CMVP Main PageLast Updated: 8/22/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
| Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
|---|---|---|---|---|---|---|
| 2304 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion kiteworks Cryptographic Module (Software Version: KWLIB_1_0_1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/24/2014 | 12/23/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2850); CVL (Cert. #286); DRBG (Cert. #503); HMAC (Certs. #1790 and #1791); RSA (Cert. #1492); SHS (Certs. #2392 and #2393); Triple-DES (Cert. #1703) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-chip standalone "Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2303 | Oberthur Technologies 402 rue d'Estienne d'Orves Colombes 92700 France Christophe Goyet TEL: 703-322-8951 FAX: n/a Said Boukyoud TEL: +33-1-78-14-72-58 FAX: +33-1-78-14-70-20 CST Lab: NVLAP 100432-0 | ID-One PIV-C on Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2014 | 12/23/2019 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "ID-One Cosmo V8 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.1 and GlobalPlatform 2.2.1 chip with Built-in PIV application, Opacity Secure messaging and fingerprint On-Card-Comparison (OCC)." |
| 2301 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | IOS Common Cryptographic Module (IC2M) (Firmware Version: Rel 3(1.5.2)) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2014 06/12/2015 | 6/11/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cisco ASR1K 1NG, Cisco ISR 4451-X, Cisco ISR 4441, Cisco ASR1K RP2 and Cisco ASR1K 2KP (kingpin) with processor Intel Xeon on IOS XE3.10 Cisco ISR 3925E and Cisco ISR 3945E with processor Intel Xeon on IOS 15.3 Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.10 Cisco ISR c2951, Cisco ISR c3925 and Cisco ISR c3945 with processor Freescale 8752E on IOS 15.3 Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.3 Cisco ISR 1941 and Cisco ISR 2900 with processor Cavium CN5220 on IOS 15.3 Cisco Catalyst 4K with processor MPC8572C on IOS XE 3.6 Cisco Catalyst 3750x and Cisco Catalyst 3560x with processor Power-PC 405 on IOS 15.2 Cisco Catalyst 3650 with processor AMCC PowerPC 405EX on IOS XE3.6 Cisco Catalyst 2960 with processor Cavium CN5230 on IOS 15.2 -FIPS Approved algorithms: AES (Certs. #2783 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SEAL Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 2300 | RSA 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Versions: 4.1 [1], 4.1.0.1 [2], 4.1.2 [3] and 4.1.3.2 [4]) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/16/2014 12/21/2015 01/19/2016 01/22/2016 02/12/2016 01/18/2017 08/11/2017 | 1/17/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay without PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without PAA [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with PAA [1] Mac OS X 10.8 running on an Apple MacBook6,1 without PAA [1] Mac OS X 10.8 running on an Apple Mac Pro 5.1 with PAA [1] Solaris 10 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3] Solaris 11 running on a Oracle SPARC T4-2 without PAA [1][3] Solaris 11 running on a Oracle SPARC T4-2 with PAA [1][3] Solaris 10 on ESXi 4.1 running on a Dell M610 without PAA [1] Solaris 10 on ESXi 4.1 running on a Dell M610 with PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 without PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 with PAA [1] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Ubuntu 12.04 LTS running on a Beagle dev board [1][3] Fedora Core 17 running on a Beagle dev board [1] Android 4.0.3 running on a Motorola RAZR I [1] Android 2.3.6 running on a Samsung Galaxy S2 [1] Android 4.1.2 running on a Google Nexus 7 iOS 7.1 running on an Apple iPad 3 [1] iOS 7.1 running on an Apple iPad 4 [1] VxWorks 6.4 running on a MVME6100 [1][3] VxWorks 6.7 running on a MVME6100 [1][3] VxWorks 6.8 running on a MX31 Lite Kit [1][3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3] Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3] SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3] Fedora Core 20 running on a Wandboard Quad [3] Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3] Android 4.1 running on a Motorola RAZR I [3] Android 4.4 running on a Google Nexus 7 Tablet [3] Android 5.1 running on a Google Nexus 5 [3] Android 5.1 running on a Google Nexus 9 Tablet [3] CentOS 6.6 running on a Dell R730xd [3] Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] CentOS 7.2 running on a Dell Latitude E6420 with PAA [3] CentOS 7.2 running on a Dell Latitude E6420 without PAA [3] Timesys Linux 4.2.8 running on a ARMv7 Cortex A53 [4] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2859 [1], #3596 [3], #3767 [2] and #4665 [4]); CVL (Certs. #296 [1], #297 [1], #298 [1], #299 [1], #300 [1], #618 [3], #619 [3], #620 [3], #621 [3], #622 [3], #714 [2], #715 [2], #716 [2], #717 [2], #740 [2], #1311 [4], #1314 [4], #1315 [4], #1316 [4] and #1317 [4]); DRBG (Certs. #507 [1], #931 [3], #1037 [2] and #1577 [4]); DSA (Certs. #858 [1], #999 [3], #1047 [2] and #1236 [4]); ECDSA (Certs. #507 [1], #733 [3], #810 [2] and #1149 [4]); HMAC (Certs. #1799 [1], #2293 [3], #2467 [2] and #3089 [4]); KTS (AES Certs. #3596 [3] and #4665 [4]; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1499 [1], #1850 [3], #1938 [2] and #2545 [4]); SHS (Certs. #2402 [1], #2958 [3], #3137 [2] and #3822 [4]); Triple-DES (Certs. #1706 [1], #2003 [3], #2095 [2] and #2482 [4]) -Other algorithms: AES (Certs. #2859 [1] and #3767 [2], key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; EC Diffie-Hellman; HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Camellia; DES; DESX; DES40; ECAES (non-compliant); ECIES; GOST; MD2; MD4; PRNG; RC2; RC4; RC5; SEED Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2299 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2014 03/20/2015 | 3/19/2020 | Overall Level: 2 Multi-chip embedded |
| 2295 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch and 7800 Extension Switch (Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.0 (P/N 63-1001405-01)) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/12/2014 | 12/11/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #749 and #1408); RSA (Certs. #1048, #1049, #1279 and #1281) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; NDRNG; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); Triple-DES (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; ARCFOUR BLOWFISH-CBC; CAST128; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96; HMAC-MD5-96 Multi-chip standalone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2294 | RSA 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Versions: 4.1 [1], 4.1.0.1 [2], 4.1.2 [3] and 4.1.3.2 [4]) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/12/2014 12/21/2015 01/19/2016 01/22/2016 02/12/2016 01/18/2017 08/11/2017 | 1/17/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay without PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without PAA [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with PAA [1] Mac OS X 10.8 running on an Apple MacBook6,1 without PAA [1] Mac OS X 10.8 running on an Apple Mac Pro 5.1 with PAA [1] Solaris 10 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3] Solaris 11 running on a Oracle SPARC T4-2 without PAA [1][3] Solaris 11 running on a Oracle SPARC T4-2 with PAA [1][3] Solaris 10 on ESXi 4.1 running on a Dell M610 without PAA [1] Solaris 10 on ESXi 4.1 running on a Dell M610 with PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 without PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 with PAA [1] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Ubuntu 12.04 LTS running on a Beagle dev board [1][3] Fedora Core 17 running on a Beagle dev board [1] Android 4.0.3 running on a Motorola RAZR I [1] Android 2.3.6 running on a Samsung Galaxy S2 [1] Android 4.1.2 running on a Google Nexus 7 iOS 7.1 running on an Apple iPad 3 [1] iOS 7.1 running on an Apple iPad 4 [1] VxWorks 6.4 running on a MVME6100 [1][3] VxWorks 6.7 running on a MVME6100 [1][3] VxWorks 6.8 running on a MX31 Lite Kit [1][3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3] Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3] SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3] Fedora Core 20 running on a Wandboard Quad [3] Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3] Android 4.1 running on a Motorola RAZR I [3] Android 4.4 running on a Google Nexus 7 Tablet [3] Android 5.1 running on a Google Nexus 5 [3] Android 5.1 running on a Google Nexus 9 Tablet [3] CentOS 6.6 running on a Dell R730xd [3] Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] CentOS 7.2 running on a Dell Latitude E6420 with PAA [3] CentOS 7.2 running on a Dell Latitude E6420 without PAA [3] Timesys Linux 4.2.8 running on a ARMv7 Cortex A53 [4] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2859 [1], #3596 [3], #3767 [2] and #4665 [4]); CVL (Certs. #296 [1], #297 [1], #298 [1], #299 [1], #300 [1], #618 [3], #619 [3], #620 [3], #621 [3], #622 [3], #714 [2], #715 [2], #716 [2], #717 [2], #740 [2], #1311 [4], #1314 [4], #1315 [4], #1316 [4] and #1317 [4]); DRBG (Certs. #507 [1], #931 [3], #1037 [2] and #1577 [4]); DSA (Certs. #858 [1], #999 [3], #1047 [2] and #1236 [4]); ECDSA (Certs. #507 [1], #733 [3], #810 [2] and #1149 [4]); HMAC (Certs. #1799 [1], #2293 [3], #2467 [2] and #3089 [4]); KTS (AES Certs. #3596 [3] and #4665 [4]; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1499 [1], #1850 [3], #1938 [2] and #2545 [4]); SHS (Certs. #2402 [1], #2958 [3], #3137 [2] and #3822 [4]); Triple-DES (Certs. #1706 [1], #2003 [3], #2095 [2] and #2482 [4]) -Other algorithms: AES (Certs. #2859 [1] and #3767 [2], key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; EC Diffie-Hellman; HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Camellia; DES; DESX; DES40; ECAES (non-compliant); ECIES; GOST; MD2; MD4; PRNG; RC2; RC4; RC5; SEED Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2291 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 100432-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module (Hardware Versions: P/Ns 1HN162 and 1M2162; Firmware Versions: 0002SDM7, 0002LIM7 and 0002SED7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/10/2014 | 12/9/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343, #2803, #2804 and #2947); SHS (Certs. #1225 and #2352); DRBG (Cert. #62); RSA (Cert. #650); HMAC (Cert. #1597); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 2290 | Green Hills Software 30 West Sola Street Santa Barbara, CA 93101 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 100432-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 2.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/08/2014 | 12/7/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Green Hills Software INTEGRITY Multivisor v4 for ARM running on a Samsung Galaxy Note II (single-user mode) -FIPS Approved algorithms: AES (Certs. #2745, #2748, #2749, #2750 and #2753); CVL (Cert. #185); DRBG (Cert. #464); ECDSA (Cert. #482); HMAC (Cert. #1724); RSA (Cert. #1441); SHS (Cert. #2319); PBKDF (vendor affirmed) -Other algorithms: AES (Cert. #2745, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (encrypt/decrypt); Diffie-Hellman; EC Diffie-Hellman; Triple-DES (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "Green Hills Software ISS ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
| 2286 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02) } with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.6.00aa) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/03/2014 | 12/2/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density." |
| 2284 | whiteCryption Corporation 920 Stewart Drive Suite #100 Sunnyvale, CA 94085 USA Dan Zenchelsky TEL: 408-616-1600 FAX: 408-616-1626 CST Lab: NVLAP 100432-0 | whiteCryption Secure Key Box 4.6.0 Crypto Module (Software Version: 4.6.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/03/2014 | 12/2/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.2.2 running on a Google Nexus Phone (single-user mode) -FIPS Approved algorithms: AES (Certs. #2451, #2452, #2453, #2454, #2455, #2456, #2457, #2458, #2459, #2460, #2461, #2462, #2463, #2464, #2465, #2466, #2467, #2470 and #2471); CVL (Certs. #79, #80, #83, #84 and #94); DRBG (Cert. #335); ECDSA (Certs. #403 and #404); HMAC (Certs. #1516 and #1517); KBKDF (Cert. #11); RSA (Cert. #1263); SHS (Certs. #2084, #2085, #2086, #2087, #2088, #2089 and #2090) -Other algorithms: RSA (non-compliant) Multi-chip standalone "whiteCryption Secure Key Box (SKB) is a C/C++ library that provides cryptographic algorithms. SKB's unique white-box implementation is specifically designed to hide and protect cryptographic keys at all times. It allows safe deployment in insecure environments." |
| 2282 | Infotecs 41 Madison Avenue New York, NY 10010 USA Andrey Krasikov TEL: 678-431-9502 Andrew Mikhaylov TEL: +7 495 737 6192 x5277 FAX: +7 495 737 7278 CST Lab: NVLAP 200928-0 | ViPNet Common Crypto Core (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 9) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/14/2014 | 11/13/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 8.1 64-bit running on a Dell Inspiron 5537 Android v4.4 running on a Samsung Galaxy Note 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2822 and #2823); SHS (Certs. #2366 and #2367); HMAC (Certs. #1766 and #1767); DRBG (Certs. #483 and #484); KBKDF (Certs. #21 and #22) -Other algorithms: AES (Certs. #2822 and #2823, key wrapping) Multi-chip standalone "The ViPNet Common Crypto Core Library is a software library that provides cryptographic services to a number of ViPNet applications such as ViPNet Network Manager, ViPNet Client for Windows, ViPNet Client for Android, ViPNet Coordinator for Windows, ViPNet Coordinator for Linux, ViPNet Coordinator HW/VA. It is available in user space and kernel driver implementations on a wide range of operational systems. User space library and kernel library use the same base source code." |
| 2281 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers, Brocade NetIron CES 2000 Series Ethernet Switches (Hardware Versions: [BR-MLXE-4-MR-M-AC (80-1006853-01), BR-MLXE-4-MR-M-DC (80-1006854-01), BR-MLXE-8-MR-M-AC (80-1004809-04), BR-MLXE-8-MR-M-DC (80-1004811-04), BR-MLXE-16-MR-M-AC (80-1006820-02), BR-MLXE-16-MR-M-DC (80-1006822-02), BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02) with Blade 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (80-1003769-07), NI-CER-2048F-ADVPREM-DC (80-1003770-08), NI-CER-2048FX-ADVPREM-AC (80-1003771-07), NI-CER-2048FX-ADVPREM-DC (80-1003772-08), NI-CER-2024F-ADVPREM-AC (80-1006902-02), NI-CER-2024F-ADVPREM-DC (80-1006904-02), NI-CER-2024C-ADVPREM-AC (80-1007032-02), NI-CER-2024C-ADVPREM-DC (80-1007034-02), NI-CER-2048C-ADVPREM-AC (80-1007039-02), NI-CER-2048C-ADVPREM-DC (80-1007040-02), NI-CER-2048CX-ADVPREM-AC (80-1007041-02), NI-CER-2048CX-ADVPREM-DC (80-1007042-02), BR-CER-2024F-4X-RT-DC (80-1007212-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024C-4X-RT-AC (80-1006530-01), NI-CER-2024-2X10G (80-1003719-03), RPS9 (80-1003868-01), RPS9DC (80-1003869-02), BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02) with FIPS Kit XBR-000195]; Firmware Version: Multi-Service IronWare R05.5.00ca) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Certs. #798, #799 and #800); SHS (Certs. #2221, #2222 and #2223) -Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; NDRNG; HMAC-MD5; HMAC-SHA1-96 (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); RSA (non-compliant); SSHv2 KDF (non-compliant); TLSv1.0 KDF (non-compliant); DES; MD2; RC2; RC4 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. These fixed-form 10 GbE-capable 1U switches offer deep buffers and are ideal for Carrier Ethernet service delivery at the network ed" |
| 2280 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | KDH3000-CM (Hardware Version: 1.0; Firmware Version: V01.04.0000.0000) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1623); SHS (Cert. #2144); DRBG (Cert. #376) -Other algorithms: NDRNG Multi-chip embedded "The module is a ruggedized, opaque, tamper-resistant USB disk encryption/file encryption device that connects to an external general purpose computer (GPC) outside of its cryptographic boundary to service as a secure peripheral storage device for the GPC. The module is a self-contained device that automatically encrypts and decrypts data copied to and from the drive from the externally connected GPC." |
| 2279 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 4083330480 FAX: 4083338101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX™ 6610, ICX 6450, ICX 6650 and SX 800/1600 Series (Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-C12-PD (P/N 80-1007578-01), ICX6650-32-E-ADV (P/N: 80-1007115-02), ICX6650-32-I-ADV (P/N: 80-1007116-02), ICX6650-40-E-ADV (P/N: 80-1007179-03), ICX6650-40-I-ADV (P/N: 80-1007181-03), ICX6650-48-E-ADV (P/N: 80-1007180-03), ICX6650-48-I-ADV (P/N: 80-1007182-03), ICX6650-56-E-ADV (P/N: 80-1007117-03), ICX6650-56-I-ADV (P/N: 80-1007118-03), ICX6650-80-E-ADV (P/N: 80-1007119-03), ICX6650-80-I-ADV (P/N: 80-1007120-03), FI-SX800-S (P/N 80-1003050-03 and 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02 and 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02 and 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-ACPWR-SYS (P/N 80-1003883-02) and SX-DCPWR-SYS (P/N 80-1003886-02)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.01) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 4, 10 and 11 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Certs. #668, #801, #802 and #803); SHS (Certs. #2224, #2225, #2226 and #2227) -Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; SSHv2 KDF (non-compliant); HWRNG; HMAC-MD5; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); TLSv1.0 KDF (non-compliant); RSA (non-compliant); DES; MD2; RC2; RC4 Multi-chip standalone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density." |
| 2278 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 4451-X Integrated Services Router (ISR) (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Version: ISR 4451-X with FIPS kit ISR4451-FIPS-Kit; Firmware Version: IOS-XE 3.10.2) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2345 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2276 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | McAfee NGFW Cryptographic Kernel Module (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/07/2014 | 11/6/2019 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320 Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2914, #2915, #2916, #2917, #2918, #2919, #2920 and #2921); Triple-DES (Certs. #1729, #1730, #1731, #1732, #1733 and #1734); SHS (Certs. #2452, #2453, #2454, #2455, #2456 and #2457); HMAC (Certs. #1843, #1844, #1845, #1846, #1847 and #1848) -Other algorithms: N/A Multi-chip standalone "The McAfee NGFW Cryptographic Kernel Module is a software modulethat provides cryptographic services required by the McAfee NGFW product." |
| 2275 | Xirrus, Inc. 2101 Corporate Center Drive Thousand Oaks, CA 91320 USA Mike de la Garrigue TEL: 805-262-1655 CST Lab: NVLAP 100432-0 | Xirrus XR Series Wi-Fi Products (Hardware Versions: XR-520 [1], XR-520H-FIPS [2], XR-620-FIPS [1], XR-630-FIPS [1], XR-2425H-FIPS [3], XR-2225 [1], XR-2235 [1], XR-2425 [1], XR-2435 [1], XR-2226 [1], XR-2236 [1], XR-2426 [1], XR-2436 [1], XR-4420 [1], XR-4430 [1], XR-4820 [1], XR-4830 [1], XR-4426 [1], XR-4436 [1], XR-4826 [1], XR-4836 [1], XR-6820 [1], XR-6830 [1], XR-6836 [1], XR-7220 [1], XR-7230 [1], XR-7620 [1], XR-7630 [1] and XR-7636 [1]; Enclosure (Form Factor): XE-6000-TBAR [1], XR-520H-FIPS [2] and XR-2425H-FIPS [3]; Firmware Version: AOS-7.1) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/04/2014 | 11/3/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5 Multi-chip standalone "Wireless networking equipment." |
| 2273 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, California 92121 USA Lu Xiao TEL: 858-651-5477 CST Lab: NVLAP 200658-0 | QTI Cryptographic Module on Crypto 5 Core (Hardware Version: Snapdragon 805; Software Version: 5.f1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/04/2014 | 11/3/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.4 running on Snapdragon 805 (single-user mode) -FIPS Approved algorithms: DRBG (Cert. #501); Triple-DES (Cert. #1701); HMAC (Cert. #1786); AES (Cert. #2839); SHS (Cert. #2388) -Other algorithms: HW RNG; DES; AEAD; kasumi; snow-3g Multi-chip standalone "This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A." |
| 2272 | INSIDE Secure Arteparc Bachasson, Bât A Rue de la carrière de Bachasson, CS70025 Meyreuil, Bouches-du-Rhône 13590 France Bob Oerlemans TEL: +31 736-581-900 FAX: +31 736-581-999 CST Lab: NVLAP 200658-0 | VaultIP (Hardware Version: 1.1.4; Firmware Version: 1.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/24/2014 | 10/23/2019 | Overall Level: 2 -Physical Security: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: KBKDF (Cert. #25); KAS (Cert. #46); CVL (Cert. #269); DRBG (Cert. #500); ECDSA (Cert. #502); RSA (Cert. #1488); Triple-DES (Cert. #1702); HMAC (Cert. #1787); SHS (Cert. #2389); AES (Cert. #2847) -Other algorithms: DES; AES (Cert. #2847, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES (non-compliant); NDRNG Single-chip "VaultIP is a Silicon IP Security Module which includes a complete set of high- and low-level cryptographic functions. It offers key management and crypto functions needed for platform and application security such as Content Protection and Mobile Payment, and can be used stand-alone or as a 'Root of Trust' to support a TEE-based platform." |
| 2270 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) (Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, 15454-M-WSE-K9 and 10X10G-LC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8.1.2 or 9.8.1.3) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/22/2014 06/09/2015 | 6/8/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2886 and #2887); CVL (Certs. #316 and #317); DRBG (Certs. #521 and #522); HMAC (Certs. #1820 and #1821); KBKDF (Cert. #29); RSA (Certs. #1526 and #1527); SHS (Certs. #2427 and #2428); Triple-DES (Cert. #1721) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions." |
| 2267 | Yubico Inc. 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 USA Jakob Ehrensvard TEL: 408-774-4064 CST Lab: NVLAP 200427-0 | Yubico YubiKey Standard and YubiKey Nano (Hardware Version: 1.6; Firmware Version: 2.5.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/14/2014 | 10/13/2019 | Overall Level: 1 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2811); HMAC (Cert. #1762); SHS (Cert. #2359) -Other algorithms: N/A Single-chip "The YubiKey and YubiKey Nano are two-factor authentication devices supporting OATH-HOTP as well as the Yubico OTP algorithm. The devices are connected via the USB ports and emulate a generic USB keyboard to allow a true driver-less installation." |
| 2264 | HGST, a Western Digital company 5601 Great Oaks Parkway Building 50-3/D393 San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C15K600 TCG Enterprise HDDs (Hardware Versions: HUC156060CS4205 (1) [1, 2, 3, 4, 5], HUC156060CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156045CS4205 (1) [1, 2, 3, 4, 5], HUC156045CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156030CS4205 (1) [1, 2, 3, 4, 5], HUC156030CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156060CSS205 (1) [1, 2, 3, 4, 5], HUC156060CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156045CSS205 (1) [1, 2, 3, 4, 5], HUC156045CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156030CSS205 (1) [1, 2, 3, 4, 5], and HUC156030CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9]; Firmware Versions: R3A0 [1], R3F0 [2], R3R0 [3], R3X0 [4], R3X2 [5], R703 [6], R7G2 [7], R904 [8] or RA01 [9])) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/10/2014 02/20/2015 08/07/2015 04/04/2016 12/19/2016 | 12/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2263 | Utimaco IS GmbH Germanusstraße 4 Aachen 52080 Germany Dr. Gesa Ott TEL: +49 241-1696-200 FAX: +49 241-1696-190 CST Lab: NVLAP 100432-0 | SafeGuard® CryptoServer Se (Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 3.0.2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/07/2014 05/04/2016 | 5/3/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2739); DRBG (Cert. #459); ECDSA (Cert. #840); HMAC (Cert. #1717); RSA (Certs. #1435 and #1436); SHS (Certs. #2308, #2309 and #2310); Triple-DES (Cert. #1649); Triple-DES MAC (Triple-DES Cert. #1649, vendor affirmed); CVL (Cert. #749) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2739, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1649, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (non-compliant); ECIES; MD5; MDC-2; RIPEMD-160; DES; Retail-TDES MAC; AES MAC (AES Cert. #2739; non-compliant); PIN generation/PIN verification (e.g., VISA/MasterCard); KDF_ENC_DATA; KDF_HASH; KDF_ECDH; KDF_DH; KDF_XOR_BASE_AND_DATA; KDF_CAT_BASE_AND_KEY; KDF_CAT_BASE_AND_DATA; KDF_CAT_DATA_AND_BASE; KDF_EXTRACT_KEY_FROM_KEY Multi-chip embedded "SafeGuard® CryptoServer Se is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions." |
| 2262 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) (Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160 [1], A0 with PX02SSU010, PX02SSU020, PX02SSU040, or PX02SSQ080 [2], A0 with PX03SNU020, PX03SNU040, PX03SNU080, or PX03SNQ160 [3]; Firmware Versions: NA00 [1], NA01 [1], 0502 [1], AJ01 [1], AK01 [2], and AL01 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/01/2014 01/09/2015 | 1/8/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2261 | CipherCloud, Inc. 99 Almaden Blvd., Suite 500 San Jose, CA 95113 USA Andy Loong TEL: 408-663-5093 CST Lab: NVLAP 200968-0 | Cryptographic Module for CipherCloud Gateway (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/01/2014 05/03/2016 | 5/2/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 with Java JRE 1.6.0 running on IBM 3620 M3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2339); SHS (Cert. #2017); HMAC (Cert. #1449); DRBG (Cert. #303); PBKDF (vendor affirmed) -Other algorithms: AES-PCBC (non-compliant); AES-CTR (non-compliant); AES-CTS (non-compliant); AES-OFB (non-compliant); AES-OFB8 (non-compliant); AES-OFB128 (non-compliant); ARC4; Blowfish; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); RC2; RSA (encrypt/decrypt); Triple-DES (non-compliant); PBEWithMD5AndDES; PBEWithMD5AndTripleDES; PBEWithSHA1AndDESede; PBEWithSHA1AndRC2_40; MD2; MD5; SHA-384 (non-compliant); HMAC-MD5; HMAC SHA-384 (non-compliant); HMAC SHA-512 (non-compliant) Multi-chip standalone "The Cryptographic Module enables all cryptographic operations performed by the CipherCloud Gateway. The CipherCloud Gateway is a software solution that organizations deploy within their network boundaries or delegate operation to a trusted third party. CipherCloud interfaces with clients (e.g., web browsers, mobile applications, APIs, etc.), and leverages format and operations preserving encryption technology to secure sensitive information in real time, before it's sent to cloud applications (e.g. web servers, API services, databases, etc.), without impacting usability or performance." |
| 2260 | Zebra Technologies Corporation 3 Overlook Point Lincolnshire, IL 60069 USA Erv Comer TEL: 480-628-7901 Tom McKinney TEL: 631-738-3586 CST Lab: NVLAP 100432-0 | Fusion Wireless LAN Cryptographic Module for Android (Hardware Version: WL1283CYFVR (Rev C); Firmware Version: 1.01; Software Versions: 1.02 and 1.03) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 09/30/2014 08/14/2015 | 8/13/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1.1 running on a MC40N0 Android KitKat 4.4.4 running on a MC40N0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2812 and #3462); HMAC (Certs. #1763 and #2208); SHS (Certs. #2360 and #2858) -Other algorithms: N/A Multi-chip standalone "The Fusion WLAN cryptomodule secures the WLAN radio for Android Jelly Bean based devices (e.g., MC40, MC67, MC32, and ET1) and Android KitKat based devices (e.g., MC40 and MC92). These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government." |
| 2259 | Cavium Networks 2315 N First Street San Jose, CA 95131 USA Albert Harnois TEL: 408-943-7641 FAX: 408-557-1992 Tony Tran TEL: 408-943-7128 FAX: 408-577-1992 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Version: P/N FN1620-NFBE2-G; Firmware Version: CN16XX-NFBE-FW-2.1-110020) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2014 01/11/2017 | 1/10/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #1266); CVL (Cert. #166); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #801, #1166 and #1379); Triple-DES (Cert. #898) -Other algorithms: AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBE; RC4 Multi-chip embedded "The FN1620-NFBE2-G HSM adapter delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0 via an SFF-8639 connector. The adapter offers up to 30,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets." |
| 2258 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CS Series Encryptors (Hardware Versions: CS10 Ethernet Encryptor: A4201B [O] and A4201B [Y]; CS100 Ethernet Encryptor: A4203B [O] and A4203B [Y]; Firmware Version: 2.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/23/2014 | 9/22/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2585 and #2588); Triple-DES (Cert. #1561); RSA (Cert. #1323); SHS (Cert. #2176); HMAC (Cert. #1600); DRBG (Cert. #390); CVL (Cert. #114) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CS Series is a high performance encryption platform designed to secure data transmitted over 10 and 100Mbps Ethernet networks. The CS10 is a cost-effective, small form factor, encryptor for branch or remote office applications. The CS100 is a 19' rack mounted device suitable for point to point or multipoint connections and is ideally suited for central office operations. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 2257 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG S500-10 [1] and S500-20 [2] (Hardware Versions: 080-03549 [1], 080-03551 [1], 090-02998 [1], 080-03552 [1], 090-02999 [1], 080-03553 [2], 080-03555 [2], 090-03000 [2], 080-03556 [2], 090-03001 [2] with FIPS Security Kit (Part Number: 085-02870); Firmware Version: 6.5.2.9 build 144008) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2256 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG S400-20 [1], S400-30 [2] and S400-40 [3] (Hardware Versions: 080-03568 [1], 080-03570 [1], 090-03075 [1], 080-03571 [1], 090-03076 [1], 080-03572 [2], 080-03574 [2], 090-03079 [2], 080-03575 [2], 090-03080 [2], 080-03576 [3], 080-03578 [3], 090-03083 [3], 080-03579 [3], 090-03084 [3] with FIPS Security Kit (Part Number: 085-02891); Firmware Version: 6.5.2.9 build 144008) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2255 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | Secure Web Gateway Virtual Appliance-V100 (Software Version: 6.5.2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 with PAA SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2737); Triple-DES (Cert. #1648); DRBG (Cert. #458); HMAC (Certs. #1715 and #1716); SHS (Certs. #2306 and #2307); RSA (Cert. #1427); CVL (Certs. #182 and #328) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG; ANSI X9.31 PRNG (non-compliant); CAST-128; DES; RC2; RC4; Camellia; MD2; HMAC-MD5; RIPE-MD-160 Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2254 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | Oracle StorageTek T10000D Tape Drive (Hardware Version: P/N 7042136; Firmware Version: 4.07.107) (When operated in FIPS mode. The protocol SSH shall not be used when operated in the FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2760, #2761, #2762, #2763 and #2764); DRBG (Cert. #467); HMAC (Certs. #1729 and #1730); SHS (Certs. #2324 and #2325); RSA (Cert. #1445); CVL (Cert. #230) -Other algorithms: AES (Cert. #2763, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SSH KDF (non-compliant); AES (non-compliant); SHS (non-compliant); HMAC (non-compliant); RSA (non-compliant); DRBG (non-compliant) Multi-chip standalone "The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution." |
| 2251 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 01/26/2016 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA." |
| 2250 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 01/25/2016 01/30/2017 | 1/29/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA." |
| 2249 | Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 USA Lajuana Johnson TEL: 240-686-3300 CST Lab: NVLAP 200427-0 | Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto) (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 on qemu-kvm-0.12.1.2-2 on Red Hat Enterprise Linux 6 running on a Dell R900 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2355); HMAC (Cert. #1461); SHS (Cert. #2029); Triple-DES (Cert. #1473) -Other algorithms: DES Multi-chip standalone "libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code, and Triple-DES." |
| 2248 | Accellion, Inc. 1804 Embarcadero Road, Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: 65-6244-5670 FAX: 65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_3_0_1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/19/2014 | 9/18/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2317, #2318, and #2844); CVL (Cert. #268); HMAC (Certs. #1436 and #1783); RSA (Cert. #1485); SHS (Certs. #2004 and #2385); Triple-DES (Cert. #1700) -Other algorithms: AES (Cert. #2844, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1700, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5 Multi-chip standalone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2246 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco ASA Service Module (SM) (Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/12/2014 10/23/2014 01/15/2016 06/29/2016 | 6/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444 and #2482); DRBG (Certs. #332 and #341); ECDSA (Cert. #411); HMAC (Certs. #1247 and #1524); RSA (Certs. #1066 and #1271); SHS (Certs. #1794 and #2100); Triple-DES (Certs. #1321 and #1520) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Service Module (SM) Adaptive Security Appliance provides comprehensive security, performance, and reliability for network environments of all sizes." |
| 2245 | EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA Marshall Schiring TEL: 402-479-8375 FAX: 402-479-8472 Josh Johnson TEL: 402-479-8459 FAX: 402-479-8472 CST Lab: NVLAP 100432-0 | Subscriber Encryption Module (Hardware Version: R023-5000-980; Firmware Version: 5.28) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2640); DRBG (Cert. #411); HMAC (Cert. #1632); RSA (Cert. #1351); SHS (Cert. #2213) -Other algorithms: AES (Cert. #2640, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. 2640, vendor affirmed; P25 AES OTAR); DES; NDRNG Multi-chip embedded "The EFJohnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the EFJohnson Technology VP600 series radio with secure encrypted voice communication. The SEM supports AES, RSA, HMAC, DRBG and SHA-256 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security." |
| 2244 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5921 Embedded Services Router (ESR) (Software Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS Linux 6.4 running on an Intel Desktop Board D2500CC (single-user mode) -FIPS Approved algorithms: AES (Cert. #2785); CVL (Cert. #237); DRBG (Cert. #472); ECDSA (Cert. #486); HMAC (Cert. #1744); RSA (Cert. #1457); SHS (Cert. #2340); Triple-DES (Cert. #1673) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco ESR 5921 Embedded Services Router is a software product that runs IOS 15.2(4)GC in an x86-based Linux host environment. The binary is a Router application which allows Linux software connections with virtual and physical Linux interfaces on the host hardware. The Cisco 5921 Embedded Services Router provides a secure, manageable device which meets FIPS 140-2 Level 1 requirements." |
| 2243 | WideBand Corporation 401 W. Grand St. Gallatin, MO 64640 USA GoldKey Sales & Customer Service TEL: 816-220-3000 FAX: 419-301-3208 Jon Thomas TEL: 567-270-3830 FAX: 419-301-3208 CST Lab: NVLAP 200658-0 | GoldKey Security Token Cryptographic Module (Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); RSA (Cert. #1210); ECDSA (Cert. #384); CVL (Certs. #54, #234 and #235) -Other algorithms: N/A Single-chip "Provides cryptographic algorithm implementation for GoldKey Products" |
| 2242 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | X-ES XPedite5205 with Cisco IOS (Hardware Versions: X-ES XPedite5205 air-cooled card and X-ES XPedite5205 conduction-cooled card; Firmware Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The X-ES XPedite5205 is a high-performance, ruggedized router. With onboard hardware encryption, the XPedite5205 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The XPedite5205 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The XPedite5205 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology." |
| 2241 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5915 and 5940 Embedded Services Routers (Hardware Versions: Cisco 5915 ESR air-cooled card, Cisco 5915 ESR conduction-cooled card, Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Cisco 5915, 5940 are high-performance, ruggedized routers. With onboard hardware encryption, the Cisco 5915, 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5915, 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5915, 5940 Router Cards use industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology." |
| 2239 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 100432-0 | McAfee Core Cryptographic Module (user) (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/16/2014 | 10/15/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee Endpoint Encryption Preboot OS running on a Dell E5510 without PAA McAfee Endpoint Encryption Preboot OS running on a Dell E6320 with PAA McAfee Endpoint Encryption Preboot OS running on a Dell E6410 with PAA Windows 8 running in 64-bit UEFI mode running on a Dell Inspiron 3520 without PAA Windows 8 running in 64-bit UEFI mode running on a Lenovo W530 with PAA Windows 8 running in 64-bit UEFI mode running on a Lenovo Yoga with PAA Windows 8 running in 32-bit UEFI mode running on a Samsung 700T without PAA Windows 8 running in 32-bit UEFI mode running on a Dell Latitude 10 without PAA EFI Preboot running on a MacBook without PAA EFI Preboot running on a MacPro without PAA EFI Preboot running on a MacBook Air with PAA EFI Preboot running on a Mac Mini with PAA EFI Preboot running on a MacBook Pro with PAA Windows XP 32-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Lenovo Yoga with PAA Windows 8 64-bit running on a Lenovo Yoga with PAA Windows 8 32-bit running on a Dell Latitude 10 without PAA MacOS X Lion v10.7 running on a MacBook without PAA MacOS X Mountain Lion v10.8 running on a MacPro without PAA MacOS X Mountain Lion v10.8 running on a MacBook Air with PAA MacOS X Lion v10.7 running on a Mac Mini with PAA MacOS X Mountain Lion v10.8 running on a MacBook Pro with PAA Windows Vista 32-bit running on a Dell E6320 with PAA Windows Vista 64-bit running on a Dell E6410 with PAA Windows 7 32-bit running on a Dell E6320 with PAA Windows 8 32-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on an Intel UBHB2SISQ with PAA Windows 8 32-bit running on a Lenovo Thinkpad 2 without PAA Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with PAA Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2591, #2592, #2593 and #2755); DRBG (Cert. #394); HMAC (Certs. #1604 and #1605); SHS (Certs. #2181 and #2287) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; PKCS #5 Multi-chip standalone "The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range." |
| 2232 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Unified Storage Encryption Module (Hardware Version: DW-F700-BS6GE; Firmware Versions: 02.09.22.00 and 02.09.39.00) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/05/2014 03/10/2016 | 3/9/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748); SHS (Cert. #2344) -Other algorithms: AES (Cert. #2787, key wrapping; key establishment methodology provides 256 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant) Multi-chip embedded "The Hitachi Unified Storage Encryption Module provides high speed data at rest encryption for Hitachi storage." |
| 2231 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/28/2014 | 8/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2789, #2790, #2791 and #2793); Triple-DES (Cert. #1677); RSA (Cert. #1460); SHS (Cert. #2345); HMAC (Cert. #1749); DRBG (Cert. #475); CVL (Cert. #242) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC transmission security capability can be used to remove patterns from network traffic to prevent traffic analysis." |
| 2230 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-155 and RAP-155P Wireless Access Points (Hardware Versions: RAP-155-F1, RAP-155-USF1, RAP-155P-F1 and RAP-155P-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2229 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 Hasbi Kabacaoglu TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 200983-0 | Postal mRevenector GB 2013 (Hardware Versions: Hardware P/N: 580036020300/01 and 580036020300/02; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; GB Application:90.0036.0215.00/2013463001) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 09/19/2014 | 9/18/2019 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB 2013 is FP’s latest generation of PSD" |
| 2228 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-5WN Remote Access Point (Hardware Version: RAP-5WN-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #861, #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #478, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #856, #2246, #2249 and #2250); Triple-DES (Certs. #708, #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2227 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-92, AP-93, AP-104, AP-105 and AP-175 Wireless Access Points (Hardware Versions: AP-92-F1 [1], AP-93-F1 [1], AP-104-F1 [1][2], AP-105-F1 [1][2], AP-175P-F1 [1][2], AP-175AC-F1 [1][2] and AP-175DC-F1 [1][2] with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS [1] and ArubaOS 6.5.0-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2014 03/20/2015 01/28/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2226 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-134 and AP-135 Wireless Access Points (Hardware Versions: AP-134-F1 and AP-135-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2014 03/20/2015 01/29/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2225 | Axway Inc. 2600 Bridge Parkway Suite 201 Redwood City, CA 94065 USA Tom Donahoe TEL: 480 627 1800 FAX: 480 627 1801 Hristo Todorov TEL: 480 627 2644 FAX: 480 627 1801 CST Lab: NVLAP 100432-0 | Axway Security Kernel (Software Versions: 3.0 and 3.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/14/2014 09/12/2014 04/10/2015 06/27/2016 | 6/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2012 64-bit running on Dell PowerEdge R620 Server RHEL 6.3 64-bit running on Dell PowerEdge R620 Server Solaris 10 64-bit running on Sun Blade T6300 Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #2446 and #3215); Triple-DES (Certs. #1511 and #1830); SHS (Certs. #2080 and #2663); HMAC (Certs. #1510 and #2028); DSA (Certs. #760 and #918); ECDSA (Certs. #402 and #594); RSA (Certs. #1257 and #1638); CVL (Certs. #76 and #439) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Blowfish; Camellia; Cast; DES; des_old; DTLS1; ec; krb5_asn; KSSL; MD4; MD5; MDC2; RC2; RC4; RIPEMD; Seed; Whirlpool; PRNG Multi-chip standalone "The Axway Security Kernel is a software module that provides all security functionalities for several Axway products including the Axway Validation Authority Suite which is a collection of products that provide flexible and robust OCSP/SCVP certificate validation solution for standard and custom desktop and server applications. The suite supports established security standards and technologies and can be used together or integrated with existing solutions." |
| 2224 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 3200-F1, Aruba 3200-USF1, Aruba 3400-F1, Aruba 3400-USF1, Aruba 3600-F1, Aruba 3600-USF1 and [(Aruba 6000-400-F1 or Aruba 6000-400-USF1) with M3mk1-S-F1, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/12/2014 03/20/2015 01/20/2016 | 1/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2223 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 100432-0 | McAfee Core Cryptographic Module (kernel) (Software Version: 1.0 or 1.1.0.203.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/12/2014 03/17/2017 | 8/11/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Lenovo Yoga with PAA Windows 8 64-bit running on a Lenovo Yoga with PAA Windows 8 32-bit running on a Dell Latitude 10 without PAA MacOS X Lion v10.7 running on a MacBook without PAA MacOS X Mountain Lion v10.8 running on a MacPro without PAA MacOS X Mountain Lion v10.8 running on a MacBook Air with PAA MacOS X Lion v10.7 running on a Mac Mini with PAA MacOS X Mountain Lion v10.8 running on a MacBook Pro with PAA Windows Vista 32-bit running on a Dell E6320 with PAA Windows Vista 64-bit running on a Dell E6410 with PAA Windows 7 32-bit running on a Dell E6320 with PAA Windows 8 32-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on an Intel UBHB2SISQ with PAA Windows 8 32-bit running on a Lenovo Thinkpad 2 without PAA Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with PAA Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2592 and #2755); HMAC (Cert. #1605); SHS (Cert. #2287) -Other algorithms: N/A Multi-chip standalone "The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range." |
| 2222 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN1000/CN3000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5165B [O] (AC), A5141B [O] (AC) and A5175B [O] (AC); CN3000 Series: A5203B [O] (AC), A5204B [O] (DC), A5213B [O] (AC) and A5214B [O] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5165B [Y] (AC), A5141B [Y] (AC) and A5175B [Y] (AC); CN3000 Series: A5203B [Y] (AC), A5204B [Y] (DC), A5213B [Y] (AC) and A5214B [Y] (DC); Firmware Version: 4.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/12/2014 | 8/11/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Cert. #1682); AES (Certs. #2577, #2579, #2581, #2798, #2815 and #2816); RSA (Cert. #1464); SHS (Cert. #2350); HMAC (Cert. #1754); DRBG (Cert. #477); CVL (Cert. #247) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet, Fibre Channel or SONET/SDH networks. The CN1000 Series supports line rates up to 4.25Gbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 2221 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 620-F1, Aruba 620-USF1, Aruba 650-F1 and Aruba 650-USF1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2014 02/20/2015 01/20/2016 | 1/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2219 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA Rose Quijano-Nguyen CST Lab: NVLAP 200556-0 | Symantec Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/07/2014 | 8/6/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.4 (64-bit) on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2646); DRBG (Cert. #413); DSA (Cert. #797); HMAC (Cert. #1637); RSA (Cert. #1355); SHS (Cert. #2219); Triple-DES (Cert. #1587) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform." |
| 2217 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Hardware Version: SPARC T4 P/N 527-1437-01; Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 09/08/2014 02/03/2016 | 2/2/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2216 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Noelle Carroll TEL: 408-826-3246 CST Lab: NVLAP 100432-0 | Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit P/N CLN1780L Rev E with Encryption Module P/N CLN8261D Rev N; Firmware Version: GS-16.6.0.69 or PS-16.6.0.69) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/31/2014 | 7/30/2019 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #173 and #2395); DRBG (Cert. #399); HMAC (Certs. #39 and #1486); RSA (Cert. #1239); SHS (Certs. #258 and #2057); Triple-DES (Certs. #275 and #1493); CVL (Certs. #99, #122 and #315) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2215 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Noelle Carroll TEL: 408-826-3246 CST Lab: NVLAP 100432-0 | Motorola GGM 8000 Gateway (Hardware Versions: Base Unit P/N CLN1841E Rev A with FIPS Kit P/N CLN8787A Rev B and Power Supply [P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC)]; Firmware Versions: XS-16.6.0.69, GS-16.6.0.69 or KS-16.6.0.69) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/31/2014 | 7/30/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962 and #2395); DRBG (Cert. #399); HMAC (Certs. #1486 and #1487); RSA (Cert. #1239); SHS (Certs. #933 and #2057); Triple-DES (Certs. #757 and #1493); CVL (Certs. #99, #122 and #315) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2212 | United States Special Operations Command (USSOCOM) 7701 Tampa Point Boulevard MacDill Air Force Base, FL 33621-5323 USA William W. Burnham TEL: (813) 826-2282 CST Lab: NVLAP 200416-0 | Suite B Cryptographic Module (Software Version: 2.3.1) (When operated in FIPS mode with module Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode or BlackBerry Cryptographic Kernel validated to FIPS 140-2 under Cert. #1669 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/23/2014 | 7/22/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Intel Xeon E5530 w/Microsoft Windows Server 2008 Qualcomm Snapdragon S2 MSM8655 w/BlackBerry OS Version 7.0.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2603); SHS (Cert. #2187); HMAC (Cert. #1610); ECDSA (Cert. #448); CVL (Certs. #98 and #259) -Other algorithms: N/A Multi-chip standalone "KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys." |
| 2211 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2014 | 7/10/2019 | Overall Level: 1 Multi-chip standalone |
| 2210 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-636M CyberFence Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2014 03/29/2016 04/14/2016 | 4/13/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); SHS (Certs. #1801 and #1807); RSA (Certs. #1072 and #1278); HMAC (Certs. #1253 and #1259); ECDSA (Certs. #303 and #415); DRBG (Cert. #822); CVL (Certs. #22, #87 and #169) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-Chip Embedded "3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions." |
| 2208 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B [O] (DC); Senetas Corp. Ltd. CN6010 Series: A6010B [O] (AC), A6011B [O] (DC) and A6012B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B [Y] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B [Y] (AC), A6011B [Y] (DC) and A6012B [Y] (AC/DC); Firmware Version: 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/11/2014 | 7/10/2019 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1678); AES (Certs. #2788, #2792 and #2794); RSA (Cert. #1461); SHS (Cert. #2346); HMAC (Cert. #1750); DRBG (Cert. #476); CVL (Cert. #243) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis." |
| 2206 | Aviat Networks, Inc. 5200 Great America Parkway Santa Clara, CA 95054 USA Ruth French TEL: +44 7771 978599 FAX: +44 1698 717204 Martin Howard TEL: +64 4 577 8735 FAX: +64 4 577 8822 CST Lab: NVLAP 100432-0 | Aviat Networks Eclipse Cryptographic Module (Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004), FIPS Installation Kit (P/N 179-530153-001), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001), RAC 6XE (P/N EXR-600-002), RAC 60 (P/N EXR-660-001), or RAC 60E (P/N EXR-660-002)] and all remaining slots filled by one of the following: P/N 131-501768-001, EXA-001, EXD-040-001, EXD-152-001, EXD-153-001, EXD-156-001, EXD-160-001, EXD-161-001, EXD-171-001, EXD-180-002, EXD-180-005, EXD-180-102, EXD-181-001, EXD-181-002, EXD-252-001, EXD-331-001, EXD-400-002, EXP-024, EXR-910-001, EXR-999-003, EXS-001, EXS-002 or EXX-001; Firmware Versions: 07.07.10, 08.00.55, 08.00.70, 08.00.72, 08.00.80 and 08.00.81) (When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 07/24/2014 08/29/2014 07/06/2015 11/18/2015 | 11/17/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1503); SHS (Cert. #2075); RSA (Cert. #1250); DRBG (Cert. #323); AES (Certs. #2260 and #2418); Triple-DES (Cert. #1506); CVL (Cert. #73) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES Multi-chip standalone "This cryptographic module performs encryption of data carried over a microwave radio link." |
| 2205 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 Sunil Chitnis TEL: 408-333-2444 FAX: 408-333-4887 CST Lab: NVLAP 200427-0 | Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers (Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, BR-MLXE-4-MR2-M-AC, BR-MLXE-4-MR2-M-DC, BR-MLXE-8-MR2-M-AC, BR-MLXE-8-MR2-M-DC, BR-MLXE-16-MR2-M-AC, BR-MLXE-16-MR2-M-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR and BR-MLX-MR2-M Management Modules; Firmware Version: IronWare Release R05.3.00ea or IronWare Release R05.4.00cb) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 12 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 | 7/8/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2359); DRBG (Cert. #301); DSA (Cert. #737); HMAC (Cert. #1462); RSA (Cert. #1217); SHS (Cert. #2031); Triple-DES (Cert. #1475) -Other algorithms: DES; Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-SHA-1-96; MD2; MD5; NDRNG; RC2; RC4; RSA (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF Multi-chip standalone "The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6." |
| 2204 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion No.9 Xueqing Road Haidan District Beijing 100085 People's Republic of China Tibi Zhang TEL: 86-010-62304466 x821 FAX: 86-010-62304416 Xiaozhi Zheng TEL: 86-010-62304466 x531 FAX: 86-010-62304416 CST Lab: NVLAP 200427-0 | ePass Token (Hardware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2014 | 7/6/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The ePass Token, is a USB token containing FEITIAN's own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN's ePass USB token. The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN's ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell." |
| 2202 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830 with OATH & MPCOS applets (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore 30 Build 1.17, IDPrime MD Applet version V4.1.2.F with MSPNP Applet V1.0, OATH Applet V2.11 and MPCOS Applet V3.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2014 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure. In addition, OATH applet offers One Time Password based strong authentication while MPCOS offers e-purse and data management services." |
| 2201 | IBM® Corporation 9032 South Rita Road Tucson, AZ 85744 USA Christine Knibloe TEL: 520 799-1000 Said Ahmad TEL: 520-799-5538 CST Lab: NVLAP 200427-0 | IBM System Storage TS1140 and TS1150 Tapes Drives – Machine Type 3592, Models E07 and E08 (Hardware Versions: EC Level: M11776 and M12819, P/N: 00V6759 and 38L7468; Firmware Versions: EC Level: M11776 and M13383, P/N: 35P2401 and 38L7468) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/07/2014 05/29/2015 | 5/28/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2384, #2385, #2387, #3356, #3357 and #3358); DRBG (Certs. #314 and #787); RSA (Certs. #1234 and #1720); SHS (Certs. #2051 and #2783) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The TS1140 / 3592 E07 and TS1150/3592 E08 Tape Drives provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material." |
| 2200 | JVC KENWOOD Corporation 1-16-2, Hakusan, Midori-ku Yokohama-shi, Kanagawa 226-8525 Japan Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 Don Wingo TEL: (678) 474-4700 FAX: (678) 474-4730 CST Lab: NVLAP 100432-0 | Secure Cryptographic Module (SCM) (Hardware Versions: P/N KWD-AE30, Version 2.0.0 and 2.1.0; Firmware Versions: A3.0.1, A3.0.2 and A3.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 09/12/2014 05/08/2015 11/23/2015 12/18/2015 06/21/2017 07/24/2017 | 12/17/2020 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2696); SHS (Cert. #2285) -Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #2696, vendor affirmed; P25 AES OTAR); AES (non-compliant) Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption." |
| 2199 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-224 and AP-225 Wireless Access Points (Hardware Versions: AP-224-F1 and AP-225-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 03/20/2015 01/20/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2198 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-127 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC 1200 SSD Self-Encrypting Drive FIPS 140 Module (Hardware Versions: ST800FM0063 [1, 2, 3, 4,5]; Firmware Versions: 0002 [1], 0004 [2], 0005 [3], 0006 [4], and 0007 [5]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 10/16/2014 02/13/2015 07/23/2015 | 7/22/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343 and #2663); DRBG (Cert. #62); HMAC (Cert. #1597); RSA (Cert. #1021); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140 Module is embodied in Seagate 1200 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2197 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG9000-20 [1], SG9000-20B [2], SG9000-30 [3] and SG9000-40 [4] (Hardware Versions: 090-02840 [1], 090-02839 [1], 090-02984 [2], 090-02985 [2], 090-02841 [3], 090-02842 [3], 090-02845 [4] and 090-02846 [4] with FIPS kit 085-02718; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2196 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG600-10 [1], SG600-20 [2] and SG600-35 [3] (Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #105 and #2560); Triple-DES (Certs. #217 and #1549); RSA (Cert. #1312); SHS (Cert. #2159); HMAC (Cert. #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2195 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG900-10B [1], SG900-20 [2], SG900-30 [3], SG900-45 [4] and SG900-55 [5] (Hardware Versions: 090-02988 [1], 090-02989 [1], 090-02902 [2], 090-02903 [2], 090-02904 [3], 090-02905 [3], 09002908 [4], 090-02909 [4], 090-02979 [5] and 090-02980 [5] with FIPS kit 085-02742; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2190 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | TZ 105, TZ 105W, TZ 205, TZ 205W, TZ 210, TZ 210W, TZ 215 and TZ 215W (Hardware Versions: P/Ns 101-500356-56, Rev. A (TZ 105); 101-500357-57, Rev. A (TZ 105W); 101-500358-59, Rev. A (TZ 205); 101-500359-59, Rev. A (TZ 205W); 101-500244-50, Rev. A (TZ 210); 101-500214-65, Rev. A (TZ 210W); 101-500354-56, Rev. A (TZ 215); 101-500355-57, Rev. A (TZ 215W); Firmware Version: SonicOS 5.9.0.7-22o) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 03/22/2016 06/14/2017 | 3/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG Multi-chip standalone "SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats." |
| 2184 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Sandeep Kaushik CST Lab: NVLAP 200556-0 | SBC 5110 and 5210 Session Border Controllers (Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 4.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 | 6/24/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2643 and #2644); CVL (Certs. #124 and #125); DRBG (Cert. #412); HMAC (Certs. #1635 and #1636); RSA (Certs. #1353 and #1354); SHS (Certs. #2216, #2217 and #2218); Triple-DES (Cert. #1586) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
| 2182 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points (Hardware Versions: RAP-3WN-F1 [1][2], RAP-3WN-USF1 [1][2], RAP-3WNP-F1 [1][2], RAP-3WNP-USF1 [1][2], RAP-108-F1 [1][2], RAP-108-USF1 [1][2], RAP-109-F1 [1][2], RAP-109-USF1 [1][2], AP-114-F1 [1] and AP-115-F1 [1] with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS [1] and ArubaOS 6.5.0-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/20/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2181 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 650-427-1902 CST Lab: NVLAP 200928-0 | VMware Java JCE (Java Cryptographic Extension) Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/20/2014 | 6/19/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a vShield Manager OS with Sun JRE 6.0 on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1623); AES (Cert. #2704); SHS (Cert. #2271); HMAC (Cert. #1685); DRBG (Cert. #446); DSA (Cert. #825); RSA (Cert. #1402) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #2704, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1623, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC Multi-chip standalone "The VMware Java JCE (Java Cryptographic Extension) module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms." |
| 2178 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Model 650 SafeNet Encryptor (Hardware Versions: 904-000028-001, 904-000029-001, 904-000036-001, 904-53260-007, 904-53260-207, 943-53270-007, 943-53270-207, 904-53261-007, 904-53361-201, 943-53271-007 and 943-53371-201; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/18/2014 01/10/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2616, 2617 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less then 112 bits of encryption); Diffie-Hellman (non-compliant); NDRNG Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network." |
| 2177 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Model 600 SafeNet Encryptor (Hardware Versions: 904-000019-001, 904-000021-001, 904-000020-001, 904-000022-001, 904-000024-001, 904-000023-001, 904-000025-001, 904-000027-001, 904-000026-001, 943-000031-001, 943-000032-001, 943-000033-001, 943-000035-001, 943-000034-001, 904-30013-001, 904-30013-007, 904-30013-207, 904-10014-001, 904-10014-007, 904-10014-207, 904-25005-001, 904-25005-007, 904-25005-207, 904-51100-001, 904-51100-007, 904-51100-207, 904-51120-001, 904-51120-007, 904-51120-207, 904-51140-001, 904-51140-007, 904-51140-207, 943-51130-001, 943-51130-007, 943-51130-207, 943-51150-001, 943-51150-007, 943-51150-207, 904-51101-001, 904-51101-007, 904-51101-207, 904-51121-001, 904-51121-007, 904-51121-207, 904-51141-001, 904-51141-007, 904-51141-207, 943-51131-001, 943-51131-007, 943-51131-207, 943-51151-001, 943-51151-007 and 943-51151-207; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/18/2014 01/10/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2615, 2618 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); NDRNG Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks or 200MB and 1GB Ethernet networks." |
| 2176 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances (Hardware Versions: 5580-20 [2], 5580-40 [2], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [3], 5585-X SSP-20 [3], 5585-X SSP-40 [3], 5585-X SSP-60 [3] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [2], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [3]; Firmware Version: 9.1.7.9) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/18/2014 08/29/2014 01/12/2016 03/02/2016 06/29/2016 08/15/2016 08/31/2016 | 8/30/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483); DRBG (Certs. #332, #336, #339 and #341); ECDSA (Certs. #411 and #412); HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525); RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272); SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101); Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2175 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 02/27/2015 07/05/2016 12/01/2016 | 11/30/2021 | Overall Level: 2 Multi-chip standalone |
| 2173 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Dr. W Houston, TX 77070 USA Julie Ritter TEL: 281-514-4087 Luis Luciani TEL: 281-518-6762 CST Lab: NVLAP 200928-0 | iLO 3 Cryptographic Module (Hardware Versions: GLP: 531510-003 [1] and GXE: 438893-503 [2]; Flash Memory: (41050DL00-233-G [1,2]); NVRAM: (420102C00-244-G [1,2]); DDR3 SDRAM: (42020BJ00-216-G [1]); DDR2 SDRAM: (459715-002 [2]); Firmware Version: 1.50) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 | 6/16/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2294, #2295, #2296, #2297 and #2298); Triple-DES (Certs. #1443, #1444 and #1445); DSA (Cert. #720); RSA (Certs. #1182 and #1183); SHS (Certs. #1977, #1978 and #1979); HMAC (Cert. #1410) -Other algorithms: RC2; RC4; HMAC-MD5; DES; MD5; RSA (non-compliant); DSA (non-compliant); RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); TLSv1.0 KDF; TLSv1.1 KDF Multi-chip embedded "HP Integrated Lights-Out (iLO) management built into BladeSystem blade servers and storage blades is an autonomous management subsystem embedded directly on the server. iLO monitors each server’s overall "health", reports issues, and provides a means for setup and managing of power and thermal settings." |
| 2171 | HGST, Inc. 5601 Great Oaks Parkway Building 50-3/C-346 San Jose, CA 95119 USA Michael Good TEL: 408-717-6261 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C15K600 TCG Enterprise HDDs (Hardware Versions: HUC156060CS4205 [1], HUC156045CS4205 [1], HUC156030CS4205 [1], HUC156060CSS205 [1], HUC156045CSS205 [1], HUC156030CSS205 [1]; Firmware Version: R12E) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 07/17/2014 05/08/2015 | 5/7/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2169 | IBM® Corporation 9032 S Rita Road Tucson, AZ 85744 USA Christine Knibloe TEL: 520-799-2486 CST Lab: NVLAP 200427-0 | IBM LTO Generation 6 Encrypting Tape Drive (Hardware Versions: 00V7133 EC Level M12977 [1], 00V7137 EC Level M12977 [2], 00V7135 EC Level M12977 [3] and 00V7139 EC Level M12977 [4]; Firmware Versions: LTO6_DA86.fcp_fh_f.fmrz [1], LTO6_DA86.fcp_hh_f.fmrz [2], LTO6_DA86.sas_fh_f.fmrz [3] and LTO6_DA86.sas_hh_f.fmrz [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/11/2014 | 6/10/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2692, #2693 and #2694); DRBG (Cert. #440); RSA (Cert. #1392); SHS (Cert. #2261) -Other algorithms: AES (Cert. #2694, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Generation 6 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Four different host interface types of the LTO Generation 6 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library." |
| 2166 | Marvell Semiconductor, Inc. 5488 Marvell Lane Santa Clara, CA 95054 USA Minda Zhang TEL: 508-573-3255 FAX: 508-573-3311 CST Lab: NVLAP 200968-0 | Armada Mobile Processor (Hardware Versions: Armada PXA-2128[1] and Armada PXA-610[2]; Firmware Versions: 2128-1.1[1] and 610-1.1[2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 | 6/8/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1982 and #2133); Triple-DES (Certs. #1285 and #1357); SHS (Certs. #1737 and #1857); HMAC (Certs. #1195 and #1303); RSA (Certs. #1028 and #1102); ECDSA (Certs. #287 and #323); DRBG (Certs. #182 and #238) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength); AES (Certs. #1982 and #2133, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Single-chip "Marvell’s ARMADA PXA2128 and ARMADA PXA610 are application processors (PXA2128 is multicore) ideally suited for smartphones and tablets that enable a seamless connected lifestyle. Designed in low-power 40-nanometer (nm) process and featuring the Marvell Hybrid Symmetric Multi-Processing (hSMP) technology, they provide new levels of secure internet and multimedia performance, while achieving industry-leading battery life. Featuring Marvell optimized ARMv7 dual high-performance mobile processors with hSMP running at up to 1.2GHz, the ARMADA PXA2128 and PXA610 provide robust 3D graphics, video," |
| 2165 | Ultra Electronics 3eTI Suite 500 9715 Key West Ave Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-543 AirGuard iField Wireless Sensor Cryptographic Module (Hardware Version: 1.0; Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 | 6/8/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1611 and #2251); SHS (Cert. #1939); HMAC (Cert. #1379); ECDSA (Cert. #359) -Other algorithms: N/A Multi-chip embedded "3eTI 543 Wireless Sensor Cryptographic Module provides network authentication and data encryption for IEEE 15.4 radio. This module enables the secured transportation of sensor data using AES_CCM over ISA 100.11a or WirelessHard wireless links." |
| 2164 | Unium, Inc. 800 5th Avenue Suite 3700 Seattle, WA 98104 USA David Weidenkopf TEL: 206-812-5783 FAX: 206-770-6461 A. Riley Eller TEL: 206-812-5726 FAX: 206-770-6461 CST Lab: NVLAP 200658-0 | CoCo Secure Sockets Cryptographic Module (Software Versions: 2.1 and 2.2) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/05/2014 12/31/2014 05/29/2015 09/30/2015 02/05/2016 12/15/2016 01/18/2017 07/03/2017 08/22/2017 | 1/17/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6 32-bit running on oMG 2000 Vyatta 6.4 32-bit running on Dell PowerEdge R210 with PAA Vyatta 6.4 32-bit running on Dell PowerEdge R210 without PAA Windows 7 x86_64 native and Java support via JNI running on HP Pro Book 640 G1 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2366, #2367, #2381 and #3474); CVL (Certs. #62, #63 and #549); DRBG (Certs. #304, #305, #313 and #856); DSA (Certs. #739, #740 and #982); ECDSA (Certs. #389, #390 and #705); HMAC (Certs. #1470, #1471 and #2219); RSA (Certs. #1222, #1223 and #1790); SHS (Certs. #2039, #2040 and #2869); Triple-DES (Certs. #1479, #1480 and #1959) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; DRBG (DUAL-EC; non-compliant); RNG Multi-chip standalone "The CoCo OpenSSL Cryptographic Module 2.1 is an OpenSSL cryptographic library that provides cryptographic services to its calling applications." |
| 2162 | Encryptics 5080 Spectrum Drive Suite 1000 East Addison, TX 75001 USA Chris McCarthy TEL: 512-649-8185 Brian Kelly TEL: 512-649-8185 CST Lab: NVLAP 200002-0 | Encryptics® Cryptographic Library (Software Version: 1.0.3.0) (When operated with module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1002, #1330, and #1337 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/28/2014 07/03/2014 06/16/2016 | 6/15/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Vista SP1 (x64 version) with .NET Framework 3.5 running on a Dell SC430 Microsoft Windows 7 SP1 (x64 version) with .NET Framework 3.5 running on a HP Compaq dc7600 Microsoft Windows Server 2008 R2 SP1 (x64 version) with .NET Framework 4.0 running on a HP Compaq dc7600 (single-user mode) -FIPS Approved algorithms: AES (Certs. #739 and #1168); RSA (Certs. #353, #354, #557, #559 and #568); HMAC (Certs. #407, #673 and #687); SHS (Certs. #753 and #1081); DRBG (vendor-affirmed and Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Encryptics Cryptographic Library underpins Encryptics technology and offers protection by industry-standard, government approved algorithms to ensure that only authorized users and authorized devices are allowed to access private information stored within the .SAFE package. Encryptics for Email and Encryptics Data Protection API both leverage the Encryptics .SAFE Library to ensure use of FIPS 140-2 validated cryptography." |
| 2160 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 819G-4G-A-K9, 819G-4G-V-K9, 819H-K9, 819G-S-K9, 819HG-4G-G-K9, 891, 881, 1905, 1921 and 1941 Integrated Services Routers (ISRs) (Hardware Versions: 819G-4G-A-K9 , 819G-4G-V-K9 , 819H-K9 , 819G-S-K9, 819HG-4G-G-K9, 881, 891, 1905 [1], 1921 [1], 1941 and FIPS-SHIELD-1900= [1] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/27/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 800 and 1900 Series Integrated Services Routers are routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer Metro Ethernet and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications." |
| 2158 | INSIDE Secure 41 Parc Club du Golf Aix-en-Provence 13856 France Jerome Ducros TEL: +33 (0)413758653 CST Lab: NVLAP 100432-0 | VaultIC405™, VaultIC421™, VaultIC441™ (Hardware Versions: P/Ns: ATVaultIC405 [2], ATVaultIC421 [1] and ATVaultIC441 [1]; Platforms: ATVaultIC405M Silicon Rev C [2], ATVaultIC421M Silicon Rev C [1] and ATVaultIC441M Silicon Rev C [1]; Firmware Versions: 1.0.1 [1] and 1.0.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/20/2014 05/08/2015 | 5/7/2020 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #2119); DRBG (Cert. #231); DSA (Cert. #663); ECDSA (Cert. #316); HMAC (Cert. #1291); RSA (Cert. #1089); SHS (Cert. #1843); Triple-DES (Cert. #1348) -Other algorithms: NDRNG; AES (Cert. #2119, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; DES MAC; Triple-DES (ISO9797; non-compliant); Triple-DES MAC (ISO9797; non-compliant); HOTP; RSA (encrypt/decrypt) Single-chip "The VaultIC405™, VaultIC421™ and VaultIC441™ is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection." |
| 2157 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA Mocana Sales TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Hybrid Module (Hardware Version: Freescale P2020 SEC 3.1; Software Version: 5.5fi) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 05/20/2014 04/05/2016 | 4/4/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VxWorks 6.8 running on a XPedite5500 with a Freescale P2020 SEC3.1 processor (Single-user mode) -FIPS Approved algorithms: AES (Certs. #2290 and #2291); DRBG (Cert. #284); DSA (Cert. #717); ECDSA (Cert. #372); HMAC (Cert. #1407); RSA (Cert. #1179); SHS (Cert. #1974); Triple-DES (Cert. #1440) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Suite B Hybrid Module (Software Version 5.5fi) is a hybrid, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface." |
| 2156 | Dell, Inc. 2300 West Plano Parkway Plano, TX 75075 USA Chris Burchett TEL: 512-723-8065 FAX: 972-577-4375 Mike Phillips TEL: 512-723-8420 FAX: 972-577-4375 CST Lab: NVLAP 200002-0 | Dell-CREDANT Cryptographic Kernel (Windows Kernel Mode) [1] and Dell-CREDANT Cryptographic Kernel (Windows User Mode) [2] (Software Versions: 1.8 [1,2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/15/2014 | 5/14/2019 | Overall Level: 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 2 with Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [1] Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [1] Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [2] Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [2] -FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236) -Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant) Multi-chip standalone "CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications." |
| 2155 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 650-427-1902 CST Lab: NVLAP 200928-0 | VMware NSS Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/14/2014 | 5/13/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with PAA VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1619); AES (Cert. #2700); SHS (Cert. #2267); HMAC (Cert. #1681); DRBG (Cert. #443); DSA (Cert. #821); RSA (Cert. #1398) -Other algorithms: RC2; RC4; DES; SEED; CAMELLIA; MD2; MD5; Triple-DES (non-compliant); ECDSA (non-compliant); HKDF (non-compliant); J-PAKE; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The VMware NSS Cryptographic Module is a software cryptographic library that provides FIPS 140-2 validated network security services to VMware products." |
| 2152 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs) (Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #803, #963, #1115, #1536 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #443, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #801, #934, #1038, #2182 and #2208); Triple-DES (Certs. #758, #812, #1037 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2151 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | ProtectV StartGuard (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/13/2014 01/10/2017 | 1/9/2022 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 (x64) on VMware ESXi 5.0 running on Dell PowerEdge R610 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2550); HMAC (Cert. #1571); SHS (Cert. #2151) -Other algorithms: N/A Multi-chip standalone "ProtectV StartGuard authorizes whether or not a virtual machine instance secured by SafeNet ProtectV can be launched. StartGuard enables a challenge response authentication mechanism to be inserted in the boot transition process when ProtectV is being started up, during the transition between the first to second phase of the boot process. StartGuard is configurable to suit customers’ security and privacy requirements." |
| 2150 | Dell, Inc. 2300 West Plano Parkway Plano, TX 75075 USA Chris Burchett TEL: 512-723-8065 FAX: 972-577-4375 Mike Phillips TEL: 512-723-8420 FAX: 972-577-4375 CST Lab: NVLAP 200002-0 | Dell-CREDANT Cryptographic Kernel (Mac Kernel Mode) [1], Dell-CREDANT Cryptographic Kernel (Mac User Mode) [2] and Dell-CREDANT Cryptographic Kernel (Linux User Mode) [3] (Software Versions: 1.8 [1,2,3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/13/2014 | 5/12/2019 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1] Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1] Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2] Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2] Ubuntu Linux 11.04 (32-bit) running on a Dell Optiplex 755 [3] Ubuntu Linux 11.04 (64-bit) running on a Dell Optiplex 755 [3] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236) -Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant) Multi-chip standalone "CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications." |
| 2149 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6] (Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2014 11/24/2015 | 11/23/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2148 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6] (Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2014 11/24/2015 | 11/23/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2145 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 1941, 2901, 2911, 2921, 2951, 3925, 3945 Integrated Services Routers (ISRs) and ISM (Hardware Versions: 1941 [12], 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,13, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, D], [3925, 3945] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], ISM-VPN-19 [12], ISM-VPN-29 [13], ISM-VPN-39 [14], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #963, #1115, #1536, #2343 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #538, #627, #1452 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #934, #1038, #2020, #2182 and #2208); Triple-DES (Certs. #758, #812, #1466 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options. The VPN ISM is a module for the ISRs that provides the capability to considerably increase performance for VPN encrypted traffic," |
| 2143 | Dell, Inc. 1925 Isaac Newton Square East Suite 440 Reston, VA 20190 USA Joe Leslie TEL: 949-754-1263 FAX: 949-754-8999 Jason Raymond TEL: 617-261-6968 CST Lab: NVLAP 200002-0 | Dell AppAssure Crypto Library (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/06/2014 | 5/5/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 2008 R2 64-bit running on Dell PowerEdge T610 with PAA Windows 2008 R2 64-bit running on Dell PowerEdge T610 without PAA Windows 2012 64-bit running on Dell PowerEdge R720 with PAA Windows 2012 64-bit running on Dell PowerEdge R720 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2601); RSA (Cert. #1329); SHS (Cert. #2185) -Other algorithms: N/A Multi-chip standalone "The Dell AppAssure Crypto Module provides data encryption functionality. The Module is a software component used by other software products to encrypt and decrypt data. The Module implements AES (Rijndael) CBC mode functions. Physically, the Module is a DLL file delivered with a file containing the DLL's digital signature." |
| 2141 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200427-0 | Brocade® FCX L2/L3 Switch and Brocade FastIron® SX Series L2/L3 Switch (Hardware Versions: FI-SX800-S, FI-SX1600-AC, FI-SX1600-DC, FCX624S, FCX624S-HPOE-ADV, FCX624S-F-ADV, FCX648S, FCX648S-HPOE and FCX648S-HPOE-ADV with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: IronWare Release R07.3.00c) (When operated in FIPS mode and with the tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/06/2014 06/05/2014 | 6/4/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2150); DRBG (Cert. #239); DSA (Cert. #668); HMAC (Cert. #1317); RSA (Cert. #1106); SHS (Cert. #1871); Triple-DES (Cert. #1363) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (non-compliant); RSA (key wrapping; non-compliant) Multi-chip standalone "The 24-port and 48-port models of the Brocade FCX Series of switches support Power over Ethernet (PoE) and non-PoE applications. They are designed to meet today's enterprise campus and data center network wire-speed and non-blocking performance requirement.The FastIron SX Series extends control from the network edge to the core with intelligent network services, such as Quality of Service (QoS). The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant IP services solution for 1 and 10 Gigabit Ethernet (GbE) enterprise deployments." |
| 2140 | Uplogix, Inc. 7600B N. Capital of Texas Hwy., Suite 220 Austin, TX 78731 USA Certification Administrator TEL: 512-857-7070 CST Lab: NVLAP 200427-0 | Uplogix 430 [1, a], 3200 [2, a], 500 [3, a, b] and 5000 [4, a b] (Hardware Versions: 43-1102-50 [1], 37-0326-04 [2], 61-5050-33 [3] and 61-5500-33 [4] with Tamper Evident Labels Part No. (61-0001-00); Firmware Versions: 4.6.4.22900g [a] and 4.6.4.24340g [b]) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2014 05/20/2014 05/16/2017 05/16/2017 | 5/19/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2293); CVL (Certs. #46, #47 and #48); DRBG (Cert. #285); DSA (Cert. #719); HMAC (Cert. #1409); RSA (Cert. #1181); SHS (Cert. #1976); Triple-DES (Cert. #1442) -Other algorithms: AES (non-compliant); DES; DSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits); HMAC (non-compliant); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); IKE KDF; MD5; PBKDF2-SHA-256; RC4; RNG (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); SHS (non-compliant); Triple-DES (non-compliant) Multi-chip standalone "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally.Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies." |
| 2138 | Symantec Corporation 303 2nd Street 1000N San Francisco, CA 94107 USA Shirley Stahl TEL: 424-750-7424 CST Lab: NVLAP 200556-0 | Symantec Java Cryptographic Module (Software Version: 1.2) (This module contains the embedded module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1786 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/29/2014 07/11/2016 | 7/10/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (64-Bit) with Sun JRE 6.0 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1911); DSA (Cert. #604); ECDSA (Cert. #271); DRBG (Cert. #160); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DUAL_EC_DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DESX; ECIES; MD2; MD4; MD5; PRNG; RC2; RC4; RC5; RIPEMD160; RSA Keypair Generation MultiPrime (non-compliant); HMAC-MD5 Multi-chip standalone "The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite." |
| 2136 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 7200 Series Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 7210-F1, Aruba 7210-USF1, Aruba 7220-F1, Aruba 7220-USF1, Aruba 7240-F1, Aruba 7240XM-RWF1, Aruba 7240-USF1, Aruba 7240XM-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 03/20/2015 01/13/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2134 | Harris Corporation RF Communications Division 1680 University Avenue Rochester, NY 14610 USA James White TEL: 585-242-3917 Elias Theodorou TEL: 585-720-8790 CST Lab: NVLAP 200928-0 | RF-7800W Broadband Ethernet Radio (Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/24/2014 | 4/23/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform." |
| 2128 | Gigamon Inc. 3300 Olcott Street Santa Clara, CA 95054 USA Mike Valladao TEL: 408-831-4000 CST Lab: NVLAP 200556-0 | Gigamon Linux-Based Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and when the module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/20/2014 10/23/2014 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a GigaVUE-TA1(single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Gigamon Linux-Based Cryptographic Module provides cryptographic functions for Gigamon products and solutions." |
| 2127 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect Duo with LASER PKI (Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0) (When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/09/2014 05/28/2014 | 5/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. #253); CVL (Cert. #8) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 2126 | Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middlesex NW10 0UF United Kingdom Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 Francesco Rivieccio TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0 | Integral AES 256 Bit Crypto SSD Underlying PCB (Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/09/2014 | 4/8/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254) -Other algorithms: N/A Multi-chip standalone "Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)." |
| 2125 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | ACT2Lite Module (Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072) or 15-14497-02(NDS_ACT2_V1); Firmware Version: 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/09/2014 09/18/2015 09/30/2015 | 9/29/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2556, #2742 and #3002); DRBG (Certs. #384, #461 and #572); ECDSA (Certs. #439, #480 and #550); HMAC (Certs. #1576, #1719 and #1899); RSA (Certs. #1309, #1438 and #1570); SHS (Certs. #2156, #2314 and #2513) -Other algorithms: NDRNG Single-chip "ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms." |
| 2124 | Vidyo, Inc. 433 Hackensack Ave, 6th Floor Hackensack, NJ 07601 USA CST Lab: NVLAP 200556-0 | Cryptographic Security Kernel (Software Version: 2) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/09/2014 | 4/8/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without PAA Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with PAA Mac OS X 10.6.8 32-bit running on a Mac Mini without PAA Mac OS X 10.6.8 64-bit running on a Macbook Pro without PAA Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with PAA Mac OS X 10.7.3 32-bit running on a Mac Mini without PAA Mac OS X 10.7.3 64-bit running on a Macbook Air without PAA Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with PAA Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without PAA Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with PAA Windows 7 with SP1 32 bit running on a Mac Mini without PAA Windows 7 with SP1 64 bit running on a Dell Precision M4300 without PAA Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with PAA Windows 7 with SP1 64 bit running on a Macbook Air with PAA iOS 6.1 running on a Apple iPad 4 iOS 6.1 running on a Apple iPhone 5 Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1 Android 4.1.1 running on a ASUS Transformer Prime Android 4.1.2 running on a Samsung Galaxy Nexus S Android 4.2.2 running on a Google Nexus 7 Android 4.0.4 running on a Samsung Galaxy SII Android 4.1.2 running on a Samsung Galaxy SIII Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175) -Other algorithms: N/A Multi-chip standalone "The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications." |
| 2121 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3] (Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/03/2014 06/05/2014 11/24/2015 | 11/23/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2119 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 Harshad Thakar TEL: 720-684-2580 FAX: 720-684-2733 CST Lab: NVLAP 100432-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module (Hardware Versions: 1G1162 and 1G1164; Firmware Versions: SM72, SM73, DM72, DM73, DM82, DM83, HM72, HM73, HM82, HM83, LM72 and LM73) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/28/2014 05/21/2014 06/27/2014 | 6/26/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597) -Other algorithms: NDRNG Multi-chip embedded "The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 2118 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Zhenyi Huang TEL: 650-236-5886 Huy Ho TEL: 650-236-5733 CST Lab: NVLAP 200002-0 | NonStop Volume Level Encryption (NSVLE) (Software Versions: 2.0 and 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/03/2014 03/17/2017 03/20/2017 | 4/2/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Debian Linux HPTE Version 5.0.0 running on an HPE ProLiant DL380p Gen8Debian Linux HPTE Version 7.9.1 running on an HPE ProLiant DL380 Gen9 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2375, #2376, #4363 and #4364); CVL (Certs. #228 and #1072); DRBG (Certs. #311 and #1402); HMAC (Certs. #1477 and #2903); RSA (Certs. #1230 and #2362); SHS (Certs. #2047 and #3601); Triple-DES (Certs. #1486 and #2359) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "HPE NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure." |
| 2116 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E) (When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/26/2014 04/16/2014 | 4/15/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575) -Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev." |
| 2110 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 x72921 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Library for Secure Work Space (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/21/2014 01/24/2016 | 1/23/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110 Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110 Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2 Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2 iOS v5 running on a iPad3 iOS v6 running on a iPhone5 Android v4.1 running on a Samsung Galaxy SIII (single-user mode) -FIPS Approved algorithms: AES (Cert. #2544); CVL (Cert. #89); DRBG (Cert. #377); DSA (Cert. #776); ECDSA (Cert. #436); HMAC (Cert. #1565); RSA (Cert. #1298); SHS (Cert. #2145); Triple-DES (Cert. #1539) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength), RNG; DRBG (non-compliant) Multi-chip standalone "BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions." |
| 2107 | Vocera Communications, Inc. 525 Race Street San Jose, CA 95126 USA Thirumalai T. Bhattar TEL: 408-882-5841 FAX: 408-882-5101 Ken Peters TEL: 408-882-5858 FAX: 408-882-5101 CST Lab: NVLAP 200996-0 | Vocera Cryptographic Module (Hardware Version: 88W8688; Firmware Version: 2.0; Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 03/19/2014 | 3/18/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode) -FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols." |
| 2106 | DTECH LABS, Inc. 22876 Shaw Road Sterling, VA 20166 USA Brian K. Everhart TEL: 703-547-0638 Patrick Higdon TEL: 703-563-0633 CST Lab: NVLAP 200427-0 | M3-SE-RTR2 and TXC3 (Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/19/2014 | 3/18/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements." |
| 2101 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 100432-0 | Symantec Mobility: Suite Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/14/2014 04/03/2014 07/23/2015 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 Android 4.0 running on a Galaxy Nexus (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec Mobility: Suite Cryptographic Module Version 1.0 provides cryptographic functions for Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices." |
| 2100 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco FIPS Object Module (Software Version: 4.1) (When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/07/2014 | 3/6/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon Linux 2.6 running on a Cisco ASR1002 Android v4.0 running on a Samsung Galaxy S II Windows 7 running on a Cisco UCS C200 M2 without PAA Windows 7 running on a Cisco UCS C210 M2 with PAA FreeBSD 9.0 running on a Cisco UCS C210 M2 without-PAA Linux 2.6 running on a Cisco UCS C22 M3 with PAA Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength) Multi-chip standalone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2099 | Riverbed Technology, Inc. 680 Folsom St. San Francisco, CA 94107 USA Andrei K. Uyehara TEL: 415-527-4244 Chris Scuderi TEL: 408-522-5154 CST Lab: NVLAP 200928-0 | Riverbed Cryptographic Security Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/07/2014 04/16/2014 09/25/2014 12/15/2015 11/01/2016 11/02/2016 12/09/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI Granite OS 2.0 running on Riverbed Granite Core Appliance Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Whitewater OS 3.0 running on Whitewater Appliance without AES-NI Whitewater OS 3.0 running on Whitewater Appliance with AES-NI Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Interceptor OS 4.5 running on Riverbed Interceptor Appliance RiOS 8.6 32-bit running on Riverbed Steelhead Appliance RiOS 8.6 64-bit running on Riverbed Steelhead Appliance RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 8.6 64-bit running on Riverbed Steelhead Appliance with AES-NI Steelhead Mobile Controller 4.6 running on SMC without AES-NI Steelhead Mobile Controller 4.6 running on SMC with AES NI Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 9.2 x86 64-bit running on Riverbed Steelhead Appliance with PAA RiOS 9.2 x86 64-bit running on Riverbed Steelhead Appliance without PAA RiOS 9.2 x86 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA RiOS 9.2 x86 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA RiOS 9.2 x86 64-bit on KVM 1.0 running on Dell PowerEdge R320 with PAA RiOS 9.2 x86 64-bit on KVM 1.0 running on Dell PowerEdge R320 without PAA SteelCentral Controller for SteelHead Mobile 5.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA SteelCentral Controller for SteelHead Mobile 5.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA SteelFusion 4.3 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA SteelFusion 4.3 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA Riverbed License Manager 1.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA Riverbed License Manager 1.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA Riverbed SteelCentral AppResponse 11.2 64bit on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA Riverbed SteelCentral AppResponse 11.2 64bit on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA SteelCentral Controller for SteelHead Mobile 5.0 running on SMC appliance with PAA SteelCentral Controller for SteelHead Mobile 5.0 running on SMC appliance without PAA SteelFusion 4.3 running on Riverbed SteelFusion appliance with PAA SteelFusion 4.3 running on Riverbed SteelFusion appliance without PAA Riverbed SteelCentral AppResponse 11.2 running on Riverbed appliance with PAA Riverbed SteelCentral AppResponse 11.2 running on Riverbed appliance without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2374); CVL (Cert. #65); DRBG (Cert. #310); DSA (Cert. #745); ECDSA (Cert. #392); HMAC (Cert. #1476); RSA (Cert. #1229); SHS (Cert. #2046); Triple-DES (Cert. #1485) -Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman; PRNG; DRBG (non-compliant) Multi-chip standalone "The Riverbed Cryptographic Security Module ("RCSM") provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead, SteelFusion and SteelCentral products. Using RCSM to provide FIPS compliance across Riverbed solutions, strengthens security and facilitates the product certification and accreditation processes, enabling hybrid enterprises to transform application performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility." |
| 2098 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4 42 36 60 74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830 (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore30 Build 1.17, IDPrime MD Applet version V4.1.2.F and MSPNP Applet V1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/05/2014 08/04/2016 | 8/3/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
| 2097 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Software Versions: 4.0.1 [1] and 4.0.2.5 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/05/2014 11/25/2014 02/03/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit) [1] Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with PAA (x86 64-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit) [1] Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit) [1] Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 32-bit) [1] Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 64-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with PAA (x86 32-bit) [1] Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit) [1] Microsoft Windows 7 SP1 running on a Dell Precision M6500 with PAA (x86 64-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) [1] NetBSD 6.0.1 running on a Ricoh D2395602 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2017 and #4126); DRBG (Certs. #191 and #1246); DSA (Certs. #642 and #1121); ECDSA (Certs. #292 and #941); HMAC (Certs. #1221 and #2699); PBKDF (vendor affirmed); RSA (Certs. #1046 and #2233); SHS (Certs. #1767 and #3395); Triple-DES (Certs. #1302 and #2257) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; ECAES; ECIES; HMAC MD5; MD2; MD4; MD5; PBKDF1 SHA-1; PRNG; RC2; RC4; RC5 Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2095 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 100432-0 | Symantec Mobility: Suite Server Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/28/2014 07/23/2015 02/11/2016 | 2/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec Mobility: Suite Server Cryptographic Module provides cryptographic functions for the Server component of Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate‐liable and employee‐owned mobile devices." |
| 2093 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches (Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/27/2014 03/12/2014 | 3/11/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358) -Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules." |
| 2091 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) (Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/26/2014 | 2/25/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4 Multi-chip standalone "The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions." |
| 2089 | HGST, Inc. 5601 Great Oaks Parkway Building 50-3/C-346 San Jose, CA 95119 USA Michael Good TEL: 408-717-6261 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar SSD800/1000/1600 TCG Enterprise SSDs (Hardware Versions: P/Ns HUSMH8080ASS205 (0001) [1, 2, 3, 4], HUSMH8080ASS205 (0002) [4, 9], HUSMH8080BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8040ASS205 (0001) [1, 2, 3, 4], HUSMH8040ASS205 (0002) [4, 9], HUSMH8040BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8020ASS205 (0001) [1, 2, 3, 4], HUSMH8020ASS205 (0002) [4, 9], HUSMH8020BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8010BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM8080ASS205 (0001) [1, 2, 3, 4], HUSMM8080ASS205 (0002) [4, 9], HUSMM8040ASS205 (0001) [1, 2, 3, 4], HUSMM8040ASS205 (0002) [4, 9], HUSMM8020ASS205 (0001) [1, 2, 3, 4], HUSMM8020ASS205 (0002) [4, 9], HUSMM1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMM1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1620ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMR1619ASS235 (0003) [25], HUSMR1619ASS205 (0003) [10, 16, 17, 24, 25, 31, 32], HUSMR1010ASS205 (0001) [1, 2, 3, 4], HUSMR1010ASS205 (0002) [4, 9], HUSMR1050ASS205 (0001) [1, 2, 3, 4], HUSMR1050ASS205 (0002) [4, 9], HUSMR1025ASS205 (0001) [1, 2, 3, 4], HUSMR1025ASS205 (0002) [4, 9], HUSMR1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1650ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1625ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], and HUSMR1610ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28]; Firmware Versions: R210 [1], R230 [2], R232 [3], R252 [4], P216 [5], P218 [6], P250 [7], P252 [8], R254 [9], R104 [10], P217 [11], P292 [12], P298 [13], P29A [14], P2C0 [15], R106 [16], R120 [17], P21J [18], P29C [19], P29E [20], P2CA [21], P2CC [22], P2E0 [23], R108 [24], R130 [25], P2F0 [26], K2CC [27], P300 [28], P302 [29], D302 [30], R154 [31] or G155 [32]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/25/2014 04/03/2014 04/11/2014 07/17/2014 09/12/2014 10/23/2014 12/31/2014 01/23/2015 02/13/2015 05/29/2015 08/07/2015 09/04/2015 09/30/2015 12/09/2015 | 12/8/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed); -Other algorithms: AES (Cert. #2365, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs.10/23/14: Added HW HUSMH8080ASS205, HUSMH8040ASS205, HUSMH8020ASS205, HUSMM8080ASS205, HUSMM8040ASS205, HUSMM8020ASS205, HUSMR1010ASS205, HUSMR1050ASS205, HUSMR1025ASS205" |
| 2086 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | StorageTek T10000C Tape Drive (Hardware Version: P/N 7054185; Firmware Version: 1.57.308) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 | 2/21/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82) -Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution." |
| 2082 | Toshiba Electronic Devices & Storage Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Tohru Iwamoto TEL: +81-45-776-4488 CST Lab: NVLAP 200822-0 | Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW) (Hardware Version: AA; Firmware Versions: FN001S, FN002S) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/13/2014 04/23/2014 07/18/2017 | 4/22/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334); -Other algorithms: NDRNG Multi-chip embedded "The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology." |
| 2081 | Dispersive Technologies, Inc. 2555 Westside Parkway Suite 500 Alpharetta, GA 30004 USA Douglas Dimola TEL: 844.403.5851 CST Lab: NVLAP 200556-0 | V2VNet Common Crypto Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2014 09/18/2015 02/26/2016 | 2/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications." |
| 2080 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/10/2014 | 2/9/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms." |
| 2079 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Drive West Houston, TX 77070 USA Rahul Philip Mampallil TEL: +91 80 33841568 Karthik Bhagawan TEL: +91 80 25166873 FAX: +91 80 28533522 CST Lab: NVLAP 200928-0 | HP-UX Kernel Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/07/2014 | 2/6/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode) -FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)." |
| 2074 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009 USA David Schmolke TEL: 760-476-2461 FAX: 760-476-4110 Richard Quintana TEL: 760-476-2481 FAX: 760-476-4110 CST Lab: NVLAP 100432-0 | Embeddable Security System (ES-1200) (Hardware Versions: P/N 1174941, Rev. 001; Firmware Version: 1.0.7) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 03/12/2014 | 3/11/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207) -Other algorithms: NDRNG Multi-chip embedded "The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography." |
| 2073 | GoldKey Security Corporation 26900 E Pink Hill Road Independence, MO 64057 USA GoldKey Sales & Customer Service TEL: 816-220-3000 FAX: 419-301-3208 Jon Thomas TEL: 567-270-3830 FAX: 419-301-3208 CST Lab: NVLAP 200658-0 | GoldKey Security Token Cryptographic Module (Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12) (When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/29/2014 | 1/28/2019 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384) -Other algorithms: N/A Single-chip "Provides cryptographic algorithm implementation for GoldKey Products" |
| 2072 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card Cryptographic Module (Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/29/2014 04/22/2016 | 4/21/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280) -Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
| 2070 | API Technologies Corp. 4705 S. Apopka Vineland Road Suite 210 Orlando, FL 32819 USA Henry Gold TEL: 855-294-3800 CST Lab: NVLAP 200556-0 | Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/24/2014 04/23/2014 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms." |