CMVP Main PageLast Updated: 8/22/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
| Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
|---|---|---|---|---|---|---|
| 2066 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender Elite 200™ (Hardware Versions: 1.0 (P/Ns KDFE200‐4G-Red, KDFE200-4G‐Green, KDFE200‐4G‐Blue, KDFE200-4G-Yellow, KDFE200-4GBrown, KDFE200‐4G‐Gray, KDFE200-4G‐Silver, KDFE200‐8G‐Red, KDFE200-8G-Green, KDFE200‐8G‐Blue, KDFE200- 8G‐Yellow, KDFE200-8G‐Brown, KDFE200-8G‐Gray, KDFE200-8G‐Silver, KDFE200-16G‐Red, KDFE200-16G‐Green, KDFE200‐16G‐Blue, KDFE200-16G‐Yellow, KDFE200-16G‐Brown, KDFE200-16G‐Gray, KDFE200-16G‐Silver, KDFE200- 32G‐Red, KDFE200-32G-Green, KDFE200-32G‐Blue, KDFE200-32G‐Yellow, KDFE200-32G‐Brown, KDFE200-32G‐Gray, KDFE200‐32G‐Silver, KDFE200‐64G‐Red, KDFE200-64G‐Green, KDFE200‐64G‐Blue, KDFE200-64G‐Yellow, KDFE200-64G‐Brown, KDFE200-64G‐Gray, KDFE200-64G‐Silver, KDFE200-128G-Red, KDFE200-128G‐Green, KDFE200-128G-Blue, KDFE200-128G-Yellow, KDFE200-128G‐Brown, KDFE200-128G-Gray, KDFE200‐128G-Silver); Firmware Versions: 2.03.10 and 2.05.10)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2013 02/28/2014 06/05/2014 | 6/4/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender Elite 200™ is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device. It can also be used as a secure platform for remote access and virtualized applications run directly from the device. The device supports onboard hardware random number generation, RSA, HMAC and algorithms." |
| 2064 | CST Lab: NVLAP 200002-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/23/2013 08/09/2016 | 8/8/2021 | Overall Level: 2 Multi-chip standalone |
| 2062 | RSAE Labs Inc. PO Box 15922 PANAMA CITY, FL 32406 United States Randall Shepard TEL: 650-464-6201 FAX: 1-850-462-2685 CST Lab: NVLAP 200802-0 | Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module (Hardware Version: 380270-1 Rev. -; Firmware Version: mat_v2_1_0 or sink_v2_1_0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/17/2013 01/24/2014 08/22/2016 | 8/21/2021 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1863); DRBG (Cert. #150) -Other algorithms: NDRNG Single-chip "The Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic Mist® mesh networking solutions." |
| 2058 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.1 or 6.1.1.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2013 07/03/2014 02/12/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521 JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39) -Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2057 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.1or 6.1.1.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2013 07/03/2014 02/12/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521 JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39) -Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2056 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Software Versions: 4.0.1 [1] and 4.0.2.5 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/05/2013 11/25/2014 02/03/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit) [1] Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with PAA (x86 64-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit) [1] Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit) [1] Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 32-bit) [1] Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 64-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with PAA (x86 32-bit) [1] Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit) [1] Microsoft Windows 7 SP1 running on a Dell Precision M6500 with PAA (x86 64-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) [1] NetBSD 6.0.1 running on a Ricoh D2395602 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2017 and #4126); DRBG (Certs. #191 and #1246); DSA (Certs. #642 and #1121); ECDSA (Certs. #292 and #941); HMAC (Certs. #1221 and #2699); PBKDF (vendor affirmed); RSA (Certs. #1046 and #2233); SHS (Certs. #1767 and #3395); Triple-DES (Certs. #1302 and #2257) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; ECAES; ECIES; HMAC MD5; MD2; MD4; MD5; PBKDF1 SHA-1; PRNG; RC2; RC4; RC5 Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2054 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® 100M Ethernet (Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2013 | 12/4/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2065); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34, key agreement; key establishment methodology provides 192 bits of encryption strength) -Other algorithms: AES (Cert. #2014, key wrapping); HWRBG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM. Management of the Datacryptor® is performed via a remote management interface." |
| 2053 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® 100M Ethernet (Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0) (When configured with the Point-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2013 | 12/4/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2062); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface." |
| 2051 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0 | µMACE (Hardware Version: P/N AT58Z04; Firmware Versions: R01.03.11, R01.03.12, or R01.03.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/03/2013 | 12/2/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1876 and #2146); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619); HMAC (Cert. #1313) -Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #2146; non-compliant); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
| 2050 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA ChrisMarks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade ICX 6430 and ICX 6450 Series Stackable Switch with FastIron 7.4.00a Firmware (Hardware Versions: ICX-6430-24 P/N 80-1006002-02, ICX-6430-24P P/N 80-1006000-02, ICX-6430-48 P/N 80-1006003-02, ICX-6430-48P P/N 80-1006001-02, ICX-6450-24 P/N 80-1005997-02, ICX-6450-24P P/N 80-1005996-02, ICX-6450-48 P/N 80-1005999-03 and ICX-6450-48P P/N 80-1005998-02 with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: FastIron v7.4.00a) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/03/2013 02/20/2014 | 2/19/2019 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1403); AES (Cert. #2243); SHS (Cert. #1933); HMAC (Cert. #1373); DRBG (Cert. #268); DSA (Cert. #696); RSA (Cert. #1149); ECDSA (Cert. #352) -Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; Proprietary two way encryption; DES Multi-chip standalone "The Brocade ICX 6430 and 6450 Switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. Brocade ICX 6430 and 6450 are available in 24- and 48- port 10/100/1000/ Mbps models and 1 Gigabit Ethernet (GbE) or 10 GbE dual-purpose uplink/stacking ports, with or without IEEE 802.3af Power over Ethernet (PoE) and 802.3at Power over Ethernet Plus (PoE+ - to support enterprise edge networking, wireless mobility, and IP communications." |
| 2049 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | SafeNet Software Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode and when installed, initialized and configured as specified in Section 4 of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy; No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/27/2013 12/15/2015 01/10/2017 | 1/9/2022 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008R2 64-bit running on Dell PowerEdge R210II with PAA Windows Server 2008 64-bit running on Dell PowerEdge R210II Windows 7 64-bit running on a Acer Aspire AS5750 with PAA Windows 7 32-bit running on a Acer Aspire AS5750 NetBSD 4.0 32-bit on Vmware ESX running on Dell PowerEdge R210II with PAA Android 4.0 running on Beagleboard xM with PAA RHEL 6.2 64-bit running on a Dell PowerEdge R210II with PAA CentOS 5.6 32-bit running on a Dell PowerEdge 860 (Single User Mode) -FIPS Approved algorithms: AES (Cert. #2286); CVL (Cert. #45); DRBG (Cert. #283); DSA (Cert. #714); ECDSA (Cert. #370); HMAC (Cert. #1402); RSA (Cert. #1176); SHS (Cert. #1967); Triple-DES (Cert. #1434) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (non-compliant); DRBG (non-compliant) Multi-chip standalone "The SafeNet Software Cryptographic Library is SafeNet's cryptographic service provider that provides extended high performance cryptographic services for SafeNet's broad range of Data Protection products." |
| 2048 | Allegro Software Development Corporation 1740 Massachusetts Avenue Boxborough, MA 01719 USA Larry LaCasse TEL: 978-264-6600 CST Lab: NVLAP 200928-0 | Allegro Cryptographic Engine (Software Version: 1.1.8) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/27/2013 02/20/2014 | 2/19/2019 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows 7 Ultimate running on a Dell Optiplex 755 -FIPS Approved algorithms: AES (Cert. #2671); Triple-DES (Cert. #1602); RSA (Cert. #1374); DSA (Cert. #810); ECDSA (Cert. #465); SHS (Cert. #2243); HMAC (Cert. #1661); DRBG (Cert. #430); CVL (Cert. #148); PBKDF2 (vendor affirmed) -Other algorithms: MD5; AES (Cert. #2671, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-chip standalone "Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace." |
| 2047 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Hardware Version: SPARC T4; Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/25/2013 11/25/2014 02/03/2016 | 2/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single user mode) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2045 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 5.5fs) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/18/2013 01/03/2014 04/14/2016 05/26/2017 | 4/13/2021 | Overall Level: 1 -Tested Configuration(s): Integrity O/S 5.0 running on Freescale MPC8544ADS Development System iOS-5 running on Apple iPad 2 iOS-6 running on Apple iPad 2 iOS-9.3 running on iPhone 5s (single-user mode) -FIPS Approved algorithms: AES (Certs. #2356 and #2096); Triple-DES (Cert. #1333); SHS (Cert. #1820); HMAC (Cert. #1271); RSA (Cert. #1075); DSA (Cert. #655); ECDSA (Cert. #307); DRBG (Cert. #221) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 2043 | Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom Laura Loredo TEL: 44 117 3162462 CST Lab: NVLAP 100432-0 | HP LTO-6 Tape Drive (Hardware Versions: AQ278A #912 [1], AQ278C #704 [2], AQ288D #103 [3], and AQ298C #103 [4]; Firmware Versions: J2AW [1], J2AS [2], 32AW [3], and 22CW [4]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2013 | 11/14/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption." |
| 2042 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® SONET/SDH OC-3/12/48/192C (Hardware Versions: 1600x435, Rev. 01 and 1600x435, Rev. 02; 1600x427, Rev. 01 and 1600x427, Rev. 02; Firmware Version: 5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks." |
| 2041 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® Gig Ethernet and 10 Gig Ethernet (Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2064 and #2066); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34) -Other algorithms: AES (Cert. #2014, key wrapping); HWRBG Multi-chip standalone "The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM." |
| 2039 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® Gig Ethernet and 10 Gig Ethernet (Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0) (When configured with the Point-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks." |
| 2038 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 200556-0 | CryptoComply™ | Server (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/15/2013 01/23/2014 02/20/2014 01/25/2016 02/05/2016 | 2/4/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 CentOS 6.3 on a GigaVUE-TA1 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "CryptoComply™ | Server is a standards-based "Drop-in Compliance" solution for servers and appliances. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2036 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Luna® PCI-E Cryptographic Module (Hardware Versions: VBD-05, Version Code 0103; Firmware Version: 6.3.1) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1756, #2262 and #2282); DSA (Certs. #548, #704 and #712); ECDSA (Certs. #233, #364 and #369); KAS (Cert. #38); RSA (Certs. #1159 and #1173); SHS (Certs. #1947 and #1964); HMAC (Certs. #1386 and #1398); Triple-DES MAC (Triple-DES Certs. #1137, #1414 and #1430, vendor-affirmed); Triple-DES (Certs. #1137, #1414 and #1430); KBKDF (Cert. #6); DRBG (Cert. #277) -Other algorithms: ARIA; AES MAC (Cert. #2282; non-compliant); CAST5; CAST5-MAC; CAST5-ECB; CAST5-CBC; DES; DES MAC; DES-ECB; DES-CBC; GENERIC-SECRET; HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC2-ECB; RC2-CBC; RC4; RC5; RC5-MAC; RC5-ECB; RC5-CBC; RSA (X-509; non-compliant); SEED; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1756, #2262 and #2282, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1137, #1414 and #1430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna® PCI-E for Luna® IS cryptographic module features powerful cryptographic processing and hardware key management for applications where performance and security are the priority. The multi-chip embedded hardware cryptographic module offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-E card." |
| 2035 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade ICX 6610 Series Stackable Switch with FastIron 7.3.00c Firmware (Hardware Versions: ICX 6610-24F-I (P/N: 80-1005350-03), ICX 6610-24F-E (P/N: 80-1005345-03), ICX 6610-24-I (P/N: 80-1005348-04), ICX 6610-24-E (P/N: 80-1005343-04), ICX 6610-24P-I (P/N: 80-1005349-05, ICX 6610-24P-E (P/N: 80-1005344-05), ICX 6610-48-I (P/N: 80-1005351-04, ICX 6610-48-E (P/N: 80-1005346-04, ICX 6610-48P-I (P/N: 80-1005352-05) and ICX 6610-48P-E (P/N: 80-1005347-05); with FIPS kit XBR-0000195; Firmware Version: FastIron (FI) v7.3.00c) (When operated in FIPS mode with tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 | 11/12/2018 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2150); Triple-DES (Cert. #1363); SHS (Cert. #1871); HMAC (Cert. #1317); DRBG (Cert. #239); DSA (Cert. #668); ECDSA (Cert. #324); RSA (Cert. #1106) -Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; proprietary two way encryption; DES Multi-chip standalone "The Brocade ICX 6610 delivers wire-speed, non-blocking performance across all ports to support latency-sensitive applications such as real-time voice and video streaming and VDI. Brocade ICX 6610 Switches can be stacked to provide an unprecedented 320 Gbps of backplane stacking bandwidth. Additionally, each switch can provide up to eight 10 Gigabit Ethernet (GbE) ports." |
| 2031 | Stonesoft Corporation Itälahdenkatu 22A Helsinki FI-00210 Finland Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | Stonesoft Cryptographic Library (Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2013 | 11/12/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315 Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2240 and #2241); Triple-DES (Certs. #1401 and #1402); DSA (Certs. #694 and #695); RSA (Certs. #1147 and #1148); ECDSA (Certs. #349 and #350); SHS (Certs. #1929 and #1930); DRBG (Certs. #266 and #267); HMAC (Certs. #1370 and #1371); CVL (Certs. #37 and #38) -Other algorithms: Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); AES (Certs. #2240 and #2241, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "Stonesoft Cryptographic Library is a software module that provides cryptographic services for Stonesoft network security products." |
| 2029 | Atos Worldline Haachtsesteenweg 1442, B-1130 Brussels Belgium Filip Demaertelaere TEL: +32 2 727 61 67 CST Lab: NVLAP 200556-0 | Atos Worldline Adyton Cryptographic Module (Hardware Version: 9071000001; Firmware Version: 1.2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/13/2013 | 11/12/2018 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #1810); DRBG (Cert. #138); HMAC (Cert. #1068); KBKDF (Cert. #2); RSA (Cert. #907); SHS (Cert. #1589) -Other algorithms: NDRNG; AES (Cert. #1810, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "Atos Worldline’s Adyton is an innovative high-performance Hardware Security Module (HSM) platform. The design of the Adyton is based on high security, reliability and robustness, user friendliness, and conformance to international security standards. Adyton has an integrated color display, full HEX capacitive keyboard, chip card reader, fingerprint reader, and a USB Host connection." |
| 2028 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/12/2013 | 11/11/2018 | Overall Level: 2 Multi-chip embedded |
| 2027 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/12/2013 | 11/11/2018 | Overall Level: 2 Multi-chip embedded |
| 2024 | Unium, Inc. 800 5th Avenue Suite 3700 Seattle, WA 98104 USA David Weidenkopf TEL: 206-812-5783 FAX: 206-770-6461 A. Riley Eller TEL: 206-812-5726 FAX: 206-770-6461 CST Lab: NVLAP 200658-0 | CoCo Cryptographic Module (Software Versions: 2.0, 3.0 and 3.0.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/12/2013 12/31/2014 05/29/2015 02/08/2016 01/17/2017 07/26/2017 08/22/2017 | 1/16/2022 | Overall Level: 1 -Tested Configuration(s): Linux 2.6 32-bit running on oMG 2000 Vyatta 6.4 32-bit running on Dell PowerEdge R210 Linux 3.6 64-bit running on Peplink Balance 2500 Linux Kernel 4.4 VyOS 1.6 running on Sierra Wireless Airlink Connection Manager Dell PowerEdge R230 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2299, #2300, #4317 and #4582); HMAC (Certs. #1411, #1412, #1413, #1414, #2849, #2850, #3032 and #3033); SHS (Certs. #1980, #1981, #1982, #1983, #3552, #3553, #3758 and #3759); Triple-DES (Certs. #1446, #1447, #2333 and #2435) -Other algorithms: N/A Multi-chip standalone "The CoCo Cryptographic Module is a Linux loadable kernel module that provides cryptographic services in the Linux kernel. It provides an API that can be used by other kernel services." |
| 2022 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/08/2013 | 11/7/2018 | Overall Level: 2 Multi-chip standalone |
| 2021 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 11/22/2013 | 11/21/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU iOS 7.0 running on an iPhone4S with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A6 CPU iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU iOS 7.0 running on an iPhone5S with Apple A7 CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1527, #1528, #1529 and #1595); AES (Certs. #2493, #2494, #2495, #2496, #2497, #2498, #2655 and #2656); SHS (Certs. #2113, #2114, #2115, #2167, #2169, #2171, #2228 and #2229); ECDSA (Certs. #425, #426, #427 and #458); HMAC (Certs. #1535, #1536, #1537, #1588, #1590, #1592, #1646 and #1647); DRBG (Certs. #350, #351, #352 and #422); PBKDF (vendor affirmed) -Other algorithms: ECDSA (non-compliant); RSA (non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2020 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module, v4.0 (Hardware Versions: A4, A5, A6 and A7; Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/07/2013 11/22/2013 | 11/21/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU iOS 7.0 running on an iPhone4S with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A6 CPU iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A7 CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1530, #1531, #1542, #1596 and #1597); AES (Certs. #2499, #2500, #2501, #2502, #2503, #2504, #2505, #2506, #2507, #2508, #2509, #2547, #2657, #2658, #2659, #2660, #2661 and #2662); RSA (Certs. #1289, #1290, #1302, #1367 and #1368); SHS (Certs. #2119, #2120, #2148, #2168, #2170, #2172, #2230, #2231, #2232 and #2233); ECDSA (Certs. #428, #429, #437, #459 and #460); HMAC (Certs. #1541, #1542, #1568, #1589, #1591, #1593, #1648, #1649, #1650 and #1651); DRBG (Certs. #353, #354, #355, #356, #357, #380, #423, #424, #425 and #426); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2019 | Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom Laura Loredo TEL: 44 117 3162462 CST Lab: NVLAP 100432-0 | HP LTO-6 Tape Drive (Hardware Versions: AQ278A #912 [1], AQ278B #901 [2], AQ278C #704 [3], AQ288D #103 [4], AQ298C #103 [5], and AQ298A #900 [6]; Firmware Versions: J2AW [1], J2AZ [2], J2AS [3], 32AW [4], 22CW [5], and 22CZ [6]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2013 | 11/6/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption." |
| 2016 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 | 11/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA OS X 10.9 running on Mac mini with i5 CPU without PAA OS X 10.9 running on iMac with i7 CPU with PAA OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1532 and #1533); AES (Certs. #2511, #2512, #2513, #2514, #2515, #2516, #2517 and #2518); SHS (Certs. #2124, #2125, #2126, #2127, #2128 and #2129); ECDSA (Certs. #430 and #431); HMAC (Certs. #1546, #1547, #1548, #1549, #1550 and #1551); DRBG (Certs. #358, #359, #360, #361, #362 and #363); PBKDF (vendor affirmed) -Other algorithms: RSA (non-compliant); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2015 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 | 11/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA OS X 10.9 running on Mac mini with i5 CPU without PAA OS X 10.9 running on iMac with i7 CPU with PAA OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1534, #1535, #1536 and #1537); AES (Certs. #2519, #2520, #2521, #2523, #2524, #2027, #2528, #2529, #2530, #2531, #2532, #2533, #2534, #2535, #2536, #2537, #2538, #2539, #2540 and #2541); RSA (Certs. #1293, #1294, #1295 and #1296); SHS (Certs. #2130, #2131, #2132, #2133, #2134, #2135, #2136, #2137, #2138, #2139, #2140 and #2141); ECDSA (Certs. #432, #433, #434 and #435); HMAC (Certs. #1552, #1553, #1554, #1555, #1556, #1557, #1558, #1559, #1560, #1561, #1562 and #1563); DRBG (Certs. #364, #365, #366, #367, #368, #369, #370, #371, #372, #373, #374 and #375); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); RSA (non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2012 | Pulse Secure, LLC. 2700 Zanker Road, Suite 200 San Jose, CA 95134 USA Yvonne Sang TEL: 408-372-9600 CST Lab: NVLAP 100432-0 | Pulse Secure Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2013 12/11/2013 02/13/2015 01/19/2016 | 1/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with IVE OS 1.1 (32-bit) running on a Juniper MAG4610 IVE OS 1.1 (32-bit) on Vmware ESX running on an HP ProLiant BL2x220c G6 Blade Server IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server without PAA IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server with PAA Microsoft Windows 7 (32-bit) running on a Dell Poweredge 860 without PAA Microsoft Windows 7 (32-bit) running on an Acer Aspire with PAA Microsoft Windows 7 (64-bit) running on a Dell Poweredge 850 without PAA Microsoft Windows 7 (64-bit) running on an Acer Aspire with PAA OS X 10.8 (64-bit) running on a Macbook Pro without PAA OS X 10.8 (64-bit) running on a Macbook Pro with PAA (single-user mode) -FIPS Approved algorithms: DRBG (Certs. #157 and #383); Triple-DES (Certs. #1223 and #1545); AES (Certs. #1884 and #2553); SHS (Certs. #1655 and #2153); HMAC (Certs. #1126 and #1573); RSA (Certs. #960 and #1306); DSA (Certs. #589 and #780); ECDSA (Certs. #270 and #438); CVL (Certs. #12 and #91) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant) Multi-chip standalone "Pulse Secure’s portfolio delivers secure, remote and local network access. It includes the Pulse client, Connect Secure (SSL‐VPN), and Policy Secure (NAC) ‐ available on the MAG Series Gateways or as virtual appliances. These products grants authorized users granular, policydriven secure, remote and LAN‐based network access based on their role, identity, device and location. They supports broad coverage across mobile and non‐mobile devices, with built‐in device integrity checks to further enable secure BYOD initiatives." |
| 2009 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q Communication Server Cryptographic Module (Software Version: 3.0.27) (When operated in FIPS mode with Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2013 | 11/4/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 with SP2 running on a Lenovo Thinkpad T410 (single-user mode) -FIPS Approved algorithms: AES (Cert. #739); DRBG (vendor affirmed); HMAC (Cert. #408); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Communication Server Cryptographic Module (CSCM) is a software solution that provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System." |
| 2006 | Bull SAS Rue Jean Jaurès B.P.68 Les Clayes sous Bois 78340 France Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87 CST Lab: NVLAP 200928-0 | CHR Cryptographic Module (Hardware Version: 005/A; Firmware Version: V1.04-00L) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2013 | 10/24/2018 | Overall Level: 3 -Physical Security: Level 3 + EFP/EFT -FIPS Approved algorithms: RSA (Cert. #1107); SHS (Cert. #1872) -Other algorithms: N/A Multi-chip standalone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR." |
| 2004 | Covia Labs, Inc. 465 Fairchild Dr Ste 130 Mountain View, CA 94043 USA David Kahn TEL: 650-351-6444 x110 FAX: 650-564-9740 Dan Illowsky TEL: 650-351-6444 x111 FAX: 650-564-9740 CST Lab: NVLAP 100432-0 | Covia Connector Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2013 | 9/29/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5.8 running on an Acer AX1430-UR12P (single-user mode) -FIPS Approved algorithms: AES (Cert. #1896); ECDSA (Cert. #265); DRBG (Cert. #158); SHS (Cert. #1665); HMAC (Cert. #1136); KAS (Cert. #30) -Other algorithms: AES (Cert. #1896, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KBKDF (non-compliant) Multi-chip standalone "The Covia Connector Cryptographic Module provides cryptographic services for the Covia Connector. These services include but are not limited to pseudo-random number generation, symmetric and asymmetic key generation, data encryption and decryption, key wrapping, and key unwrapping." |
| 2002 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 6503-E, Catalyst C6504-E, Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G, WS-X6908-10G-2TXL, WS-X6904-40G-2T and WS-X6904-40G-2TXL) (Hardware Versions: (6503-E -H0, 6504-E -G0, 6506-E -M0, 6509-E -N0 and 6513-E -S0; Supervisor Cards VS-S2T-10G -B0 and VS-S2T-10G-XL -C0; Line Cards WS-X6904-40G-2T -A0, WS-X6904-40G-2TXL -A0, WS-X6908-10G -A0 and WS-X6908-10G-2TXL-B0; Slot Cover SPA-BLANK -G0) with FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.1(1)SY1) (When operated in FIPS mode with the tamper evident labels and security devices installed on the initially built configurations as indicated in Table 1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2013 11/01/2013 | 10/31/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1426, #1427, #1589 and #2252); DRBG (Cert. #274); HMAC (Cert. #1380); RSA (Cert. #1155); SHS (Cert. #1940); Triple-DES (Cert. #1409) -Other algorithms: AES (Cert. #2252, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements." |
| 1997 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA Malcom Levy TEL: +972-37534561 FAX: 732-416-1370 CST Lab: NVLAP 200427-0 | Check Point CryptoCore (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 | 9/12/2018 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Check Point Pre-boot environment (16-bit) running on a Dell Latitude E6500 without PAA Check Point Pre-boot environment (16-bit) running on a Apple MacBook Pro with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2181); Triple-DES (Cert. #1381); Triple-DES MAC (Triple-DES Cert. #1381, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries." |
| 1994 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Alex Hennekam TEL: +61 7-5552-4045 FAX: +61 7 5571 0420 Peter Waltenburg TEL: +61 - 5552-4016 FAX: +61 7 5571 0420 CST Lab: NVLAP 200658-0 | IBM® Crypto for C (Software Version: 8.2.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 | 8/26/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA Microsoft Windows Server 2008® 32-bit running on an IBM 8835 52X AMD Opteron 246 AIX® 6.1 64-bit running on an IBM RS6000 7037-A50 PowerPC 5 64 Solaris® 10 64-bit running on an SunFire T1000 UltraSPARC T1 Red Hat Linux Enterprise Server 5 32-bit running on an IBM 8835 52X AMD Opteron 246 Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA Red Hat Linux Enterprise Server 5 64-bit running on an IBM System p5 185 7037-A50 IBM PowerPC 970 Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 with CPACF Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 without CPACF (single user mode) -FIPS Approved algorithms: AES (Certs. #2155, #2156, #2157, #2158, #2159, #2160, #2161, #2162, #2163, #2164, #2165, #2166, #2167, #2169, #2170, #2171, #2172, #2179, #2213, #2214, #2421, #2422, #2423, #2424, #2425, #2426, #2427, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440, #2441 and #2443); Triple-DES (Certs. #1365, #1366, #1367, #1368, #1369, #1370, #1371, #1372, #1373, #1374, #1375, #1376, #1377 and #1379); DSA (Certs. #670, #671, #672, #673, #674, #675, #676, #677, #678, #679, #680, #681, #682, #683, #756 and #757); RSA (Certs. #1109, #1110, #1111, #1112, #1113, #1114, #1115, #1116, #1117, #1118, #1119, #1120, #1121, #1123, #1253 and #1254); ECDSA (Certs. #325, #326, #327, #328, #329, #330, #331, #332, #333, #334, #335, #336, #337, #338, #398 and #399); SHS (Certs. #1874, #1875, #1876, #1877, #1878, #1879, #1880, #1881, #1882, #1883, #1884, #1885, #1886, #1889, #1904 and #1905); DRBG (Certs. #240, #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #326, #327, #328, #329, #330 and #331); HMAC (Certs. #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330, #1331, #1333, #1506 and #1507) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2; KBKDF (non-compliant) Multi-chip standalone "The IBM Crypto for C v8.2.2.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group." |
| 1993 | IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009 CST Lab: NVLAP 200427-0 | IBM® Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.71) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 05/29/2015 03/15/2016 | 3/14/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with IBM AIX 7.1 on IBM JVM 1.6 running on IBM 9117-570, Windows 7 32-bit on IBM JVM 1.6 running on Dell Optiplex 755, Solaris 11.0 on IBM JVM 1.6 running on Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2107); DRBG (Cert. #228); DSA (Cert. #657); ECDSA (Cert. #314); HMAC (Cert. #1281); RSA (Cert. #1081); SHS (Cert. #1830); Triple-DES (Cert. #1342) -Other algorithms: AES (non-compliant); Auth HMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSAforSSL (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSAforSSL (non-compliant); Triple-DES (non-compliant); RNG Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher." |
| 1992 | TecSec Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA Roger Butler TEL: 571-331-6130 FAX: 571-299-4101 Ron Parsons TEL: 571-299-4127 FAX: 571-299-4101 CST Lab: NVLAP 100432-0 | TecSec Armored Card - Contact Cryptographic Module (Hardware Version: P/N Inside Secure AT90SC320288RCT Revision E; Firmware Versions: P/Ns Athena IDProtect Version 0108.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000) (When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity) PIV Certificate #35 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2013 02/06/2014 | 2/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1654 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1087); 02/06/14: (Certs. #218 and #222) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant) Single-chip "The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Contact Chip Provides 368k eprom memory leveraging a common robust identity process and additionally providing a federation platform for multiple applications from multiple owners enforced by cryptographic separation." |
| 1991 | Stonesoft Corporation Itälahdenkatu 22A Helsinki FI-00210 Finland Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | Stonesoft Cryptographic Kernel Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/13/2013 | 8/12/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315 Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2238 and #2239); Triple-DES (Certs. #1399 and #1400); SHS (Certs. #1927 and #1928); HMAC (Certs. #1368 and #1369) -Other algorithms: N/A Multi-chip standalone "Provides general cryptographic services intended to protect data in transit and at rest." |
| 1989 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Kevin Michelizzi TEL: 425-707-1227 FAX: 425-936-7329 Chien-Her Chin TEL: 425-706-5116 FAX: 425-936-7329 CST Lab: NVLAP 200427-0 | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) (Software Version: 7.00.1687) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/13/2013 | 8/12/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII_FP) CPU Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII) CPU Windows Embedded Compact 7 running on a TI OMAP TMDSEVM3530 with Texas Instruments EVM3530 CPU Windows Embedded Compact 7 running on a Samsung SMDK6410 Development Kit with Samsung SMDK6410 CPU Windows Embedded Compact 7 running on a Freescale i.MX27 Development Kit with Freescale i.MX27 CPU Windows Embedded Compact 7 running on an eBox-330-A with MSTI PDX-600 CPU (single-user mode) -FIPS Approved algorithms: AES (Cert. #2023); DRBG (Cert. #193); DSA (Cert. #645); ECDSA (Cert. #295); HMAC (Cert. #1364); RSA (Cert. #1051); SHS (Cert. #1773); Triple-DES (Cert. #1307) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Dual-EC DRBG (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RSA key transport (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (version 7.00.1687), subject to FIPS-140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 components and applications running on Windows Embedded Compact 7." |
| 1988 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/13/2013 09/16/2013 02/20/2014 | 2/19/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2258, #2259, #2264 and #2265); Triple-DES (Cert. #1412); RSA (Cert. #1157); SHS (Cert. #1945); HMAC (Cert. #1385); DRBG (Cert. #276) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet and Fibre Channel networks. The CN6040 is protocol selectable operating at line rates up to 4Gb/s. Configured in Ethernet mode the CN6040 supports optical and twisted-pair link rates of 10Mb/s, 100Mb/s & 1Gb/s whilst in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. The CN6100 is an Ethernet model that operates at a line rate of 10Gb/s.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 1987 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q Portal Gateway (Hardware Version: 12562C; Firmware Version: 3.017.156) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/13/2013 | 8/12/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1802); Triple-DES (Cert. #1356); SHS (Certs. #1583 and #1845); RSA (Cert. #1096) -Other algorithms: AES (Cert. #1802, key wrapping); Triple-DES (Cert. #1356, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Stanley Wi-Q Portal Gateway Cryptographic Module is a wireless gateway device that communicates via wired network to the Stanley Wi-Q Communications Server and communicates via proprietary 802.15.4 protocol to wireless Stanley Wi-Q Controller modules. The Stanley Wi-Q Portal Gateway provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System." |
| 1986 | TecSec Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA Roger Butler TEL: 571-331-6130 Ron Parsons TEL: 571-299-4127 FAX: 571-299-4101 CST Lab: NVLAP 100432-0 | TecSec Armored Card - Contactless Cryptographic Module (Hardware Version: P/N Inside Secure AT90SC28880RCFV Revision G; Firmware Versions: P/Ns Athena IDProtect Duo Version 010E.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000) (When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity) PIV Certificate #35 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2013 02/06/2014 | 2/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1655 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1088); CVL (Certs. #218 and #222) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant) Single-chip "The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Chip provides the contactless functionality leveraging a common robust identity process in support of the federation platform capabilities of the overall card." |
| 1984 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 100432-0 | eToken (Hardware Version: Inside Secure AT90SC25672RCT-USB; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9) (No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2013 01/10/2017 | 1/9/2022 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources." |
| 1981 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender 2000™ Cryptographic Module (Hardware Versions: P/Ns KVD-SMCF-32G, KVD-SMCF-16G, KDF2000-32G, KDF2000-64G, KDF2000-128G, KDF2000-16G, KDF2000-8G, KDF2000-4G, KDF2000-S16G, KDF2000-S2G, KDF2000-S4G and KDF2000-S8G, Version 1.0; Firmware Version: 2.03.10) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/17/2013 | 7/16/2018 | Overall Level: 3 -FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 2000 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device." |
| 1980 | Cocoon Data Holdings Limited Level 4 152-156 Clarence St Sydney, NSW 2000 Australia Simon Wild TEL: +61 2 8412 8200 FAX: +61 2 8412 8202 Jim Ivers TEL: +1 703 657 5260 FAX: +1 703 657 5285 CST Lab: NVLAP 200900-0 | Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 (Software Version: 1.8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/17/2013 08/07/2013 | 8/6/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 32-bit with MSVC2010 redistributable running on Dell Vostro 1520 Microsoft Windows XP 32-bit with SP and MSVC2010 redistributable running on Dell Vostro 1520 Microsoft Windows 7 64-bit with MSVC2010 redistributable running on Dell Vostro 3500 Microsoft Windows 7 32-bit with MSVC2012 redistributable running on Dell Vostro 1520 Microsoft Windows XP 32-bit with SP3 and MSVC2012 redistributable running on Dell Vostro 1520 Microsoft Windows 7 64-bit with MSVC2012 redistributable running on Dell Vostro 3500 Ubuntu 12.04 LTS 64-bit running on Dell PowerEdge 1950 Ubuntu 12.04 LTS 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel core i7 Ubuntu 12.04 LTS 32-bit running on Dell PowerEdge 1950 Ubuntu 12.04 LTS 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Redhat Enterprise Linux Server 6.3 64-bit running on Dell PowerEdge 1950 Redhat Enterprise Linux Server 6.3 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Redhat Enterprise Linux Server 6.3 32-bit running on Dell PowerEdge 1950 Redhat Enterprise Linux Server 6.3 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Mac OSX 10.8 running on Macbook Pro Intel Core i7 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2192); Triple-DES (Cert. #1385); SHS (Cert. #1900); HMAC (Cert. #1344); DRBG (Cert. #257) -Other algorithms: N/A Multi-chip standalone "The Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 has been implemented as part of the Cocoon Data Secure Objects solution, an encryption-based access control system for protecting the confidentiality and integrity of electronic files. Coccon Data Holdings Limited is the parent company of all Covata entities." |
| 1979 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Provider-1 (Firmware Version: R71 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x -FIPS Approved algorithms: AES (Cert. #1836); Triple-DES (Certs. #1188 and #1189); DRBG (Cert. #146); RSA (Cert. #925); HMAC (Certs. #1089 and #1090); SHS (Certs. #1615 and #1616) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1188, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1836, key wrapping) Multi-chip standalone "Check Point Provider 1 technology provides virtualized security management, segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management." |
| 1978 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Security Management (Firmware Version: R71 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x -FIPS Approved algorithms: AES (Cert. #1835); Triple-DES (Certs. #1186 and #1187); DRBG (Cert. #145); RSA (Cert. #924); HMAC (Certs. #1087 and #1088); SHS (Certs. #1613 and #1614) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1186, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1835, key wrapping) Multi-chip standalone "Check Point Security Management technology provides security management. Businesses of all sizes can easily create domains based on geography, business unit or security function to strengthen security and simplify management." |
| 1977 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Security Gateway (Firmware Version: R70.1 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Power-1 9070 with Check Point SecurePlatform Operating System Version R70.1 -FIPS Approved algorithms: AES (Cert. #2037); Triple-DES (Certs. #1313 and #1314); DRBG (Cert. #199); RSA (Cert. #1057); HMAC (Certs. #1235 and #1236); SHS (Certs. #1782 and #1783) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1313, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Check Point VPN-1 Security Gateway allows enterprises and managed service providers to provide firewall, VPN, and intrusion prevention functionality on a single hardware platform." |
| 1976 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | VSX (Firmware Version: R67.10 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Power-1 9070 with Check Point SecurePlatform Operating System Version NGX R67 -FIPS Approved algorithms: AES (Cert. #1837); Triple-DES (Certs. #1190 and #1191); DRBG (Cert. #147); RSA (Cert. #926); HMAC (Certs. #1091 and #1092); SHS (Certs. #1617 and #1618) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1191, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Check Point VPN-1 Power VSX is a virtualized security gateway that allows virtualized enterprises and managed service providers to create up to 250 virtual systems (firewall, VPN, and intrusion prevention functionality within a virtual network environment) on a single, highly scalable hardware platform." |
| 1975 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_2_0_1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2316, #2317 and #2318); CVL (Cert. #55); HMAC (Certs. #1436 and #1457); RSA (Cert. #1214); SHS (Certs. #2003 and #2004); Triple-DES (Cert. #1460) -Other algorithms: AES (Cert. #2316, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1460, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 1974 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/29/2013 | 7/28/2018 | Overall Level: 2 Single-chip |
| 1972 | Chunghwa Telecom Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China Yu-Ling Cheng TEL: 886 3 424-5883 FAX: 886 3 424-4167 Ming-Hsin Chang TEL: 886-3-4245885 FAX: 886 3 424-4167 CST Lab: NVLAP 200928-0 | HiPKI SafGuard 1200 HSM (Hardware Version: HSM-HW-20; Firmware Version: HSM-SW-20) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/05/2013 | 7/4/2018 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1296); Triple-DES MAC (Triple-DES Cert. #1296, vendor affirmed); AES (Cert. #2010); SHS (Cert. #1760); ECDSA (Cert. #290); RSA (Certs. #1039 and #1043); DRBG (Cert. #187); HMAC (Cert. #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "HiPKI SafGuard 1200 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed accelerator for 1024-4096 bit RSA and ECDSA signatures, and hashing). The HiPKI SafGuard 1200 HSM provides secure identity-based authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption." |
| 1971 | 3e Technologies International, Inc. 9715 Key West Ave Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989 Chris Guo TEL: 301-944-1294 FAX: 301-670-6989 CST Lab: NVLAP 200427-0 | 3e-520 Secure Access Point Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/03/2013 02/26/2016 | 2/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); CVL (Cert. #22); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); RSA (Cert. #1072); SHS (Certs. #1801 and #1807) -Other algorithms: AES (non-compliant); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data." |
| 1970 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 (0) 20 8537-3435 FAX: +44 (0) 20 8537-3438 CST Lab: NVLAP 200802-0 | iStorage FIPS Module 140-2 (Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/02/2013 09/30/2015 06/06/2017 | 9/29/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip embedded "The iStorage FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software." |
| 1969 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA TEL: 888-744-4976 CST Lab: NVLAP 100432-0 | Authentication Token (Hardware Version: Inside Secure AT90SC28872RCU Revision G; Firmware Version: Athena IDProtect 010B.0333.0004 with Authentication Token Applet 1.0) (No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 | 6/25/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); DRBG (Cert. #98); SHS (Cert. #1465); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); AES (Cert. #1654, key wrapping; key establishment methodology provides 256 bits of encryption strength) Single-chip "Authentication Token is a Cryptographic Module containing Thales' authenticated Java applets. Authentication Token is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. Authentication Token supports FIPS-Approved: DRBG; SHA-1 and all SHA-2; TDES; AES; ECDSA and ECC CDC; and, RSA and ECC key generation. Authentication Token is designed to provide users of Thales' hardware security modules with high-performance smart card capabilities in support of their government and enterprise applications." |
| 1968 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0 | Postal mRevenector CA 2012 (Hardware Version: 580036020300/01; Firmware Versions: 90.0036.0201.00/2011485001 (Bootloader), 90.0036.0206.00/2011485001 (Software-Loader) and 90.0036.0211.00/2013032001 (CA Application)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 | 6/25/2018 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #185); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Francotyp-Postalia Postal mRevenector CA 2012 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector CA 2012 has been designed in compliance with the Canadian Postal Specification." |
| 1967 | Telephonics Sweden AB Vattenkraftsvagen 8 Stockholm SE-135 70 Sweden Ingi Bjornsson TEL: +46 8 7980933 FAX: +46 8 7988433 Magnus Eriksson TEL: +46 8 7980902 FAX: +46 8 7988433 CST Lab: NVLAP 100432-0 | TruLink Control Logic Module CL6882-M1 (Hardware Version: P/N 010.6882-01 Rev. B2; Firmware Versions: Boot: SW7158 v2.4 and Application: SW7151 v2.11.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 07/26/2013 | 7/25/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #2114); HMAC (Cert. #1286); SHS (Cert. #1838) -Other algorithms: N/A Multi-chip embedded "TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio." |
| 1966 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDCore 30 (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore 30 Build 1.17, Demonstration Applet version V1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2013 07/05/2013 08/08/2016 | 8/7/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: EC Diffie-Hellman (SP 800-56A; non-compliant); PRNG Single-chip "The IDCore 30 is a part of Gemalto's IDCore family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. IDCore 30 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1 / 2.2 Amdt D specifications. IDCore 30 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control." |
| 1965 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Mike McCandless TEL: 858-513-4481 FAX: 858-513-4413 CST Lab: NVLAP 200802-0 | Apricorn FIPS Module 140-2 (Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/14/2013 04/16/2014 06/27/2014 10/20/2015 | 10/19/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-Chip Embedded "The Apricorn FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software. The Apricorn FIPS 140-2 Module is used in the Aegis Fortress, Padlock DT FIPS, and the Padlock SSD families." |
| 1964 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/14/2013 | 6/13/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA OS X 10.8 running on Mac mini with i5 CPU without PAA OS X 10.8 running on iMac with i7 CPU with PAA OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1339 and #1340); AES (Certs. #2088, #2089, #2090, #2091, #2092, #2093, #2094, #2095, #2103 and #2104); RSA (Certs. #1078 and #1079); SHS (Certs. #1816, #1817, #1818, #1819, #1827 and #1828); ECDSA (Certs. #312 and #313); HMAC (Certs. #1267, #1268, #1269, #1270, #1278 and #1279); DRBG (Certs. #217, #218, #219, #220, #226 and #227); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1963 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module, v3.0 (Hardware Versions: A4 and A5; Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 06/14/2013 | 6/13/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 6.0 running on an iPhone4 iOS 6.0 running on an iPhone4S iOS 6.0 running on an iPad (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1336 and #1338); AES (Certs. #2072, #2073, #2074, #2075, #2076, #2077, #2100 and #2102); RSA (Certs. #1076 and #1077); SHS (Certs. #1805, #1806, #1824 and #1826); ECDSA (Certs. #309 and #311); HMAC (Certs. #1257, #1258, #1275 and #1277); DRBG (Certs. #209, #210, #223 and #225); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1962 | ACES H. No. 156, St 5, F11-1 Islamabad, Islamabad 44000 Pakistan Dr Mehreen Afzal TEL: +923009878534 FAX: +92512224453 Dr. Mureed Hussain TEL: +923238556816 FAX: +92512224453 CST Lab: NVLAP 200856-0 | Tahir Pak Crypto Library (Software Version: 2.1.1) (When installed, initialized and configured as specified in the Security Policy Section 6.1. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/14/2013 | 6/13/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 2 with Red Hat Enterprise Linux 5.3 running on DELL PowerEdge T110 II 11th -FIPS Approved algorithms: AES (Cert. #2341); DRBG (Cert. #291); DSA (Cert. #733); SHS (Cert. #2018); HMAC (Cert. #1450) -Other algorithms: N/A Multi-chip standalone "TPCL (Tahir Pak Crypto Library) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)." |
| 1961 | Telephonics Sweden AB Vattenkraftsvagen 8 Stockholm SE-135 70 Sweden Ingi Bjornsson TEL: +46 8 7980933 FAX: +46 8 7988433 Magnus Eriksson TEL: +46 8 7980902 FAX: +46 8 7988433 CST Lab: NVLAP 100432-0 | TruLink Control Logic Module CL6792-M1 (Hardware Version: P/N 010.6792-01 Rev. H3; Firmware Versions: Boot: SW7098 v2.5 and Application: SW7099 v9.13.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2013 07/26/2013 | 7/25/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #2113); HMAC (Cert. #1285); SHS (Cert. #1837) -Other algorithms: N/A Multi-chip embedded "TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio." |
| 1958 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/11/2013 08/07/2015 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 1957 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/11/2013 08/07/2015 01/12/2016 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 1956 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/07/2013 | 6/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA OS X 10.8 running on Mac mini with i5 CPU without PAA OS X 10.8 running on iMac with i7 CPU with PAA OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1331 and #1332); AES (Certs. #2080, #2081, #2082, #2083, #2084, #2085, #2086 and #2087); SHS (Certs. #1810, #1811, #1812, #1813, #1814 and #1815); ECDSA (Certs. #305 and #306); HMAC (Certs. #1261, #1262, #1263, #1264, #1265 and #1266); DRBG (Certs. #211, #212, #213, #214, #215 and #216); PBKDF (vendor affirmed) -Other algorithms: ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1955 | Kony, Inc. 7380 West Sand Lake Road #390 Orlando, FL 32819 USA Matthew Terry TEL: 407-730-5669 FAX: 407-404-3738 CST Lab: NVLAP 100432-0 | Kony Cryptographic Library (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/03/2013 08/23/2013 09/16/2013 05/16/2016 | 5/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 running on HTC Desire without NEON Android 2.2 running on HTC Desire with NEON Android 3.0 running on Nook BNRV200 without NEON Android 3.0 running on Nook BNRV200 with NEON Android 4.0 running on Beagleboard-XM without NEON Android 4.0 running on Beagleboard-XM with NEON Apple iOS 5.0 running on iPhone 4 without NEON Apple iOS 5.0 running on iPhone 4 with NEON Apple iOS 6.0 running on iPhone 4 without NEON Apple iOS 6.0 running on iPhone 4 with NEON (single user mode) -FIPS Approved algorithms: AES (Cert. #2338); DRBG (Cert. #290); DSA (Cert. #732); HMAC (Cert. #1448); RSA (Cert. #1204); SHS (Cert. #2016); Triple-DES (Cert. #1464); ECDSA (Cert. #382); CVL (Cert. #51) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Kony Cryptographic Library is a full featured cryptographic module used in Kony mobile and multi-channel application platforms and the KonyOne™ Platform." |
| 1952 | 3S Group Incorporated 125 Church Street, N.E., Suite 204 Vienna, VA 22180 USA Satpal Sahni TEL: 703-281-5015 FAX: 703-281-7816 CST Lab: NVLAP 200002-0 | 3S Group Cryptographic Module (3SGX) (Hardware Version: 1.0; Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/23/2013 | 5/22/2018 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1315); AES (Cert. #2038); DSA (Cert. #646); RSA (Cert. #1058); SHS (Cert. #1784); DRBG (Cert. #200); ECDSA (Cert. #297); HMAC (Cert. #1237); Skipjack (Cert. #19); KAS (Cert. #35); KTS (vendor affirmed); CVL (Cert. #25) -Other algorithms: Diffie-Hellman (key agreement); Diffie-Hellman (CVL Cert. #25; key agreement); EC Diffie-Hellman (CVL Cert. #25; key agreement); KEA; RSA (key wrapping); AES (Cert. #2038, key wrapping); Triple-DES (Cert. #1315, key wrapping) Multi-chip embedded "3SGX is a high performance embedded PCIe cryptographic module that provides complete cryptographic support to hundreds of concurrent users and/or applications. Each user/application is authenticated twice before accessing its own symmetric and asymmetric keys and certificates. All cryptographic and key management operations are performed within the Hardware Security Module (HSM). 3SGX HSM is the core of 3S Group's hardware security appliances. Available in a range of models and configurations and high-level APIs, it is ideal for enterprise key management, virtualization and cloud server soluti" |
| 1949 | Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA Michael Vickers FAX: 434-455-6851 CST Lab: NVLAP 200996-0 | Harris AES Software Load Module (Software Version: R04A01) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/16/2013 | 5/15/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 running on a Texas Instruments TMS320C55x (single-user mode) -FIPS Approved algorithms: AES (Certs. #1482 and #2320) -Other algorithms: AES (Cert. #1482, key wrapping) Multi-chip standalone "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals." |
| 1947 | TrellisWare Technologies Inc. 16516 Via Esprillo Suite 300 San Diego, CA 92127 USA Jeffery Thomas TEL: 858-753-1617 FAX: 858-753-1641 James Morse TEL: 858-753-1646 FAX: 858-753-1640 CST Lab: NVLAP 100432-0 | TW-230 (CheetahNet II) (Hardware Version: ASY0560001 rev X2; Firmware Version: 4c-beta2-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/16/2013 | 5/15/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734) -Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant) Multi-chip standalone "The TW-230 combines the high data rate capability of TrellisWare's Tactical Scalable MANET-Enhanced (TSM-E) waveform with narrowband VHF/UHF AM/FM voice. TW-230 provides a robust highly scalable self-forming, self-healing wideband networked waveform transparent to the operator. The TW-230 supports multi-channel push to talk (PTT) voice, IP data, position location information (PLI) tracking, and remote operation of live streaming video. The TW-230 can also be operated in plaintext narrowband voice modes that allow it to interoperate with most other standard AM/FM PTT radios." |
| 1946 | TrellisWare Technologies Inc. 16516 Via Esprillo Suite 300 San Diego, CA 92127 USA Jeffery Thomas TEL: 858-753-1617 FAX: 858-753-1641 James Morse TEL: 858-753-1646 FAX: 858-753-1640 CST Lab: NVLAP 100432-0 | TW-400 (CUB) (Hardware Version: ASY0540250 rev X1; Firmware Version: 4c-beta2-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/14/2013 | 5/13/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734) -Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant) Multi-chip standalone "The TW-400 is a small form factor software defined radio that employs an enhanced version of TrellisWare's Tactical Scalable MANET waveform (TSM-E) and is capable of robust operation at high data rate modes. The TW-400 supports multi-channel push to talk (PTT) voice, IP data, network level position location information (PLI) tracking, sleep functions for long term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions." |
| 1945 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/10/2013 | 5/9/2018 | Overall Level: 1 Single-chip |
| 1944 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2013 | 5/2/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 6.0 running on an iPhone4 iOS 6.0 running on an iPhone4S iOS 6.0 running on an iPad (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1335 and #1337); AES (Certs. #2070, #2071, #2099 and #2101); SHS (Certs. #1803, #1804, #1823 and #1825); ECDSA (Certs. #308 and #310); HMAC (Certs. #1255, #1256, #1274 and #1276); DRBG (Certs. #222 and #224); PBKDF (vendor affirmed) -Other algorithms: ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1940 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | IOS Common Cryptographic Module (IC2M) (Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2)) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 04/30/2013 | 4/29/2018 | Overall Level: 1 -Tested: Cisco Catalyst 2960 with IOS 15.0SE Cisco 3925 ISR with IOS 15.2 Cisco 2811 ISR with IOS 15.2 -FIPS Approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360) -Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 1939 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card (Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2013 | 4/29/2018 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155) -Other algorithms: N/A Single-chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
| 1938 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 200556-0 | CryptoComply™ | Mobile (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/30/2013 11/08/2013 04/23/2014 01/25/2016 02/10/2016 | 2/9/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 1937 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0 | Symantec App Center Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/30/2013 02/11/2016 | 2/10/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices." |
| 1935 | Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5915 Embedded Services Routers (Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/18/2013 | 4/17/2018 | Overall Level: 1 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310) -Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks." |
| 1931 | INSIDE Secure Eerikinkatu 28 Helsinki 00180 Finland Serge Haumont TEL: +358 40 5808548 Marko Nippula TEL: +358 40 762 9394 CST Lab: NVLAP 200427-0 | SafeZone FIPS Cryptographic Module (Software Versions: 1.0.3 and 1.0.3A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/08/2013 05/20/2014 | 5/19/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard Android 2.3 running on a Pandaboard Android 4.0 running on a Pandaboard Android 4.4 running on a Samsung Galaxy Note 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2041 and #2837); CVL (Certs. #21 and #261); CVL (SP 800-135rev1, vendor affirmed); DRBG (Certs. #203 and #493); DSA (Certs. #648 and #854); ECDSA (Certs. #299 and #497); HMAC (Certs. #1240 and #1778); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #1061 and #1479); SHS (Certs. #1787 and #2378); Triple-DES (Certs. #1318 and #1697) -Other algorithms: AES (Certs. #2041 and #2837, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices." |
| 1927 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion No.9 Xueqing Road Haidan District Beijing 100085 People's Republic of China Tibi Zhang TEL: 86-010-62304466 x821 FAX: 86-010-62304416 Xiaozhi Zheng TEL: 86-010-62304466 x531 FAX: 86-010-62304416 CST Lab: NVLAP 200427-0 | FEITIAN-FIPS-COS (Hardware Version: 1.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 | 4/7/2018 | Overall Level: 2 -Physical Security: Level 3 -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader." |
| 1926 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 12/13/2013 | 12/12/2018 | Overall Level: 1 Single-chip |
| 1922 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 650-265-3634 FAX: 650-265-5528 CST Lab: NVLAP 100432-0 | HP Enterprise Secure Key Manager (Hardware Versions: P/Ns AJ585A, Version 3.0 [1] and C8Z51AA, Version 3.1 [2]; Firmware Versions: 5.0.0 [1] and 5.1.0 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 05/16/2013 01/01/2014 01/25/2016 | 1/24/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328) -Other algorithms: DSA (Cert. #653; non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover." |
| 1921 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1920 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1919 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1918 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 7600 Series Routers with Supervisor RSP720 (Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3) (Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312) -Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers." |
| 1917 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Sunil Chitnis TEL: 408-333-2444 FAX: 408-333-4887 Bob Colvin TEL: 408-333-4839 FAX: 408-333-4887 CST Lab: NVLAP 200427-0 | Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers (Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR Management Module; Firmware Version: IronWare; Software Version: R05.1.01a) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2013 | 5/20/2018 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1615); DRBG (Cert. #84); DSA (Cert. #503); HMAC (Cert. #947); RSA (Cert. #793); SHS (Cert. #1424); Triple-DES (Cert. #1056) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6." |
| 1916 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 1 Single-chip |
| 1906 | Biscom, Inc. 321 Billerica Road Chelmsford, MA 01824 USA Bill Ho TEL: 978-367-3544 FAX: 978-250-2565 Sharif Rahman TEL: 510-400-6325 FAX: 978-250-2565 CST Lab: NVLAP 200427-0 | Biscom Cryptographic Library (Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/12/2013 05/06/2016 05/12/2016 | 5/11/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 with PAA Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3897); DRBG (Cert. #1116); HMAC (Cert. #2530); SHS (Cert. #3212) Multi-Chip Stand Alone "The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application." |
| 1905 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module (Hardware Versions: ST900MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST600MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST450MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST1200MM0027 [21,22,23,24,25,26,27,28,29,30,31,32,33,34], ST4000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST3000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST2000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST1000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST4000NM0073 [72,73,74], ST3000NM0073 [72,73,74], ST2000NM0073 [72,73,74], ST1000NM0073 [72,73,74], ST600MP0054 [75,76,77], ST450MP0054 [75,76,77], ST300MP0054 [75,76,77], ST600MP0084 [78,79,80], ST450MP0084 [78,79,80], ST300MP0084 [78,79,80], ST450MP0024 [81,82], ST300MP0024 [81,82], ST600MX0024 [83], ST450MX0024 [83], ST300MX0024 [83], ST600MX0054 [84], ST450MX0054 [84], ST300MX0054 [84]; Firmware Versions: A000[1,35], 0001[2,21], LSF5[3], LEF5[4], 0002[5,24,36], NA00F740[6], NA009A40[7,40], 0003[8,31,39], LE05[9], LF81[10], 3P00[11,43], LSF6[12], LE09[13], LEF6[14], 0004[15,47], NA01F741[16], NA019A41[17,51], LSF7[18], LEF7[19], 3P01[20,64], ISF2[22], IEF2[23], ISF3[25], IEF4[26], IEF5[27], ISF4[28], IEF6[29], IEF7[30], IEF8[32], ISF5[33], IEF9[34], GSF3[37], GEF3[38], GE06[41], GF81[42], GSF4[44], GEF4[45], GE09[46], GSF5[48], GEF5[49], GEF6[50], GSF6[52], GEF7[53], GSF7[54], GSF8[55], GEF8[56], 0006[57], GSF9[58], GEFA[59], GEOD[60], GF84[61], A005[62], NA02[63], GSFA[65], GEFB[66], GF85[67], GE0E[68], C007[69], GSFB[70], GEFC[71], F001[72], SF03[73], SF04[74], FE01[75], EF02[76,83], VEE1[77], FK01[78], KF02[79,84], VF12[80], FN01[81], NF02[82]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/12/2013 05/22/2013 05/31/2013 08/09/2013 11/08/2013 02/20/2014 04/03/2014 06/05/2014 09/26/2014 12/31/2014 05/08/2015 07/23/2015 12/22/2015 04/05/2016 05/24/2016 05/24/2016 05/24/2016 03/05/2017 06/22/2017 | 5/23/2021 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC FIPS 140 Module is embodied in Savvio®, Enterprise Performance®, Enterprise Turbo® and Constellation® model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instant user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1904 | General Dynamics Mission Systems 150 Rustcraft Road Dedham, MA 02026 USA Certification Director TEL: 770-689-2040 FAX: 781-455-5555 CST Lab: NVLAP 200427-0 | Fortress Mesh Points (Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 or ES820; Firmware Versions: 5.4.1, 5.4.3 or 5.4.4.1190) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 05/17/2013 06/14/2013 06/21/2016 | 6/20/2021 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: MD5; PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects." |
| 1903 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Loadable Kernel Module (Software Versions: 5.5f and 5.5.1f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2013 03/28/2013 01/23/2014 02/20/2014 04/03/2014 11/25/2014 04/10/2015 10/15/2015 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 2.2 running on a LG Optimus 3D (LG-P920) Android 2.3 running on a LG G2X (LG-P999) Android 4.0 running on a Samsung Nexus-S (GT-I9023) Android 4.1 running on a LG Optimus (LG-P920) Ubuntu Linux 32 bit running on a Dell Dimension 9200 Ubuntu Linux 64 bit running on a Dell Dimension 9200 Android 4.3 running on Asus TF 700 Tablet Android 4.4 running on Nexus 7 Tablet Android Lollipop Linux 3.4 running on a Qualcomm Snapdragon MSM8974 development device Android Lollipop Linux 3.10 running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); DRBG (Certs. #201 and #460); HMAC (Certs. #1238 and #1718); SHS (Certs. #1785 and #2313); Triple-DES (Certs. #1316 and #1650) -Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1899 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and MicrosoftWindows Storage Server 2012 BitLocker® Dump Filter (DUMPFVE.SYS) (Software Version: 6.2.9200) (When installed, initialized and configured as specified in the Security Policy Section 2 with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198) -Other algorithms: N/A Multi-chip standalone "The BitLocker® Dump Filter (DUMPFVE.SYS) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1898 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Surface Windows 8 Pro, and Microsoft Windows Storage Server 2012 BitLocker® Windows Resume (WINRESUME) (Software Version: 6.2.9200) (When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1897 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Code Integrity (CI.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "Code Integrity (CI.DLL) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1896 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 BitLocker® Windows OS Loader (WINLOAD) (Software Version: 6.2.9200) (When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG Multi-chip standalone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files. Please note that AES (Cert. #2197) is only used in the entropy source for the module. This particular instance of AES is labeled as non-compliant because it does not perform a power-up self-test. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1895 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Boot Manager (Software Version: 6.2.9200) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1894 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced Cryptographic Provider (RSAENH.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386) -Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1893 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1892 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) -Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1889 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3] and WXC [4] Controllers (Hardware Version: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/13/2013 | 2/12/2018 | Overall Level: 1 -FIPS Approved algorithms: SHS (Cert. #1583); AES (Cert. #1802) -Other algorithms: N/A Multi-chip embedded "The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System." |
| 1887 | Cambium Networks, Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS, PTP600-10-05-FIPS, PTP600-10-07-FIPS, or PTP600-10-08-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 02/22/2013 06/14/2013 01/24/2017 | 1/23/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations." |
| 1885 | Curtiss-Wright Controls Defense Solutions 2600 Paramount Place, Suite 200 Fairborn, OH 45324 USA Paul Davis TEL: 937-610-5421 FAX: 937-252-1480 Matt Young TEL: 937-610-5457 FAX: 937-252-1480 CST Lab: NVLAP 200427-0 | 3U VPX-1TB FSM Flash Storage Module (Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/08/2013 05/16/2013 | 5/15/2018 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732) -Other algorithms: TRNG Multi-chip embedded "The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications." |
| 1884 | Totemo AG Freihofstrasse 22 Küsnacht CH-8700 Switzerland Marcel Mock TEL: +41 44 914 99 00 Daniel Raap TEL: +41 44 914 99 00 CST Lab: NVLAP 200928-0 | Totemo Cryptographic Module (TCM) (Software Version: 2.0) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/08/2013 | 2/7/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252) -Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites." |
| 1883 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 100432-0 | eToken 5100, 5105, 5200 and 5205 (Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 02/15/2013 09/12/2016 01/10/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources." |
| 1881 | WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0 | SecureDoc® Disk Encryption Cryptographic Engine for MacOS X (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/04/2013 07/11/2016 | 7/10/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode) -FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572) -Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops." |
| 1880 | WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0 | SecureDoc® Disk Encryption Cryptographic Engine for Windows (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/04/2013 07/25/2016 | 7/24/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Microsoft Windows 7 32-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode) -FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572) -Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media." |
| 1878 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Versions: 5.5f and 5.5.1f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/31/2013 03/28/2013 01/23/2014 04/03/2014 11/25/2014 02/20/2015 07/06/2015 04/12/2016 07/08/2016 | 7/7/2021 | Overall Level: 1 -Tested Configuration(s): Android 2.2 running on a LG Optimus 3D (LG-P920) Android 2.3 running on a LG G2X (LG-P999) Android 4.0 running on a Samsung Nexus-S (GT-I9023) Android 4.1 running on a LG Optimus 3D (LG-P920) Ubuntu Linux 32 bit running on a Dell Dimension 9200 Ubuntu Linux 64 bit running on a Dell Dimension 9200 Android 4.3 running on Asus TF 700 Tablet Android 4.4 running on Nexus 7 Tablet VxWorks 6.8 running on Avaya ERS 4850 Mentor Embedded Linux 4.0 running on an Avaya VSP 4450 Honeywell Xenon RTOS running on Honeywell 1902 Scanner Android 6.0 32-bit running on Nexus 7 Tablet Android 6.0 64-bit running on Galaxy S6 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RSA (Certs. #1059 and #1437); DSA (Certs. #647 and #840); ECDSA (Certs. #298 and #479); DRBG (Certs. #201 and #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1876 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-2020 CST Lab: NVLAP 100432-0 | Apricorn Aegis Secure Key (Hardware Versions: ASK-256-4GB, ASK-256-8GB, ASK-256-16GB and ASK-256-32GB; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/30/2013 03/08/2013 03/28/2013 06/16/2016 | 6/15/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)." |
| 1873 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 20 8537-3435 FAX: +44 20 8537-3438 CST Lab: NVLAP 100432-0 | datAshur Secure USB Flash Drive (Hardware Versions: IS-FL-DA-256-4, IS-FL-DA-256-8, IS-FL-DA-256-16 and IS-FL-DA-256-32; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2013 01/24/2013 03/28/2013 08/29/2014 06/16/2016 06/06/2017 | 6/15/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked." |
| 1864 | Cambium Networks, Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | Cambium Networks PTP 800 Compact Modem Unit (CMU) (Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-06-02) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/04/2013 02/22/2013 01/24/2017 | 1/23/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution." |
| 1862 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module (Hardware Version: 1BU282; Firmware Version: 0003) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/07/2013 01/25/2013 | 1/24/2018 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1860 | CMS Products 12 Mauchly Unit E Irvine, CA 92618 USA Les Kristof TEL: 714-424-5521 FAX: 949-754-9060 CST Lab: NVLAP 100432-0 | CE Secure (Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2013 | 1/24/2018 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption." |