Cert. #831); SHS (Cert. #1368); Triple-DES (Cert. #1013) -Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; PBKDF2; RIPEMD-160 Multi-chip standalone "The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows Server 2008, 2008 R2, and Windows 7 compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface."
1506	CST Lab: NVLAP 200658-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/28/2011	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1505	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -Carl Buscaglia TEL: 845-435-6902 CST Lab: NVLAP 100432-0	IBM 4765 Cryptographic Coprocessor Security Module (Hardware Version: P/Ns 45D6048 Version 1.0 or 41D8612 Version 1.0; Firmware Version: e1ced7a0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/24/2011; 12/21/2012	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #1294); RNG (Cert. #722); RSA (Cert. #621); SHS (Cert. #1188) -Other algorithms: DES MAC Multi-chip embedded "The IBM 4765 Cryptographic Coprocessor Security Module, is a tamper responding, programmable, cryptographic PCIe card, containing CPU, encryption hardware, RAM, persistant memory, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in the IBM System z server."
1504	Data Locker Inc. 7500 College Suite 600 Overland Park, KS 66210 USA -Jay Kim TEL: 913-310-9088 FAX: 800-858-4709 CST Lab: NVLAP 200658-0	Data Locker Enterprise, V2.0 (Hardware Versions: P/Ns DL500E2 and DL1000E2; Firmware Version: 2.30) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/24/2011; 03/01/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #250) -Other algorithms: N/A Multi-chip standalone "The Data Locker Enterprise is a fully platform independent, portable encrypted hard drive. Compatible with MAC, Windows and Linux systems, the Data Locker operates without any host based software or drivers. It utilizes an embedded LCD touch screen interface for all authentication and administrative functions. The device is fully 256bit AES CBC Mode encrypted via a dedicated crypto engine."
1503	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 5.0 or 5.0.1) (When operated in FIPS140_MODE or FIPS140_SSL_MODE and initialized with Level 2 Authentication) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011; 03/28/2011; 09/19/2011; 01/23/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1502	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 5.0 or 5.0.1) (When operated in FIPS140_MODE or FIPS140_SSL_MODE) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011; 03/28/2011; 09/19/2011; 01/24/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1501	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 CST Lab: NVLAP 200427-0	Cryptographic Module for F5 and C5 (Software Version: 1.7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Technologic Systems® TS-Linux 2.4.26-ts11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1494); ECDSA (Cert. #186); HMAC (Cert. #879); RNG (Cert. #813); RSA (Cert. #733); SHS (Cert. #1347); Triple-DES (Cert. #1001) -Other algorithms: N/A Multi-chip standalone "ActivIdentity F5 and C5 software development kits are designed to enable vendors to incorporate cryptographic-based technologies into their physical access control applications. The F5 SDK enables physical access strong authentication using FIPS 201 PIV smart cards, in compliance with the authentication modes described in NIST Special Publication 800-116. The C5 SDK enables strong authentication in the case of standalone electronic locks and physical access control systems, by writing digitally signed privileges to and from smart cards."
1500	Pragma Systems, Inc. 13809 Research Boulevard, Suite 675 Austin, TX 78750 USA -Andrew Tull, Vice President, Sales & Marketing TEL: 512-219-7270 FAX: 512-219-7110 -David S. Kulwin TEL: 512-219-7270 FAX: 512-219-7110 CST Lab: NVLAP 200426-0	Pragma Systems Cryptographic Module (Software Version: 1.0.0.12) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1012, #1010 and #1002 operating in FIPS mode and Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) validated to FIPS 140-2 under Certs. #1009, #1003 and #875 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server; Microsoft Windows 2008 Server; Microsoft Windows Vista (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #818); Triple-DES (Certs. #656 and #691); HMAC (Certs. #407, #408 and #452); SHS (Certs. #753 and #816); RSA (Certs. #354, #355 and #395); DSA (Certs. #221, #281 and #282); RNG (Certs. #314, #435 and #470); DRNG (SP 800-90, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA KeyGen (non-compliant); MD5 Multi-chip standalone "The Pragma Systems Cryptographic Module is a dynamically linked library that provides the cryptographic abstraction used in the Pragma Fortress Secure Shell (SSH) products."
1499	Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 USA -Nicholas Campagna TEL: 408-738-7700 FAX: 408-738-7701 CST Lab: NVLAP 100432-0	PA-500, PA-2000 Series and PA-4000 Series Firewalls (Hardware Versions: HW P/N 910-000006-00D Rev. D with FIPS Kit P/N 920-000005-001 Rev. 1 (PA-500), HW P/N 910-000004-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2020), HW P/N 910-000003-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2050), HW P/N 910-000002-00Q Rev. Q with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00P Rev. P with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050) and HW P/N 910-000005-00G Rev. G with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060); Firmware Version: 3.1.2 or 3.1.7-h1) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/10/2011; 06/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1378); Triple-DES (Cert. #950); RSA (Cert. #675); DSA (Cert. #451); HMAC (Cert. #810); SHS (Cert. #1259); RNG (Cert. #760) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "Palo Alto Network's next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls."
1498	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 100432-0	DataSecure Appliance i150 and i450 (Hardware Versions: P/Ns 947-00150-001 and 947-000031-001; Firmware Version: 4.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #916); AES (Cert. #1315); DSA (Cert. #421); RNG (Cert. #733); RSA (Cert. #629); SHS (Cert. #1185); HMAC (Cert. #751) -Other algorithms: RSA (key wrapping, key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; SEED; RC4 Multi-chip standalone "The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
1497	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Secure Access Control Server (ACS) FIPS module (NSS) (Software Versions: 3.12.5 and 3.12.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/10/2011; 02/23/2012; 04/05/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1475); DRBG (Cert. #59); DSA (Cert. #466); HMAC (Cert. #868); RSA (Cert. #722); SHS (Cert. #1334); Triple-DES (Cert. #993) -Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED Multi-chip standalone "The Cisco Secure Access Control Server (ACS) FIPS module (NSS) Version 3.12.5 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Cisco ACS FIPS module (NSS) is a general-purpose cryptographic library, with an API based on the industry standard PKCS #11 version 2.20."
1496	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Secure Access Control Server (ACS) FIPS module (cryptolib) (Software Versions: 1.1, 1.2 and 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/10/2011; 04/27/2011; 02/23/2012: 06/21/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1474); HMAC (Cert. #867); RNG (Cert. #805); RSA (Cert. #721); SHS (Cert. #1333) -Other algorithms: AES (Cert. #1474, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Secure ACS FIPS Module Version 1.1 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Secure ACS FIPS module provides FIPS compliant cryptography supporting AAA for IEEE 802.11i security (WPA2) with EAP protocols like EAP-TLS, EAP-FAST, PEAP with RADIUS Key Wrap functionalities, Cisco TrustSec (CTS), and 802.1x-rev."
1495	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/28/2011; 06/08/2012; 10/15/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1494	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304 CST Lab: NVLAP 100432-0	Sony Security Module (Hardware Version: 1.0.1; Firmware Version: 1.0.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG Multi-chip embedded "The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1493	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304 CST Lab: NVLAP 100432-0	Sony Security Module (Hardware Version: 1.1.0; Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG Multi-chip embedded "The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1492	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 77 and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Versions: System SSL level HCPT3B0/JCPT3B1 with APAR OA31595, RACF level HRF7760 with APAR OA30951 and ICSF level HCR7770 with APAR OA32012; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	02/04/2011; 04/12/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 77 and z/OS® V1R11] (single-user mode) -FIPS-approved algorithms: AES (Certs. #976, #1418 and #1419); Triple-DES (Certs. #769, #968 and #969); DSA (Certs. #458 and #459); RSA (Certs. #691, #692, #693, #694 and #695); SHS (Certs. #946, #1286 and #1287); HMAC (Certs. #836 and #837); RNG (Certs. #775 and #776) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2 Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1491	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	HX280 Broadband Satellite Router (Hardware Version: Rev C.; Firmware Versions: 6.6.0.3 or 6.7.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	01/28/2011; 08/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1451 and #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796) -Other algorithms: Diffie-Hellman (key agreement providing 80 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The Hughes HX280 Mesh/Star Broadband Router is a high-performance satellite router that enables carrier-grade broadband Internet Protocol services with enhanced security protecting all data, management, and signaling traffic over the satellite network, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization, and access control capabilities."
1490	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 06/01/2011; 03/14/2012; 12/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1489	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 06/01/2011; 03/14/2012; 12/07/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1488	Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163 USA -Joe Casebolt TEL: 509-332-1890 FAX: 509-332-7990 CST Lab: NVLAP 100432-0	SEL-3045 (Hardware Version: 1.0; Firmware Version: R100 or R101) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 02/06/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412) -Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SEL-3045 Secure SCADA Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3045 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1487	Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Software Version: P/N Athena PIV Applet Version 2.0; Firmware Version: P/N Athena IDProtect Duo Version 0107.9334.0306) (PIV Card Application: Cert. #20) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 04/12/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Triple-DES (Cert. #598, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1486	Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom -Laura Loredo TEL: 44 117 312 9341 CST Lab: NVLAP 100432-0	HP LTO-5 Tape Drive (Hardware Version: AQ273C #912 [1], AQ273D #704 [2], AQ273F #900 [3] and AQ283B #103 [4]; Firmware Version: I3BW [1], I3AS [2], I3AZ [3] and Z39W [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1441, #1442, #1443 and #1444); HMAC (Cert. #848); RNG (Certs. #790 and #791); RSA (Certs. #708 and #709); SHS (Certs. #1308 and #1309) -Other algorithms: MD5; AES (AES Cert. #1441, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "HP LTO-5 Tape Drive sets new standards for capacity, performance, and manageability. The HP LTO-5 represents HP's fifth-generation of LTO tape drive technology capable of storing up to 3TB per cartridge while providing enterprise tape drive monitoring and management capabilities with HP TapeAssure and AES 256-bit hardware data encryption, easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges. Capable of data transfer rates up to 280MB/sec, HP's exclusive Data Rate Matching feature further optimizes performance by matching speed of host to"
1485	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	Hughes Crypto Kernel - Firmware (Firmware Version: 3.1.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	01/11/2011	Overall Level: 1  -Tested: Hughes HX280 with the VxWorks 5.4 operating system -FIPS-approved algorithms: AES (Cert. #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1484	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	Hughes Crypto Kernel (Software Version: 3.1.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	01/11/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft® Windows Server® 2008 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1450); SHS (Cert. #1314); HMAC (Cert. #851); DSA (Cert. #461); RNG (Cert. #794) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1483	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 3020, Steelhead 3520, Steelhead 5520 and Steelhead 6020 Appliances (Hardware Versions: 3020, 3520, 5520 and 6020; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1482	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 5050 and Steelhead 6050 Appliances (Hardware Versions: 5050 and 6050; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1481	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 520, Steelhead 1020, Steelhead 1520 and Steelhead 2020 Appliances (Hardware Versions: 520, 1020, 1520 and 2020; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1480	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 1050 and Steelhead 2050 Appliances (Hardware Versions: 1050 and 2050; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1479	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S200/D200 (Hardware Versions: D2-S200-S01 (Rev 1), D2-S200-S02 (Rev 1), D2-S200-S04 (Rev 1), D2-S200-S08 (Rev 1), D2-S200-S16 (Rev 1), D2-D200-S01 (Rev 1), D2-D200-S02 (Rev 1), D2-D200-S04 (Rev 1), D2-D200-S08 (Rev 1), D2-D200-S16 (Rev 1) or D2-D200-S32 (Rev 1); Firmware Version: 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.1.0, 2.1.1 or 2.1.2) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/07/2011; 08/09/2011; 09/19/2011; 10/04/2011; 10/26/2011; 04/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Certs. #587 and #702); RSA (Cert. #605); SHS (Certs. #987 and #1154); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1478	Juniper Networks, Inc. 1194 Norht Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways (Hardware Version: SRX100B, SRX100H, SRX210B, SRX210H, SRX240B, SRX240H and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	01/05/2011; 01/20/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #937 and #948); AES (Certs. #1362 and #1373); DSA (Cert. #440); SHS (Certs. #1242 and #1255); RNG (Cert. #748); RSA (Cert. #662); HMAC (Certs. #798 and #806) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5 Multi-chip standalone "Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, IPsec VPN and IPS."
1477	Juniper Networks, Inc. 1194 Norht Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks LN1000 Mobile Secure Router (Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4) (The tamper evident seals and security device installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #936 and #947); AES (Certs. #1351 and #1372); DSA (Cert. #439); SHS (Certs. #1234 and #1254); RNG (Cert. #743); RSA (Cert. #657); HMAC (Certs. #790 and #805) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5 Multi-chip standalone "Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1476	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 CST Lab: NVLAP 200427-0	3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points (Hardware Version: 2.0(A) (3e-525A-3, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4), 2.1 (3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4) and 90000522-001; Firmware Version: 4.4) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1021, 1022 and 1023); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #976 and #977); Triple-DES (Cert. #783) -Other algorithms: AES CFB (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1475	Wind River Systems, Inc. 1500 Wind River Way Alameda, CA 94501 USA -Millind Kukanur TEL: 510-749-2494 CST Lab: NVLAP 200658-0	Network Security Services (NSS) (Software Version: 3.12.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/28/2010	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with Wind River Linux Secure 1.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #949); AES (Cert. #1374); DSA (Cert. #450); ECDSA (Cert. #174); SHS (Cert. #1256); RSA (Cert. #673); DRBG (Cert. #49); HMAC (Cert. #807) -Other algorithms: MD5; MD2; RC2; RC4; DES; SEED; Camellia; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 192 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards."
1474	Check Point Software Technologies Ltd. 12007 Sunrise Valley Dr. Suite 130 Reston, VA 20191 USA -Malcolm Levy TEL: 703-234-0100 x218 CST Lab: NVLAP 200002-0	Connectra (Firmware Version: NGX R66.1 with hotfix 1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/28/2010	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Connectra-1 3070 General Purpose Computer with Check Point SecurePlatform Operating System, version NGX R66.1 hotfix 1 -FIPS-approved algorithms: Triple-DES (Certs. #944 and #984); AES (Certs. #1369 and #1458); SHS (Certs. #1251 and #1319); HMAC (Certs. #802 and #855); RSA (Certs. #670 and #713); RNG (Cert. #756) -Other algorithms: CAST 40 bit; CAST 128 bit; DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 202 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength) Multi-chip standalone "Check Point Connectra that unifies SSL VPN, IPSec VPN, and integrated intrusion prevention for secure connectivity for mobile and remote workers while protecting enterprise networks and endpoints from external threats. Connectra includes centralized management and DynamicID SMS authentication."
1473	Adara Networks, Inc. 2150 N. First Street San Jose, CA 95131 USA -Lillian Withrow TEL: 408-433-4900 FAX: 408-456-0190 CST Lab: NVLAP 100432-0	OpenSSL NPX Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/28/2010	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #942); AES (Cert. #1367); DSA (Cert. #447); SHS (Cert. #1248); RNG (Cert. #753); RSA (Cert. #667); HMAC (Cert. #801) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength) Multi-chip standalone "The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases, and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1472	Enova Technology Corporation 1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park Hsin Chu City, Taiwan 30076 Republic of China -Robert Wann TEL: +886 3 577 2767 FAX: +886 3 577 2770 CST Lab: NVLAP 100432-0	X-Wall MX-256C (Hardware Version: X-Wall MX-256C; Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/28/2010	Overall Level: 1  -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #250) -Other algorithms: N/A Single-chip "The patented X-Wall MX-256C (MX-256C) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec). MX-256C, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256C and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256C contains no NVM. Therefore at each power on reset authentication is needed."
1471	Enova Technology Corporation 1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park Hsin Chu, Taiwan 30076 Republic of China -Robert Wann TEL: +886 3 577 2767 FAX: +886 3 577 2770 CST Lab: NVLAP 100432-0	X-Wall MX-256 (Hardware Version: X-Wall MX-256; Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/28/2010	Overall Level: 1  -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #60) -Other algorithms: N/A Single-chip "The patented X-Wall MX-256 (MX-256) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec).MX-256, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256 and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256 contains no NVM. Therefore at each power on reset authentication is needed."
1470	IBM Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 FAX: 845-433-7510 -James Sweeny TEL: 845-435-7453 FAX: 845-435-8530 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 11 ICSF PKCS#11 Cryptographic Module (Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Versions: APAR OA32012 and APAR OA30951; Firmware Versions: CPACF (FC3863 w/ System Driver Level 77) and optional 4765-001 (e1ced7a0)) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software-Hybrid	12/28/2010; 06/01/2011; 10/4/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Accelerator (CEX3A))] [IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (aka FC3863) includes FC3863 w/System Driver Level 77 and z/OS® V1R11]; (single-user mode) -FIPS-approved algorithms: AES (Certs. #1332 and #976); Triple-DES (Certs. #931 and #769); DSA (Cert. #437); ECDSA (Cert. #171); RSA (Certs. #644, #645 and #691); SHS (Certs. #946 and #1218); HMAC (Cert. #780); RNG (Cert. #734) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool Multi-chip standalone "The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1469	JVC KENWOOD Corporation 1-16-2, Hakusan, Midori-ku Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730 CST Lab: NVLAP 100432-0	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A2.0.2 or A2.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/28/2010; 12/07/2011; 01/31/2012; 04/02/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827) -Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1468	SafeNet, Inc. 20 Colonnade Road Suite 200 Nepean, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/28/2010; 02/10/2011; 12/03/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1467	Motorola, Inc. One Motorola Plaza Holtsville, NY 11742 USA -Jay Greenrose TEL: 631-738-3844 FAX: 631-738-4656 -Mariya Wright TEL: 914-574-8189 FAX: 631-738-4656 CST Lab: NVLAP 200648-0	Motorola EMS Cryptographic Module (Firmware Versions: DAABDS00-001-R00 and DAABGS00-001-R00) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/21/2010; 11/17/2011	Overall Level: 1  -Tested: DS6878 with Micrium OS II V2.85; CR0078 with Micrium OS II V2.85; STB2078 with Micrium OS II V2.85; DS3578 with Micrium OS II V2.85; STB3578-CF007WR with Micrium OS II V2.85; FLB3578-CF007WR with Micrium OS II V2.85 -FIPS-approved algorithms: AES (Certs. #1395 and #1397); SHS (Certs. #1266 and #1268); HMAC (Certs. #819 and #821) -Other algorithms: N/A Multi-chip standalone "The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1466	Motorola, Inc. One Motorola Plaza Holtsville, NY 11742 USA -Jay Greenrose TEL: 631-738-3844 FAX: 631-738-4656 -Mariya Wright TEL: 914-574-8189 FAX: 631-738-4656 CST Lab: NVLAP 200648-0	Motorola EMS Cryptographic Module (Software Versions: DAABES00-001-R00 and DAABFS00-001-R00) Validated to FIPS 140-2 Security Policy Certificate	Software	12/21/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with MC9596 with Windows Mobile 6.5; MT2070 with Windows CE 5.0; MT2090 with Windows CE 5.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1398 and #1396); SHS (Certs. #1267 and #1269); HMAC (Certs. #820 and #822); RNG (Certs. #764 and #765) -Other algorithms: N/A Multi-chip standalone "The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1465	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE (Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768) -Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1464	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE (Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768) -Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1463	Symantec Corporation 350 Ellis St, PO Box 7011 Mountain View, CA 94043 USA -Rama Vissapragada TEL: 650-527-0217 FAX: 650-527-1984 CST Lab: NVLAP 100432-0	Encryption Plus Cryptographic Library (Software Version: 1.0.5) Validated to FIPS 140-2 Security Policy Certificate	Software	12/21/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Mac OS X (32-bit and 64-bit); Windows 7 (32-bit and 64-bit); Windows Vista (32-bit and 64-bit); Windows XP (32-bit and 64-bit); Windows Server 2008 (32-bit and 64-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1420); HMAC (Cert. #838); SHS (Cert. #1288); RNG (Cert. #777) -Other algorithms: N/A Multi-chip standalone "The Encryption Plus Cryptographic Library (EPCL) provides cryptographic services to the Symantec Corporation for Symantec, GuardianEdge, Encryption Anywhere, and Encryption Plus families of data protection products."
1462	Adara Networks, Inc. 2150 N. First Street San Jose, CA 95131 USA -Lillian Withrow TEL: 408-433-4900 FAX: 408-456-0190 CST Lab: NVLAP 100432-0	Kernel NPX Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/21/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1410); HMAC (Cert. #831); SHS (Cert. #1280); Triple-DES (Cert. #963) -Other algorithms: N/A Multi-chip standalone "The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1461	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Patrick Blanluet TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10 CST Lab: NVLAP 100432-0	NETSET2 PSD (Hardware Version: P/N 4129955LD or P/N 4150859LB; Firmware Version: P/N 4149085NA Version 22.19) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/09/2010; 07/05/2011	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
1460	IBM Internet Security Systems, Inc. 6303 Barfield Road Atlanta, GA 30328 USA -Scott Sinsel TEL: 404-236-2722 FAX: 404-236-2632 CST Lab: NVLAP 200416-0	Proventia GX Series Security Appliances (Hardware Versions: GX4004, GX5008, GX5108, GX5208 and GX6116; Firmware Version: 3.1, 4.1 or 4.3) (With Firmware Version 3.1, 4.1 or 4.3 and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/29/2010; 12/07/2011; 04/02/2012; 04/24/2012; 02/14/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1182, #1183 and #1184); HMAC (Certs. #682, #683 and #684); RNG (Certs. #653, #654 and #655); RSA (Certs. #563, #564 and #565); SHS (Certs. #1091, #1092 and #1093) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1459	Morpho - e-Documents Division  11, Boulevard Galliéni  Issy Les Moulineaux, 92130 France -M. Maximilien N’GUYEN  TEL: +33 (0)1 58 11 88 37  FAX: +33 (0)1 58 11 89 93  CST Lab: NVLAP 100432-0	ypsID (Hardware Version: P/N AT90SC25672RCT-USB; Firmware Version: 01029069 - FFFFFFF or 020000202 - FFFFFFF) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/29/2010; 04/06/2011; 07/19/2011	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Cert. #1113); RSA (Certs. #580 and #581); Triple-DES (Cert. #872); Triple-DES MAC (Triple-DES Cert. #872, vendor affirmed); RNG (Cert. #671) -Other algorithms: Triple-DES (Cert. #872, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "The ypsid common cryptographic module lies at the core of the Sagem Orga authentication and signature tokens for corporate employees, civil servants, and e-commerce / e-banking online clients. This module is the base for : ypsid SmartCard S2 converged smart card access badges with PKI, minex II approved biometric fingerprint Match-on-card and One time password (OTP) and ypsid Keys: E*, E1, and E2 USB cryptographic keys presenting driverless and zero footprint two factor OTP authentication and digital signature."
1458	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/23/2010	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1457	Motorola Solutions, Inc. 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	ASTRO Subscriber Universal Crypto Module (UCM) (Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A and NNTN7427C; Firmware Versions: R05.06.00, R05.06.01, R05.07.10, R05.07.11, R05.07.12 or R05.07.15) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/29/2010; 01/31/2011; 03/28/2011; 07/05/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Certs. #2 and #1296); Triple-DES (Cert. #82); SHS (Cert. #335); RNG (Cert. #121); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); AES (Cert. #2, key wrapping; key establishment provides 256 bits of encryption strength) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
1456	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0	PrivateServer (Hardware Version: 4.7; Firmware Version: 4.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/29/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1267); Triple-DES (Cert. #899); RSA (Cert. #608); SHS (Cert. #1167); Triple-DES MAC (Cert. #899, vendor affirmed); RNG (Cert. #708); ECDSA (Cert. #151); HMAC (Cert. #737) -Other algorithms: DES; DES MAC; DES Stream; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; DES MAC; MD5 Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES-MAC, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1455	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	7206VXR NPE-G2 with VSA (Hardware Version: 7206VXR Version: 2.9 with NPE-G2 Version: 1.0 and VSA Version: 1.0; Firmware Version: 12.4(15)T10 or 12.4(15)T14) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/29/2010; 07/27/2011; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #91); HMAC (Cert. #203); RNG (Cert. #786); RSA (Cert. #707); SHS (Certs. #500 and #1303); Triple-DES (Cert. #204) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); GDOI (key wrapping, key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
1454	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200017-0	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.6.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	11/29/2010	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9800 with BlackBerry OS Version 6.0 -FIPS-approved algorithms: Triple-DES (Cert. #956); AES (Certs. #1402 and #1403); SHS (Cert. #1273); HMAC (Cert. #824); RSA (Cert. #682); RNG (Cert. #769); ECDSA (Cert. #177) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1453	SafeNet, Inc. 20 Colonnade Road Suite 200 Nepean, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/22/2010; 02/10/2011; 12/03/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1452	AvaLAN Wireless Systems, Inc. 125A Castle Drive Madison, AL 35758 USA -Michael Derby, Founder/CTO TEL: 650-575-7332 FAX: 650-249-3591 -Jason Hennig TEL: 650-206-2321 FAX: 650-249-3591 CST Lab: NVLAP 200017-0	AW140 (Hardware Version: AW140 r1.1; Firmware Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/22/2010	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1291) -Other algorithms: N/A Multi-chip embedded "The AW140 is a modular AES cryptographic subassembly that can be embedded into finished communications products. AW140's cryptographic boundary is encapsulated within this subassembly and allows finished products to inherit the AW140's NIST FIPS 140-2 validation."
1451	Seagate Technology, LLC 389 Disc Drive Longmont, CO 80503 USA -Monty Forehand TEL: 720-684-2835 CST Lab: NVLAP 200017-0	Seagate® Momentus® Thin Self-Encrypting Drives TCG Opal FIPS 140 Module (HW 9WC142 [1, 2, 3, 4, 5, 6, 7, 8] or 9WC14C [3, 4, 7, 8]; Firmware Versions: FW 1003HPMA [1], 1002HPBA [2], 1001DEMA [3], 1001SDMA [4], 1004HPMA [5], 1003HPBA [6], 1002DEMA [7] or 1002SDMA [8]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/22/2010; 07/18/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1392 and #1341); RSA (Cert. #648); SHS (Cert. #1223); RNG (Cert. #737) -Other algorithms: N/A Multi-chip embedded "The Seagate® Momentus® Thin Self-Encrypting Drive (SED) FIPS 140 Module is embedded in Seagate Momentus Thin SED model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1450	Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Arnaud Lotigier TEL: +33 4 42 36 0 74 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0	TOP DL V2 (Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory available. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1449	Patrick Townsend Security Solutions 406 Legion Way SE Suite 300 Olympia, WA 98501 USA -Paul Ohmart TEL: 360-357-8971 -Patrick Townsend TEL: 800-357-1019 CST Lab: NVLAP 200658-0	Alliance Key Manager (Software Version: 2.0.0) (When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment)) Validated to FIPS 140-2 Security Policy Certificate	Software	11/15/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1245 and #1486); RNG (Certs. #692 and #810); SHS (Certs. #1144 and #1342); HMAC (Certs. #728 and #875); RSA (Cert. #729) -Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength) Multi-chip standalone "The Alliance Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1448	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e and CAP3502i Wireless LAN Access Points (Hardware Versions: AP1131 Revision S0, AP1142 Revision G0, AP1242 Revision P0, AP1252 Revision F0, AP1262 Revision B0, CAP3502e Revision B0 and CAP3502i Revision B0; FIPS Kit AIRLAP-FIPSKIT=, Version B0; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0, 7.0.240.0 or 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2010; 02/24/2011; 05/12/2011; 08/22/2011; 02/23/2012; 05/10/2012; 03/28/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1352, #1353, #1354, #1355, #1356, #1357, #1358, #1359, #1360 and #1361); HMAC (Certs. #791, #792, #793, #794, #795, #796 and #797); RNG (Certs. #744, #745, #746 and #747); RSA (Certs. #658, #659, #660 and #661); SHS (Certs. #1235, #1236, #1237, #1238, #1239, #1240 and #1241) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet Lightweight 3502i, 3502e, 1262, 1142, 1131, 1252, and 1242 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1447	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco 5508 Wireless LAN Controller (Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2010; 02/24/2011; 05/12/2011; 08/22/2011; 02/23/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1446	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Aironet Lightweight AP1522, AP1524PS and AP1524SB Wireless LAN Access Points (Hardware Versions: AP1522 Outdoor Mesh Revision L0, AP1524PS Revision E0 and AP1524SB Revision B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0, 7.0.240.0 or 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2010; 02/24/2011; 05/12/2011; 08/22/2011; 02/23/2012; 05/10/2012; 03/28/2013	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1356 and #1357); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet Lightweight 1522 and 1524 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1445	Quantum Corporation 1650 Technology Drive Suite 700 San Jose, CA 95110-1382 USA -Steve McKissick TEL: 425-201-1546 FAX: 425-201-1233 CST Lab: NVLAP 200658-0	Scalar Key Manager (Software Version: 2.0.3.a) (When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment)) Validated to FIPS 140-2 Security Policy Certificate	Software	11/15/2010; 12/06/2010; 03/15/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1255 and #1499); RNG (Certs. #698 and #816); SHS (Certs. #1151 and #1350); HMAC (Certs. #734 and #882); RSA (Cert. #736) -Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength) Multi-chip standalone "The Scalar Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1444	Rajant Corporation 400 E. King Street Malvern, PA 19355 USA -Marty Lamb TEL: 610-873-6788 x209 CST Lab: NVLAP 200416-0	Rajant Corporation BreadCrumb ME3 (Hardware Versions: ME3-24 [1] and ME3-09 [2]; Firmware Versions: 10.13 [1] and 10.13a [2]) (When operated in FIPS mode and the Loctite® 425 material applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/15/2010; 04/12/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -FIPS-approved algorithms: AES (Certs. #1300 and #1301); RSA (Cert. #622); SHS (Cert. #1191); HMAC (Cert. #756); RNG (Cert. #724) -Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert. #1300, key wrapping) Multi-chip standalone "The Rajant Corporation's BreadCrumb® ME3-24 is a rugged wireless transmitter-receiver that forms a highly mobile mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio to enable data, voice and video applications."
1443	Cloakware, Inc. 8219 Leesburg Pike Suite 350 Vienna, VA 22182-2656 USA -Trevor Brown TEL: 613-271-9446 x299 FAX: 613-271-9447 -Garney Adams TEL: 613-271-9446 x307 FAX: 613-271-9447 CST Lab: NVLAP 200017-0	Cloakware Security Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/08/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) AS 5.0; Solaris 10; Windows Server 2008 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1306 and #1309); Triple-DES (Cert. #914); SHS (Cert. #1197); RNG (Cert. #731); HMAC (Cert. #761); RSA (Cert. #663), DSA (Cert. #441) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Multi-chip standalone "The Cloakware Security Kernel from Cloakware, Inc. is a module contained in a single library designed to provide cryptographic functionality within calling applications operating on multi-chip standard server platforms. This single library is linked at run-time to a C/C++ library, which can be called by host applications to provide cryptographic services. This library can also be dynamically loaded at runtime by a Java application running within a Java Virtual Machine (JVM) via Java Native Interface (JNI), providing cryptographic services to the Java application."
1442	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S200/D200 (Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0.10, 2.0.11, 2.0.12 or 2.0.13) (Files distributed with the module mounted within the CD Drive are excluded from the validation.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/08/2010; 12/06/2010; 01/13/2011; 06/01/2011; 10/26/2011; 04/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1441	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	Atalla Cryptographic Subsystem (ACS) (Hardware Versions: P/N 610113-001 Rev. A and B; Firmware Version: Loader Version 0.64, PSMCU Version 0.96) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/08/2010; 06/21/2011; 09/19/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1440	Nexus Wireless Artists Cour 15 Manette Street London, W1D 4AP United Kingdom -Paul Richards TEL: +44-207-734-0200 FAX: +44-207-734-0210 CST Lab: NVLAP 200416-0	Nexus FIPS 140-2 Crypto Module (Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_01_000 version 1.01.000 and ES0408_RL02_R1_00_000 version 1.00.000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/08/2010	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524) -Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1439	Secure64 Software Corporation 5600 South Quebec Street Suite 320D Greenwood Village, CO 80111 USA -Christopher Worley TEL: 303-242-5890 FAX: 720-489-0694 CST Lab: NVLAP 200416-0	Secure64 Cryptographic Module (Firmware Version: 1.3) (The tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Security Policy Certificate	Firmware	11/08/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600 -FIPS-approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #1198); HMAC (#762); DSA (Cert. #436); RSA (Certs. #495, #426 and #627) -Other algorithms: N/A Multi-chip standalone "The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64« SourceT«, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1438	Kingston Technology, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA -John Terpening TEL: 714-427-3743 FAX: 714-435-2628 CST Lab: NVLAP 100432-0	DataTraveler 6000 (Hardware Versions: P/Ns (880074002F, 880074003F and 880074004F), Version 02.00.01; Firmware Version: 03.00.0C) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1259, #1260, #1261, #1262, #1263 and #1264); SHS (Certs. #1155, #1156, #1157, #1158, #1159, #1160, #1161, #1162 and #1163); ECDSA (Certs. #147, #148 and #149); DRBG (Certs. #29, #30 and #31); RNG (Certs. #703, #704 and #705) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength) Multi-chip standalone "Kingston's ultra-secure DataTraveler 6000 USB Flash drive protects sensitive data with FIPS 140-2 Level 3 validation and 256-bit AES hardware-based encryption in XTS mode. Secured by SPYRUS, DT6000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts."
1437	Ian Donnelly Systems, Inc. 17752 Preston Road Dallas, TX 75252 USA -Ian Donnelly TEL: 972-931-7630 FAX: 972-380-8866 CST Lab: NVLAP 100432-0	KEY-UP Cryptographic Module (Hardware Versions: P/N KEY-UP, Versions II-A and III-A; Firmware Version: 5.1 or 5.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/03/2010; 07/27/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #900); Triple-DES MAC (Triple-DES Cert. #900, vendor affirmed); SHS (Cert. #359); RNG (Cert. #127) -Other algorithms: DES; DUKPT; TR-31 Multi-chip standalone "Hardware Security Module."
1436	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20 and 5580-40 Security Appliances (Hardware Versions: 5505 [1,2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], [FIPS Kit (Cisco-FIPSKIT=): Revision -B0] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT=): Revision -A0] [2] and [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT=)] [3]; Firmware Version: 8.3.2 and 8.3.2.13) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2010; 05/12/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #105, #564, #1394 and #1407); HMAC (Certs. #125, #301, #818 and #828); RNG (Certs. #144, #329, #763 and #772); RSA (Certs. #106, #261, #680 and #684); SHS (Certs. #196, #630, #1265 and #1277); Triple-DES (Certs. #217, #559, #954 and #960) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1435	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/02/2010; 02/24/2011; 05/12/2011; 08/22/2011; 02/23/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1434	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.98.0, 7.0.98.213 or 7.0.116.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/02/2010; 02/24/2011; 05/12/2011; 08/22/2011; 02/23/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1433	IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia -Alex Hennekam TEL: +61 7-5552-4045 FAX: +61 7 5571 0420 -Peter Waltenburg TEL: +61 - 5552-4016 FAX: +61 7 5571 0420 CST Lab: NVLAP 200658-0	IBM® Crypto for C (Software Version: 8.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2010; 12/21/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit operating system (x86-64); Microsoft Windows Server 2008® 32-bit operating system (x86-64); AIX® 6.1 64-bit operating system (PowerPC 64); Solaris® 10 64-bit operating system (UltraSparc-64); Red Hat Linux Enterprise Server 5 32-bit operating system (x86-64); Red Hat Linux Enterprise Server 5 64-bit operating system (x86-64, zSeries-64 and PowerPC-64) (single user mode) -FIPS-approved algorithms: AES (Certs. #1318, #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330 and #1331); Triple-DES (Certs. #917, #918, #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929 and #930); DSA (Certs. #422, #423, #424, #425, #426, #427, #428, #429, #430, #431, #432, #433, #434 and #435); ECDSA (Certs. #157, #158, #159, #160, #161, #162, #163, #164, #165, #166, #167, #168, #169 and #170); RSA (Certs. #630, #631, #632, #633, #634, #635, #636, #637, #638, #639, #640, #641, #642 and #643); SHS (Certs. #1204, #1205, #1206, #1207, #1208, #1209, #1210, #1211, #1212, #1213, #1214, #1215, #1216 and #1217); HMAC (Cert. #766, #767, #768, #769, #770, #771, #772, #773, #774, #775,