Last Updated: 6/13/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
---|---|---|---|---|---|---|
368 | Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA Entrust Sales CST Lab: NVLAP 200017-0 | Entrust Authority™ Security Toolkit for C++ (Software Version: 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/16/2003 05/28/2014 | 5/27/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP, SP1a Windows 2000, SP3 and Windows NT 4.0, SP 6a (single user mode) -FIPS Approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Triple-DES Cert. #6, vendor affirmed); AES (Cert. #59); DSA/SHA-1 (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki." |
365 | Neopost Technologies 113, rue Jean-Marin Naudin Bagneux 92220 France Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36 CST Lab: NVLAP 100432-0 | Neopostage PSD Module (Hardware Version: P/N 04K9131; Software Version: 1.0.0.0) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 12/16/2003 10/03/2006 01/01/2014 | 12/31/2018 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #178); DSA (Cert. #84; non-compliant) Multi-chip embedded "The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters." |
364 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE Crypto-C ME Toolkit (Software Version: 1.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/09/2003 04/07/2004 10/01/2004 01/04/2008 10/16/2008 09/07/2010 03/28/2011 01/24/2013 02/12/2016 | 2/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode) -FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
362 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 100432-0 | RSA Applets on the Schlumberger Cyberflex Access 64k Platform (Hardware Version: P/N M512LACC1; Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 11/20/2003 10/16/2008 09/07/2010 02/12/2016 | 2/11/2021 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Triple-DES Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications." |
340 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX (Hardware Version: P/N 103-500000-00/101-500040-00 Rev E/Rev C; Firmware Version: 4.1) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 08/29/2003 04/25/2007 04/21/2015 06/08/2017 | 4/20/2020 | Overall Level: 2 -FIPS Approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text." |
339 | AKCode, LLC. 13130 Roundup Ave. San Diego, CA 92129 USA Robert Spraggs TEL: 858-484-5634 FAX: 516-706-6468 CST Lab: NVLAP 100432-0 | Anonymous Key Technology-C++ and Java Suite (Software Versions: 1.0.0 and 1.0.2) Validated to FIPS 140-2 Certificate Security Policy | Software | 07/31/2003 10/06/2003 07/28/2005 08/24/2005 06/07/2013 03/20/2015 | 3/19/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows 2000, XP, NT 4.00 and 7 x64 SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode -FIPS Approved algorithms: AES (Certs. #38, #47, #3193 and #3194); SHA-1 (Certs. #128, #142, #2640 and #2641); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed) -Other algorithms: PPP (key transport) Multi-chip standalone "Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows Mobile, MAC iOS, MAC OSX and Google Android, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI." |
317 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Encryption Module (Hardware Versions: PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67; Firmware Versions: v03.55 and v03.56) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 05/29/2003 06/11/2003 03/30/2004 01/30/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management." |
313 | Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada Entrust Sales CST Lab: NVLAP 200017-0 | Entrust Authority Security Toolkit for Java (Software Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 03/28/2003 05/28/2014 | 5/27/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3 -FIPS Approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Triple-DES Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption) Multi-chip standalone "Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet securityarchitecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms." |
309 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE Crypto-C ME Toolkit Module (Software Version: 1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Software | 03/07/2003 10/01/2004 01/04/2008 10/16/2008 09/07/2010 03/28/2011 01/24/2013 02/12/2016 | 2/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode) -FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signingalgorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
296 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0 | Atalla Cryptographic Engine (ACE) (ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 03/07/2003 03/18/2003 09/19/2011 01/25/2016 | 1/24/2021 | Overall Level: 3 -Physical Security: Level 3 +EFP -Self Tests: Level 4 -FIPS Approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Triple-DES Cert. #128, vendor affirmed) -Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption) Multi-chip embedded "The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products." |