CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 6/13/2017

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Sunset
Date
Level / Description
368Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Authority™ Security Toolkit for C++
(Software Version: 6.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/16/2003
05/28/2014
5/27/2019Overall Level: 1

-EMI/EMC: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP, SP1a
Windows 2000, SP3
and Windows NT 4.0, SP 6a (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Triple-DES Cert. #6, vendor affirmed); AES (Cert. #59); DSA/SHA-1 (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
365Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0
Neopostage PSD Module
(Hardware Version: P/N 04K9131; Software Version: 1.0.0.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/16/2003
10/03/2006
01/01/2014
12/31/2018Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #178); DSA (Cert. #84; non-compliant)

Multi-chip embedded

"The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters."
364RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE Crypto-C ME Toolkit
(Software Version: 1.7.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software12/09/2003
04/07/2004
10/01/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
2/11/2021Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
362RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 100432-0
RSA Applets on the Schlumberger Cyberflex Access 64k Platform
(Hardware Version: P/N M512LACC1; Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/20/2003
10/16/2008
09/07/2010
02/12/2016
2/11/2021Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Triple-DES Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications."
340SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX
(Hardware Version: P/N 103-500000-00/101-500040-00 Rev E/Rev C; Firmware Version: 4.1)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware08/29/2003
04/25/2007
04/21/2015
06/08/2017
4/20/2020Overall Level: 2

-FIPS Approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text."
339AKCode, LLC.
13130 Roundup Ave.
San Diego, CA 92129
USA

Robert Spraggs
TEL: 858-484-5634
FAX: 516-706-6468

CST Lab: NVLAP 100432-0
Anonymous Key Technology-C++ and Java Suite
(Software Versions: 1.0.0 and 1.0.2)

Validated to FIPS 140-2

Certificate

Security Policy
Software07/31/2003
10/06/2003
07/28/2005
08/24/2005
06/07/2013
03/20/2015
3/19/2020Overall Level: 1

-EMI/EMC: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows 2000, XP, NT 4.00 and 7 x64
SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode

-FIPS Approved algorithms: AES (Certs. #38, #47, #3193 and #3194); SHA-1 (Certs. #128, #142, #2640 and #2641); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed)

-Other algorithms: PPP (key transport)

Multi-chip standalone

"Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows Mobile, MAC iOS, MAC OSX and Google Android, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI."
317Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Ken Fuchs
TEL: 847-387-2670

CST Lab: NVLAP 100432-0
Astro Subscriber Encryption Module
(Hardware Versions: PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67; Firmware Versions: v03.55 and v03.56)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/29/2003
06/11/2003
03/30/2004
01/30/2017
1/29/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
313Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Authority Security Toolkit for Java
(Software Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/28/2003
05/28/2014
5/27/2019Overall Level: 1

-EMI/EMC: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3

-FIPS Approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Triple-DES Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption)

Multi-chip standalone

"Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet securityarchitecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
309RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE Crypto-C ME Toolkit Module
(Software Version: 1.7)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy

Vendor Product Link
Software03/07/2003
10/01/2004
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
2/11/2021Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signingalgorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
296Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0
Atalla Cryptographic Engine (ACE)
(ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware03/07/2003
03/18/2003
09/19/2011
01/25/2016
1/24/2021Overall Level: 3

-Physical Security: Level 3 +EFP
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Triple-DES Cert. #128, vendor affirmed)

-Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption)

Multi-chip embedded

"The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products."