CMVP Main PageLast Updated: 8/25/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
| Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
|---|---|---|---|---|---|---|
| 2515 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager 5.2 (Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 12/29/2015 | 12/28/2020 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiManager-4000D with the Fortinet entropy token (part number FTR-ENT-1 ) -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances." |
| 2514 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-204 and AP-205 Wireless Access Points (Hardware Versions: AP-204-F1 and AP-205-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2015 01/15/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3176 and #3177); CVL (Cert. #423); DRBG (Cert. #660); ECDSA (Certs. #580 and #581); HMAC (Certs. #2004 and #2005); RSA (Certs. #1613, #1614 and #1615); SHS (Certs. #2629, #2630 and #2631); Triple-DES (Certs. #1812 and #1813) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, the AP 204 & 205 support encrypted management and WPA2 tunneled pass through to Aruba Mobility Controllers. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2511 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Integrated Services Router (ISR) 4351 and 4331 (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Cisco Integrated Services Router (ISR) 4321 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Versions: ISR 4351 [1], ISR 4331 [2] and ISR 4321 [3] with SM-ES3X-16-P [1,2], SM-ES3X-24-P [1,2], SM-D-ES3X-48-P [1,2], PVDM4-32 [1,2,3], PVDM4-64 [1,2,3], PVDM4-128 [1,2,3] and PVDM4-256 [1,2,3]; Firmware Version: IOS-XE 3.13.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2015 | 12/23/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Certs. #1671 and #1688) -Other algorithms: AES (non-compliant); DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KBKDF (non-compliant); Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2510 | Athena SCS, Inc. 16615 Lark Ave. Suite 202 San Jose, CA 95032 USA Stephanie Motre TEL: 408-884-8316 FAX: 408-884-8320 CST Lab: NVLAP 100432-0 | iEngine SSID Applet on Athena SCS IDProtect Duo for SLE78 (Hardware Version: Infineon SLE78CLFX4000P P-MCC8-2-6 package; Firmware Version: Athena IDProtect 0302.0306.0004 with iEngine SSID Applet V1.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/23/2015 | 12/22/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3435); DRBG (Cert. #836); ECDSA (Cert. #690); KBKDF (Cert. #59); SHS (Cert. #2835) -Other algorithms: NDRNG Single Chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smartcard operating system with 404KB of Flash. IDProtect is compliant with the latest Java Card 3.0.4 and Global Platform 2.2.1 specifications. IDProtect supports FIPS approved DRBG, SHA-2, AES, ECDSA and ECC key generation. The SSID Java Card applet of iEngine is an applet supporting the latest version of the SSID standard for high-performance government application." |
| 2509 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Nagesh Kuriyavar TEL: 402-885-2812 FAX: 402-758-7332 Paul Rozeboom TEL: 402-885-2698 FAX: 402-758-7332 CST Lab: NVLAP 200658-0 | HP OpenCall HLR Cryptographic Module (Software Version: I-HSS 01.08.01) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/22/2015 | 12/21/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): HP NonStop v J06.18 running on Integrity NonStop BladeSystem NB54000c (single-user mode) -FIPS Approved algorithms: AES (Cert. #3503); DRBG (Cert. #872); HMAC (Cert. #2237); SHS (Cert. #2890) -Other algorithms: N/A Multi-Chip Stand Alone "The HP OpenCall HLR Cryptographic Module provides cryptographic services that allows the HP OpenCall HLR to protect sensitive application and subscriber data at rest and during transit" |
| 2508 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Tohru Iwamoto TEL: +81-45-776-4488 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (AL14SEQ model) (Hardware Versions: A0 with AL14SEQ18EPB, AL14SEQ12EPB, AL14SEQ09EPB, AL14SEQ18EQB, AL14SEQ12EQB, AL14SEQ09EQB; Firmware Version: 0101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/22/2015 | 12/21/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3537 and #3538); DRBG (Cert. #895); RSA (Cert. #1818); SHS (Cert. #2916) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2507 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Flash Memory Protector V1.0 (Hardware Version: 3.0; Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Lollipop 5.1.1 running on Samsung Galaxy S6 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3332); HMAC (Cert. #2123); SHS (Cert. #2765) -Other algorithms: N/A Multi-Chip Stand Alone "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services." |
| 2506 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Drive West Houston, TX 77070 USA Catherine Schwartz CST Lab: NVLAP 200556-0 | HP P-Class Smart Array Gen9 RAID Controllers (Hardware Versions: P244br, P246br, P440, P441, and P741m; Firmware Version: 2.52) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2902 and #2903); DRBG (Certs. #529 and #530); HMAC (Certs. #1837 and #1838); PBKDF (vendor affirmed); SHS (Certs. #2442 and #2443) -Other algorithms: AES (Certs. #2902 and #2903, key wrapping); NDRNG Multi-Chip Embedded "The HP P-Class Smart Array RAID Controllers make up a family of serial-attached SCSI host bus adapters that provide intelligent control for storage array. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest, for the controlled storage arrays." |
| 2505 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco FIPS Object Module (Software Version: 6.0) (When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 without Octeon Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 with Octeon Linux 2.6 running on an Intel Xeon on a Cisco UCS C22 M3 Android v4.4 running on a Qualcomm Snapdragon Pro APQ8064 ARMv7 on a Google Nexus 4 Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 without PAA Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 with PAA FreeBSD 9.2 running on an Intel Xeon on a Cisco UCS C200 M2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3404 and #3405); CVL (Certs. #504, #505, #506 and #507); DRBG (Certs. #817 and #818); DSA (Certs. #961 and #962); ECDSA (Certs. #678 and #679); HMAC (Certs. #2172 and #2173); KBKDF (Certs. #52 and #53); RSA (Certs. #1743 and #1744); SHS (Certs. #2817 and #2818); Triple-DES (Certs. #1926 and #1927) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2504 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder FIPS Java Module (Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/18/2015 01/22/2016 | 1/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2] Solaris 10 64-bit [1, 2] Red Hat Linux AS 5.5 32-bit [1, 2] Red Hat Linux AS 5.5 64-bit [1, 2] Windows Vista 32-bit [1, 2] Windows Vista 64-bit [1, 2] Windows 2008 Server 64-bit [1, 2] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3] -FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62) -Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
| 2503 | Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA Michael Vickers FAX: 434-455-6851 CST Lab: NVLAP 200996-0 | Harris AES Load Module (Firmware Version: R06A02) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2015 | 12/17/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Blackfin BF707 DSP with Harris BIOS kernel v1 -FIPS Approved algorithms: AES (Cert. #3338); KTS (AES Cert. #3338) Multi-Chip Stand Alone "The Harris AES Load Module is a firmware module which support to secure voice and data communications by providing Advanced Encryption Standard (AES) algorithm encryption/decryption as specified in FIPS 197. It interacts with a Digital Signal Processor (DSP) application executing on the Harris XL family of radios and other terminal products in order to provide its services to those terminals." |
| 2502 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/18/2015 01/22/2016 | 1/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2] Solaris 10 64-bit [1, 2] Red Hat Linux AS 5.5 32-bit [1, 2] Red Hat Linux AS 5.5 64-bit [1, 2] Windows Vista 32-bit [1, 2] Windows Vista 64-bit [1, 2] Windows 2008 Server 64-bit [1, 2] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3] -FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62) -Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; Multi-Chip Stand Alone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerryproducts such as the BlackBerry PlayBook Administration Service, and other BlackBerry products." |
| 2501 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Drive West Houston, TX 77070 USA Julie Ritter TEL: 1-281-514-4087 Fred Bertram TEL: 1-832-502-5916 CST Lab: NVLAP 200928-0 | HP BladeSystem c-Class Virtual Connect Module (Firmware Version: 4.41) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2015 | 12/17/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): HP Virtual Connect Flex-10/10D Blade HP Virtual Connect Flex-10 10Gb Ethernet Blade HP Virtual Connect FlexFabric 10Gb/24-Port Blade HP Virtual Connect FlexFabric 20/40 F8 Blade -FIPS Approved algorithms: AES (Cert. #3334); CVL (Cert. #488); DRBG (Cert. #776); HMAC (Cert. #2125); PBKDF (vendor affirmed); RSA (Cert. #1713); SHS (Cert. #2769); Triple-DES (Cert. #1904) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; OpenSSL md_rand Multi-Chip Embedded "Virtual Connect implements server edge virtualization between the server and data center infrastructure allowing networks to communicate with individual servers or pools of HP BladeSystem server blades. Virtual Connect simplifies the setup and administration of server LAN and SAN connections." |
| 2500 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/18/2015 | 12/17/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone ""Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2499 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/18/2015 | 12/17/2020 | Overall Level: 2 Multi-Chip Stand Alone |
| 2498 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-214, AP-215, AP-274, AP-275, AP-277 and AP-228 Wireless Access Points (Hardware Versions: AP-214-F1, AP-215-F1, AP-274-F1, AP-275-F1, AP-277-F1 and AP-228-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/17/2015 01/15/2016 07/06/2016 10/03/2016 | 10/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1648, #1649, #2884 and #2900); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #538, #967, #1818 and #1835); KBKDF (Cert. #32); RSA (Certs. #1517, #1518 and #1528); SHS (Certs. #934, #1446, #2424, #2425 and #2440); Triple-DES (Certs. #758, #1075, #1720 and #1726) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2497 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 2504, 7500, 8510 Wireless LAN Controllers and Cisco Catalyst 6807-XL Switch with Wireless Services Module-2 (WiSM2) (Hardware Versions: (2504, 7500, 8510 with CN56XX) and (6807-XL with WiSM2, CN56XX and one Supervisor Blade: [VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL]); Firmware Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Cisco Flex 7500 and the 8500 Series Controllers are highly scalable branch controllers for enterprise, service provider and multisite wireless deployments. The Cisco 2500 Series Wireless Controller are used in small to medium-sized enterprises and branch offices.The Cisco Wireless Service Module-2 (WiSM2) Controller for Cisco Catalyst 6800 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2496 | Dell, Inc. 5450 Great America Parkway Santa Clara, CA 95054 USA Srihari Mandava TEL: 408-571-3522 Jeff Yin TEL: 408-571-3689 CST Lab: NVLAP 200002-0 | Dell OpenSSL Cryptographic Library (Software Versions: 2.3 [1] and 2.4 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/16/2015 08/22/2016 01/30/2017 | 1/29/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): [1] Dell EMC Networking OS 9.8(0.0) running on a Dell EMC Networking S3048-ON, Dell EMC Networking S4048-ON, Dell Networking S4810, Dell Networking S4820T, Dell EMC Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell EMC Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator [2] Dell EMC Networking OS 9.10(0.1) and Dell EMC Networking OS 9.11(0.0) running on a Dell EMC Networking S3048-ON, Dell EMC Networking S4048-ON, Dell Networking S4810, Dell Networking S4820T, Dell EMC Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell EMC Networking MXL, Dell PowerEdge M I/O Aggregator, Dell PowerEdge FN I/O Aggregator, Dell EMC Networking S3124, Dell EMC Networking S3124F, Dell EMC Networking S3124P, Dell EMC Networking S3148, Dell EMC Networking S3148P, Dell EMC Networking S6100-ON, Dell EMC Networking Z9100-ON, Dell EMC Networking C9010, Dell EMC Networking S4048T-ON, and Dell EMC Networking S6010-ON (single-user mode) -FIPS Approved algorithms: AES (Certs. #3440, #4043 and #4320); DRBG (Certs. #839, #1210 and #1376); DSA (Certs. #968, #1094 and #1150); HMAC (Certs. #2189, #2638 and #2853); RSA (Certs. #1761, #2075 and #2334); SHS (Certs. #2840, #3332 and #3556); Triple-DES (Certs. #1938, #2210 and #2334) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); ANSI X9.31 RNG (non-compliant); Triple-DES CMAC (non-compliant); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant) Multi-Chip Stand Alone "Dell OpenSSL Cryptographic Library v2.3 and v2.4 is used within various Dell EMC Networking products, including the S and Z-Series. Dell EMC Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell EMC Networking OS." |
| 2495 | Cavium Inc. 2315 N 1st Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 FAX: n/a Tejinder Singh TEL: 408-943-7403 FAX: n/a CST Lab: NVLAP 100432-0 | NITROXIII CNN35XX-NFBE HSM Family (Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Versions: CNN35XX-NFBE-FW-1.0 build 35, CNN35XX-NFBE-FW-1.0 build 38, CNN35XX-NFBE-FW-1.0 build 39, CNN35XX-NFBE-FW-1.0 build 44 or CNN35XX-NFBE-FW-1.0 build 48) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 02/23/2016 06/03/2016 08/19/2016 | 8/18/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE Multi-Chip Embedded "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers." |
| 2494 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye NX Series: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450 (Hardware Versions: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats." |
| 2493 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye FX Series: FX-5400, FX-8400 (Hardware Versions: FX-5400, FX-8400; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5 Multi-Chip Stand Alone "The FireEye FX series is a group of threat prevention platforms that protect content against attacks originating in a wide range of file types. Web mail, online file transfer tools, the cloud, and portable file storage devices can introduce malware that can spread to file shares and content repositories. The FireEye FX platform analyzes network file shares and enterprise content management stores to detect and quarantine malware brought in by employees and others that bypass next-generation firewalls, IPS, AV, and gateways." |
| 2492 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye EX Series: EX-3400, EX-5400, EX-8400, EX-8420 (Hardware Versions: EX-3400, EX-5400, EX-8400, EX-8420; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5 Multi-Chip Stand Alone "The FireEye EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks." |
| 2491 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye CM Series: CM-4400, CM-7400, CM-9400 (Hardware Versions: CM-4400, CM-7400, CM-9400; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-generated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms." |
| 2490 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) (Hardware Versions: (6506, 6506-E, 6509 and 6509-E) with WiSM2, CN56XX, WS-X6K-SLOT-CVR-E, WS-SVCWISM2FIPKIT= , [CVPN6500FIPS/KIT=, version D0] and one Supervisor Blade: (VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL); Firmware Version: 8.0) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Cisco Wireless Service Module 2 (WiSM2) Controller for Cisco Catalyst 6500 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2489 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded ""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."" |
| 2488 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded ""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."" |
| 2487 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2486 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® Backup HSM Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster." |
| 2485 | Chunghwa Telecom Co., Ltd. No.99, Dianyan Road Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiKey PKI Token (Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.0) (With tamper evident seals and security devices installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/14/2015 01/22/2016 | 1/21/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #608); RSA (Cert. #1585); SHS (Cert. #2557); Triple-DES (Cert. #1783) -Other algorithms: NDRNG; Triple-DES (Cert. #1783, key wrapping methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-Chip Stand Alone "The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards." |
| 2484 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/14/2015 | 12/13/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #486) -Other algorithms: N/A Multi-Chip Stand Alone "SUSE StrongSwan is a complete Ipsec implementation for Linux kernel." |
| 2483 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 201029-0 | CryptoComplyTM | Java (Software Version: 2.2-fips) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/11/2015 01/25/2016 | 1/24/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "CryptoComplyTM | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2482 | Draeger Medical Systems Inc. 6 Tech Drive Andover, MA 01923 USA Michael Robinson TEL: +1 978 379 8000 FAX: +1 978 379 8538 CST Lab: NVLAP 200802-0 | DRAEGER WCM9113 802.11ABGN VG2 (Hardware Version: MS32018 Rev. 02; Firmware Version: VG2 with Bootloader version 1.7) (When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/07/2015 | 12/6/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2058 and #3223); KTS (AES Cert. #3223; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2661); HMAC (Cert. #2026); RSA (Cert. #1639); DRBG (Cert. #908); KBKDF (Cert. #45); CVL (Cert. #440) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; DES; HMAC-MD4; HMAC-MD5 Multi-Chip Embedded "The DRAEGER WCM9113 802.11ABGN VG2 is a dual band 802.11n Wireless Communications Module used in a variety of Draeger products for wireless communications." |
| 2481 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5) (This validation entry is a non-security relevant modification to Cert. #1694) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/02/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2480 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5) (This validation entry is a non-security relevant modification to Cert. #1693.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/02/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2479 | Dell EMC 176 South Street Hopkinton, MA 01748 USA Kerry Bellefontaine CST Lab: NVLAP 200556-0 | VMAX 6 Gb/s SAS I/O Module with Encryption from EMC (Hardware Version: 303-161-101B-05; Firmware Versions: 2.13.39.00, 2.13.43.00) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/01/2015 12/02/2016 | 12/1/2021 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3255); KTS (AES Cert. #3255); HMAC (Cert. #2053); SHS (Cert. #2692) -Other algorithms: N/A Multi-Chip Embedded "Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including the Symmetrix VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 6Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system." |
| 2478 | KONA I Co., Ltd. KONA I, 6F, 30, Eunhaeng-Ro Yeongdeungpo-Gu Seoul 150-872 South Korea (ROK) Irene Namkung TEL: +82 (0)2 2168 7586 FAX: +82 (0)2 3440 4405 CST Lab: NVLAP 100432-0 | KONA N41M0 (Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and PKI Applet v1.3.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/25/2015 | 11/24/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718) -Other algorithms: NDRNG; AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single Chip "The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2." |
| 2476 | KONA I Co., Ltd. KONA I, 6F, 30, Eunhaeng-Ro Yeongdeungpo-Gu Seoul 150-872 South Korea (ROK) Irene Namkung TEL: +82 (0)2 2168 7586 FAX: +82 (0)2 3440 4405 CST Lab: NVLAP 100432-0 | KONA N41M0 (Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and Demonstration Applet v1.2.4) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/20/2015 | 11/19/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single Chip "The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2." |
| 2475 | Red Cocoa II L.L.C. 8200 Cody Drive Suite G-2 Lincoln, NE 68512 USA Andy Lenhart TEL: 402-467-1086 FAX: n/a Mark Nispel TEL: 402-467-1086 FAX: n/a CST Lab: NVLAP 100432-0 | C-ACE (Hardware Version: STM32F405OG; Firmware Version: Bootloader: 0.0.1; Application: 1.0.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/16/2015 | 11/15/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3137); DSA (Cert. #908); SHS (Cert. #2605) -Other algorithms: NDRNG; AES MAC (AES Cert. #3137, vendor affirmed; P25 AES OTAR); AES (Cert. #3137, key wrapping) Single Chip "The C-ACE module is a single-chip cryptographic engine designed to be implemented in a radio compliant with the APCO Project 25 Over-The-Air Rekeying (OTAR) protocol." |
| 2474 | Samsung Electronics Co., Ltd. 129 Samsung-ro Yeongtong-gu Suwon-si, Gyeonggi-do 16677 South Korea Changsup Ahn TEL: +82-2-6147-7088 FAX: N/A Jisoon Park TEL: +82-2-6147-7095 FAX: N/A CST Lab: NVLAP 200658-0 | Samsung CryptoCore Module (Software Version: 0.2.9) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/16/2015 03/22/2016 03/24/2016 | 3/23/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Ubuntu 14.04 running on Lenovo T540p with Intel i7 Tizen 2.3 running on Samsung UN55JU6700 with Samsung Hawk-MU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3459 and #3460); CVL (Certs. #530 and #537); DRBG (Certs. #847 and #848); DSA (Certs. #976 and #977); ECDSA (Certs. #700 and #701); HMAC (Certs. #2205 and #2206); RSA (Certs. #1774 and #1775); SHS (Certs. #2855 and #2856); Triple-DES (Certs. #1950 and #1951) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #530 and #537, key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IBS; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNOW2; NDRNG; RNG Multi-Chip Stand Alone "A multipurpose cryptographic library which provides symmetric/asymmetric cipher, message digest, key agreement, and PRNG services." |
| 2473 | OpenSSL Validation Services 1829 Mount Ephraim Road Adamstown, MD 21710 USA Steve Marquess TEL: 301-874-2571 CST Lab: NVLAP 100432-0 | OpenSSL FIPS Object Module RE (Software Version: 2.0.9 or 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2015 01/25/2016 04/28/2016 01/10/2017 01/20/2017 01/30/2017 03/17/2017 04/25/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2) iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56) iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56) VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56) iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.4.1) FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.4.1) Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) without NEON (gcc Compiler Version 4.8.1) Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) with NEON (gcc Compiler Version 4.8.1) Linux 4.4 running on ARM926EJS (ARMv5) (gcc Compiler Version 4.8.3) Timesys 2.6 running on PowerPC 440 (PPC) (gcc Compiler Version 4.6.3) uClinux-dist-5.0 running on Marvell Feroceon 88FR131 (ARMv5TE) (gcc Compiler Version 4.8.3) uClinux-dist-5.0 running on Marvell Armada 370 (ARMv7) (gcc Compiler Version 4.8.3) uClibc 0.9 running on ARM926EJS (ARMv5TEJ) (gcc Compiler Version 4.8.1) uClibc 0.9 running on Marvell PJ4 (ARMv7) (gcc Compiler Version 4.8.1) uClibc 0.9 running on ARM922T (ARMv4T) (gcc Compiler Version 4.8.1) LMOS 7.2 running on Intel Xeon E3-1231 (x86) without AES-NI (gcc Compiler Version 4.8.4) LMOS 7.2 running on Intel Xeon E3-1231 (x86) with AES-NI (gcc Compiler Version 4.8.4) Debian 7.9 running on Marvell Mohawk (ARMv5TE) (gcc Compiler Version 4.4.5) Linux 3.16 running on Atmel ATSAMA5D35 (ARMv7) (gcc Compiler Version 4.8.3) Linux 3.16 running on Atmel ATSAM9G45 (ARMv5TEJ) (gcc Compiler Version 4.8.3) Android 4.4 32bit running on Intel Atom Z3735F (x86) (gcc Compiler Version 4.8) Linux 3.14 running on ARM Cortex A9 (ARMv7) without NEON (gcc Compiler Version 4.8.2) Linux 3.14 running on ARM Cortex A9 (ARMv7) with NEON (gcc Compiler Version 4.8.2) LMOS 7.2 under VMware ESXi 6.5 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.8.4) LMOS 7.2 under VMware ESXi 6.5 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.8.4) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3090 and #3264); CVL (Certs. #372 and #472); DRBG (Certs. #607 and #723); DSA (Certs. #896 and #933); ECDSA (Certs. #558 and #620); HMAC (Certs. #1937 and #2063); RSA (Certs. #1581 and #1664); SHS (Certs. #2553 and #2702); Triple-DES (Certs. #1780 and #1853) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "The OpenSSL FIPS Object Module RE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications." |
| 2472 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSH Client Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/13/2015 | 11/12/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #483) -Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519 Multi-Chip Stand Alone "SUSE client software that provides encrypted network communication using the SSH protocol." |
| 2471 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSH Server Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/13/2015 | 11/12/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #483) -Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519 Multi-Chip Stand Alone "SUSE server software that provides encrypted network communication using the SSH protocol." |
| 2470 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion, No.9 Xueqing Road Haidian District, Beijing, Beijing 100085 China Peng Jie TEL: +86-010-62304466 FAX: +86-010-62304477 Tibi Zhang TEL: +(86)010-62304466 FAX: +(86)010-62304477 CST Lab: NVLAP 100432-0 | FT-JCOS (Feitian Java Card Platform) (Hardware Versions: P/Ns SLE78CLFX4000PM [1], SLE77CLFX2400PM [2] and SLE78CLUFX5000PHM [3]; Firmware Versions: 1.0.0 [1], 1.0.1 [2] and 1.0.2 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2015 | 11/4/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2357, #2358, #3182, #3183, #3184 and #3185); DRBG (Certs. #300, #664 and #665); KBKDF (Certs. #9, #42 and #43); RSA (Certs. #1216, #1617 and #1623); SHS (Cert. #2030); Triple-DES (Certs. #1474, #1814 and #1815); Triple-DES MAC (Triple-DES Certs. #1474, #1814 and #1815, vendor affirmed) -Other algorithms: NDRNG; AES (Certs. #2357, #3182 and #3183, key wrapping; key establishment methodology provides 256 bits of encryption strength) Single Chip "The FT-JCOS (Feitian Java Card Platform) cryptographic module, validated to FIPS 140-2 overall Level 3, is a single chip smartcard module implementing the JavaCard and Global Platform operational environment, with Card Manager also considered as Issuer Security Domain (ISD), a demonstration Applet used to demonstrate the cryptographic functions of the module, and a supplementary security domain that is also considered as Applet Provider Security Domain (APSD).The FT-JCOS exposes PKI and MoC APIs and is designed for high performance Government, Enterprise and Financial smartcard applications." |
| 2469 | RSA, the Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200997-0 | RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module (Software Versions: 6.2 and 6.2.1.1) (When operated in FIPS Mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 04/12/2016 01/24/2017 02/09/2017 | 1/23/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15 Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012) OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3263); CVL (Certs. #471 and #1024); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (AES Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852) -Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman (CVL Cert. #1024, key agreement); EC Diffie-Hellman (CVL Cert. #1024, key agreement); ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant) Multi-Chip Stand Alone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2468 | RSA, the Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200997-0 | RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module (Software Versions: 6.2 and 6.2.1.1) (When operated in FIPS Mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 04/12/2016 01/24/2017 02/09/2017 | 1/23/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15 Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012) OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3263); CVL (Certs. #471 and #1024); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (AES Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852) -Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman (CVL Cert. #1024, key agreement); EC Diffie-Hellman (CVL Cert. #1024, key agreement); ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant) Multi-Chip Stand Alone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2467 | Pure Storage, Inc. 650 Castro Street, Suite 400 Mountain View, CA 94041 USA Marco Sanvido TEL: 800-379-7873 FAX: 650-625-9667 Ethan Miller TEL: 800-379-7873 FAX: 650-625-9667 CST Lab: NVLAP 100432-0 | Purity Encryption Module (Hardware Version: Intel Xeon x64 CPU E5-2670 v2; Software Version: 1.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Purity Operating Environment 4 running on a Dell PowerEdge R620 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3488); DRBG (Cert. #862); HMAC (Cert. #2227); KTS (Cert. #3488); SHS (Cert. #2881) -Other algorithms: NDRNG Multi-Chip Stand Alone "Purity Encryption Module is a standalone cryptographic module for the Purity Operating Environment (POE). POE powers Pure Storage's FlashArray family of products witch provide economical all-flash storage. Purity Encryption Module enables FlashArray to support always-on, inline encryption of data with an internal key management scheme that requires no user intervention." |
| 2466 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009-1699 USA Savitha Naik TEL: 760-476-7416 FAX: 760-929-3941 David Suksumrit TEL: 760-476-2306 FAX: 760-929-3941 CST Lab: NVLAP 100432-0 | Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1, 1091552 Version 1, and 1047117; Firmware Version: 02.07.02 or 02.07.04) (The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/30/2015 12/14/2015 11/08/2016 | 11/7/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3448, #3449 and #3450); CVL (Certs. #454 and #455); DRBG (Cert. #844); ECDSA (Cert. #697); HMAC (Cert. #2196); KAS (Cert. #60); KTS (AES Cert. #3448; key establishment methodology provides 192 or 256 bits of encryption strength); SHS (Certs. #2689, #2690 and #2846) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant); DSA (non-compliant); RSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); PBKDF (non-compliant); HMAC MD5; MD5; DES Multi-Chip Embedded "The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions." |
| 2465 | Silent Circle 4210 Fairfax Corner West Ave. Suite 215 Fairfax, VA 22033 USA Eric Carter Allen Stone CST Lab: NVLAP 201029-0 | Mobile Application Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 02/11/2016 06/20/2016 03/13/2017 | 6/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-Chip Stand Alone "The Silent Circle Mobile Application Cryptographic Module provides cryptographic functions for Silent Circle mobile applications, including Silent Phone Silent Text, Silent World, Silent VPN, and Silent Manager." |
| 2464 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3433 and #3434); DRBG (Certs. #831, #832, #833 and #834); DSA (Cert. #967); ECDSA (Cert. #689); HMAC (Certs. #2183, #2184, #2185 and #2186); RSA (Cert. #1757); SHS (Certs. #2831, #2832, #2833 and #2834); Triple-DES (Cert. #1936) -Other algorithms: AES (Certs. #3433 and #3434, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM (non-compliant); ARC4; Blowfish; Camellia; CAST5; CRC32; DES; EC-Gost; EdDSA; ElGamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPE-MD 160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Salsa20; SEED; Serpent; Scrypt; Tiger; Twofish; Whirlpool Multi-Chip Stand Alone "SUSE Libgcrypt is a general purpose cryptographic library based on the code from GnuPG." |
| 2463 | Accellion, Inc. 1804 Embarcadero Road, Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_4_0_1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 5 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2317, #2318, and #3326); CVL (Certs. #481 and #482); DRBG (Cert. #772); ECDSA (Cert. #655); HMAC (Certs. #2117 and #2118); RSA (Cert. #1707); SHS (Certs. #2758 and #2759); Triple-DES (Cert. #1898) -Other algorithms: NDRNG; AES (Cert. #3326, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); PKCS #3 Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-Chip Stand Alone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2462 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Module (Hardware Versions: P/N: 3289094-A(BS12GE) Version: B/D4, B/D5, B/D4a, B/D5a, B/D6, B/D7 or B/D8; Firmware Versions: 03.07.49.00, 03.07.54.00, 03.07.56.00) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/29/2015 02/25/2016 04/07/2016 08/04/2017 | 4/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); KTS (AES Cert. #3305); SHS (Cert. #2738) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Module provides high speed data at rest encryption for Hitachi storage." |
| 2461 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3 (Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2460 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2 (Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 01/30/2017 | 1/29/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2459 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 04/11/2017 | 10/26/2020 | Overall Level: 2 Multi-chip standalone |
| 2458 | Barracuda Networks 3175 Winchester Boulevard Campbell, CA 95008 USA Andrea Cannon TEL: 703-743-9068 FAX: 408-342-1061 CST Lab: NVLAP 200423-0 | Barracuda Cryptographic Software Module (Software Version: 1.0.1.8) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/22/2015 12/08/2016 | 12/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Barracuda OS v2.3.4 running on a BNHW003 without PAA Barracuda OS v2.3.4 running on a BNHW003 with PAA Barracuda OS v2.3.4 running on a BNHW002 without PAA Barracuda OS v2.3.4 running on a BNHW008 with PAA Barracuda NextGen Firewall and Control Center OS 7 under Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 with PAA Barracuda NextGen Firewall and Control Center OS 7 under Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3165 and #4144); CVL (Certs. #414 and #948); DRBG (Certs. #651 and #1258); DSA (Certs. #911 and #1125); ECDSA (Certs. #576 and #953); HMAC (Certs. #1993 and #2716); RSA (Certs. #1603, #1690 and #2259); SHS (Certs. #2618 and #3412); Triple-DES (Certs. #1803 and #2264) -Other algorithms: EC Diffie-Hellman (shared secret computation); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic functions for applications in Barracuda security products that require FIPS 140-2 approved cryptographic functions." |
| 2457 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba 7XXX Series Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 7005-F1, Aruba 7005-USF1, Aruba 7010-F1, Aruba 7010-USF1, Aruba 7024-F1, Aruba 7024-USF1, Aruba 7030-F1, Aruba 7030-USF1, Aruba 7205-F1 and Aruba 7205-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/22/2015 01/14/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2477, #2884, #2900 and #3014); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #1520, #1818, #1835 and #1906); KBKDF (Cert. #32); RSA (Certs. #1266, #1517, #1518, #1528 and #1573); SHS (Certs. #2096, #2424, #2425, #2440 and #2522); Triple-DES (Certs. #1516, #1720, #1726 and #1770) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2456 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200928-0 | Acme Packet 3820 and Acme Packet 4500 (Hardware Version: A1; Firmware Versions: ECx6.4.1 and ECx6.4.1M1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/21/2015 | 10/20/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #928 and #1555); CVL (Certs. #480 and #498); DRBG (Certs. #762 and #791); HMAC (Certs. #519, #907, #2107 and #2143); RSA (Certs. #1697 and #1724); SHS (Certs. #912, #1378, #2748 and #2788); Triple-DES (Certs. #745 and #1019) -Other algorithms: DES; ARC4; HMAC-MD5; SNMP KDF (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Acme Packet 3820 and 4500 are one rack unit (1U) platforms that feature Oracle's purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications - voice, video, and application data sessions - across Internet Protocol (IP) network borders." |
| 2455 | SiCore Technologies Inc. 200 Finn Court Farmingdale, NY 11735 USA Godfrey Vassallo TEL: 631-327-2019 CST Lab: NVLAP 100432-0 | SHIELD Secure Coprocessor (Hardware Version: SHIELD Secure CoProcessor V1.0; Firmware Versions: MFF V1.0, FPGA V1.0, SC V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/14/2015 | 10/13/2020 | Overall Level: 3 -Design Assurance: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2195); RSA (Cert. #1131); SHS (Cert. #1901) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Embedded "A secure co-processor with a PCI Express Interface" |
| 2454 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm FIPS Object Module (Software Version: 6.3.4) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2015 05/05/2016 | 5/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0) Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0) Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00) uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1) Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1) HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0) Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4) Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00) Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3) Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0) Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0) VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2) Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2) Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2) Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2) Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3) Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3) Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2) Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2) CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2) Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6) Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6) Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3) Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1) Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM) Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM) Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0) DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13) Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3) NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3) NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3) Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64) Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6) Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3) Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2) Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3) QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1) eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)1 Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3) Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)2 iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)3 Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1) AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2) Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5) Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5) ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2) FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3) FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1) QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1) Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1) Microsoft Windows Server 2008 R2 running on an Intel Xeon E5-2420 (x64) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3363); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #497); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #790); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #953); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #666); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2142); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581 and #1723); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2787); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1913) -Other algorithms: EC Diffie-Hellman; RNG; RSA (encrypt/decrypt) Multi-chip standalone "The LogRhythm FIPS Object Module 6.3.4 is a general purpose cryptographic module. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modification." |
| 2453 | Palo Alto Networks 4401 Great America Pkwy Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Panorama M-100 (Hardware Versions: P/Ns 910-000030 Version 00D, 910-000092 Version 00D, FIPS Kit P/N 920-000140 Version 00A; Firmware Version: 6.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 04/21/2016 | 4/20/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3180); RSA (Cert. #1616); HMAC (Cert. #2006); SHS (Cert. #2632); DRBG (Cert. #662); CVL (Cert. #425) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "Panorama on the M-100 provides centralized management and visibilty of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. Using Panorama for policy and device management increases operational effeciency in managing and maintaining distributed network of firewalls." |
| 2452 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 650-265-3634 FAX: n/a CST Lab: NVLAP 100432-0 | Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N AJ558-2102A; Firmware Versions: Loader Version 0.67, PSMCU Version 2.13) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 01/25/2016 | 1/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3234); DRBG (Cert. #695); RSA (Cert. #1644); SHS (Cert. #2674) -Other algorithms: NDRNG Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing, key management, and storage capabilities." |
| 2451 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Su-Chen Lin TEL: 408-839-9840 Seyed Safaish TEL: 408-745-8158 CST Lab: NVLAP 100432-0 | Juniper Networks RE1800 and RE2600 Routing Engines Cryptographic Modules (Hardware Versions: P/Ns RE-S-1800X2-XXG, RE-S-1800X4-XXG, RE-S-EX9200-1800X4-XXG, RE-DUO-C1800-16G, RE-B-1800X1-4G, RE-A-1800X2-XXG, RE-DUO-C2600-16G, 520-052564; Firmware Version: Junos 14.1R4 with Junos FIPS mode utilities 14.1R4) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 | 9/29/2020 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1879 and #1880); AES (Cert. #3296); SHS (Certs. #2734, #2735 and #2736); HMAC (Certs. #2092 and #2094); ECDSA (Cert. #639); RSA (Cert. #1685); CVL (Cert. #470); DRBG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of strength); HMAC-SHA-1-96 (HMAC Certs. #2092 and #2094); NDRNG Multi-chip embedded "The Juniper Networks RE1800 and RE2600 Routing Engines, are multi-chip embedded cryptographic modules that control a router or switch's interfaces, system management, and user access to the device. The RE runs Junos 14.1R4 with the FIPS mode package. The RE is compatible with the Juniper Networks MX Series 3D Universal Edge Routers, EX Series Switches, T Series Routers, M Series Multiservice Edge Routers, and PTX Series Packet Transport Routers. These devices provide dedicated high-performance flow processing and integrate advanced security capabilities." |
| 2450 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Versions: MZILS920HCHP-000H9 [1, 2], MZILS960HCHP-000H9 [1, 2], MZILS1T9HCHP-000H9 [1, 2], MZILS3T8HCJM-000H9 [1, 2], MZILS400HCGR-000C6 [3], MZILS800HCHP-000C6 [3], MZILS1T6HCHP-000C6 [3] and MZILS3T2HCJM-000C6 [3]; Firmware Versions: 3P00 [1], 3P02 [2] and EXP2 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/23/2015 03/21/2016 | 3/20/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121) -Other algorithms: NDRNG Multi-chip standalone |
| 2449 | Cobham TCS Limited The Cobham Centre - Solent Fusion 2 1100 Parkway Solent Business Park Whiteley, Hampshire PO15 7AB United Kingdom Graham Foord TEL: +44 (0) 1489 566750 FAX: +44 (0) 1489 880538 Neil McSparron TEL: +44 (0) 1489 566750 FAX: +44 (0) 1489 880538 CST Lab: NVLAP 200928-0 | Cobham AES Cryptographic Firmware-Hybrid Module (Hardware Version: Freescale ColdFire MCF54453; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 09/23/2015 | 9/22/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cobham D1705D TX with FreeRTOS Operating System version 6.0.5 -FIPS Approved algorithms: AES (Cert. #3211); SHS (Cert. #2658); HMAC (Cert. #2024) -Other algorithms: DES; CRC32 Multi-chip standalone "The Cobham AES Cryptographic Firmware-Hybrid Module is used in Cobham’s products to provide secure AES Encryption such as in the NETNode IP Mesh radio to protect data transmitted over the NETNode high capacity ad-hoc multi-radio mesh network." |
| 2448 | Vectra Networks 550 South Winchester Blvd, Suite 200 Bin 007 San Jose, CA 95128 USA Jason Kehl CST Lab: NVLAP 201029-0 | Vectra Networks Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/17/2015 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Vectra Networks Cryptographic Module provides cryptographic functions for the Vectra X-Series platforms software, which delivers a new class of advanced persistent threat (APT) defense delivering real-time detection and analysis of active network breaches." |
| 2447 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSH Client Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/16/2015 04/28/2016 | 4/27/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Certs. #526 and #527) -Other algorithms: N/A Multi-chip standalone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2446 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSH Server Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/16/2015 04/28/2016 | 4/27/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Certs. #526 and #527) -Other algorithms: N/A Multi-chip standalone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2445 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion kiteworks Cryptographic Module (Software Version: KWLIB_2_0_2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/15/2015 | 9/14/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3212); CVL (Certs. #434 and #435); DRBG (Cert. #683); ECDSA (Cert. #592); HMAC (Certs. #1791 and #2025); RSA (Cert. #1636); SHS (Certs. #2393 and #2659); Triple-DES (Cert. #1828) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-chip standalone "Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2444 | Lexmark International, Inc. 740 W. New Circle Road Lexington, KY 40550 USA Sean Gibbons TEL: 859-232-2000 CST Lab: NVLAP 200416-0 | Lexmark™ Crypto Module (Firmware Version: 2.10) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 09/14/2015 | 9/13/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Lexmark MX811de with Lexmark(TM) Linux version 3.0.0 -FIPS Approved algorithms: SHS (Certs. #2049 and #2050); HMAC (Certs. #1479 and #1480); AES (Cert. #2380) -Other algorithms: N/A Multi-chip standalone "The Lexmark™ Crypto Module is a firmware option for Lexmark™ and Dell® Multi-Function Printers that permit the transfer, storage and printing of encrypted print jobs. Using the Lexmark™ Crypto Module, a printer is capable of encrypting and decrypting data input to and output from the module crypto kernel using the AES (FIPS 197) encryption algorithm." |
| 2443 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA Dave Riley TEL: 203-796-3208 FAX: 203-617-6060 CST Lab: NVLAP 200983-0 | Pitney Bowes MS1 X4 Postal Security Device (PSD) (Hardware Version: Part # 4W84001 Rev AAA; MAX32590 Secure Microcontroller Revision B4; Firmware Version: Device Abstraction Layer (DAL) Version 01.01.00F4; PB Bootloader Version 00.00.0016; PSD Application Version 21.04.807E) (When operated in FIPS Mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/09/2015 | 9/8/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Cert. #871); ECDSA (Cert. #529); CVL (Cert. #254); SHS (Cert. #2369); AES (Certs. #2826); DRBG (Cert. #487); HMAC (Cert. #1769); KAS (Cert. #49); Triple-DES (Cert. #1690); RSA (Cert. #1539); KTS (AES Cert. #2936); Triple-DES MAC (Triple-DES Cert. #1690, Vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG Single-chip "The MS1 X4 PSD is a single chip cryptographic module using the Maxim MAX32590 hardware that provides security services to support the creation of digital postage evidence in the form of an indicium." |
| 2442 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender Elite300 (Hardware Versions: P/Ns KDFE300-4G-Green [1, 2], KDFE300-4G-Black [1, 2], KDFE300-4G-Red [1, 2], KDFE300-4G-Silver [1, 2], KDFE300-8G-Green [1, 2], KDFE300-8G-Black [1, 2], KDFE300-8G-Red [1, 2], KDFE300-8G-Silver [1, 2], KDFE300-16G-Green [1, 2], KDFE300-16G-Black [1, 2], KDFE300-16G-Red [1, 2], KDFE300-16G-Silver [1, 2], KDFE300-32G-Green [1, 2], KDFE300-32G-Black [1, 2], KDFE300-32G-Red [1, 2], KDFE300-32G-Silver [1, 2], KDFE300-64G-Green [1, 2], KDFE300-64G-Black [1, 2], KDFE300-64G-Red [1, 2], KDFE300-64G-Silver [1, 2], KDFE300-128G-Green [1, 2], KDFE300-128G-Black [1, 2], KDFE300-128G-Red [1, 2], KDFE300-128G-Silver [1, 2], KDFE300-8G-PRO-Green [2], KDFE300-8G-PRO-Black [2], KDFE300-8G-PRO-Red [2], KDFE300-8G-PRO-Silver [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/09/2015 06/21/2016 | 6/20/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender Elite300 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device." |
| 2441 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Ann Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSL Module, Red Hat Enterprise Linux 7.1 OpenSSL Module (Software Versions: 3.0, 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/08/2015 01/27/2016 02/16/2016 12/21/2016 | 12/20/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: AES (Certs. #3104, #3105, #3106, #3107, #3108, #3109, #3110, #3111, #3112, #3113, #3114, #3119, #3634, #3635, #3636, #3637, #3638, #3639, #3640, #3641, #3642, #3651 and #3696); Triple-DES (Certs. #1784, #1785, #1786, #1790, #2027, #2028, #2029, #2044 and #2059); RSA (Certs. #1583, #1584, #1586, #1590, #1875, #1876, #1877, #1878, #1886 and #1902); DSA (Certs. #897, #898, #899, #903, #1013, #1014, #1015, #1016, #1023 and #1038); ECDSA (Certs. #560, #561, #562, #564, #755, #756, #757, #759 and #775); DRBG (Certs. #610, #611, #612, #613, #614, #615, #616, #617, #618, #619, #620, #621, #622, #623, #624, #625, #626, #629, #630, #631, #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969, #970, #971, #982 and #1003); SHS (Certs. #2547, #2563, #2564, #2565, #2566, #2567, #2568, #2569, #2570, #2574, #2575, #2577, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3069 and #3095); HMAC (Certs. #1931, #1944, #1945, #1946, #1947, #1948, #1949, #1950, #1951, #1955, #1956, #1958, #2385, #2386, #2388, #2389, #2390, #2391, #2392, #2393, #2394, #2401 and #2427); CVL (Certs. #374, #375, #376, #377, #380, #381, #654, #655, #656, #657, #658, #661 and #662) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RNG; Camellia; CAST; DES; IDEA; J-PAKE; MD2; MD4; MDC2; RC2; RC4; RC5; RIPEMD; Whirlpool Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of theOpenSSL library." |
| 2440 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Tyrone Stodart TEL: +44-1189-240402 FAX: +44-1189-240402 CST Lab: NVLAP 200636-0 | Java Card Platform for Infineon on SLE 78 (SLJ 52GxxyyyzR) (Hardware Version: M7892 B11; Firmware Version: 1.0f) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/03/2015 | 9/2/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2941); Triple-DES (Cert. #1747); Triple-DES MAC (Triple DES Cert. #1747; vendor affirmed); DSA (Cert. #873); RSA (Cert. #1544); ECDSA (Cert. #532); SHS (Cert. #2477); DRBG (Cert. #544) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single-chip "The cryptographic module consists of M7892B11 security controller by Infineon Technologies together with embedded software providing a secure execution environment consisting of a Java Card Runtime, Java Card Virtual Machine, Java Card API and Global Platform Card Manager along with native cryptographic library calls made available to applets through Java Card APIs. It is compliant with Java Card specifications version 3.0.1 Classic Edition and the Global Platform card specification version 2.2. In particular, it implements the GlobalPlatform ID Configuration 1.0." |
| 2438 | Alcatel-Lucent 600 March Road Ottawa, ON K2K 2E6 Canada Naren V. Patel TEL: 978-952-7274 CST Lab: NVLAP 200556-0 | Alcatel-Lucent 1830 Photonic Service Switch (PSS) (Hardware Versions: WOCUATAUAB / 3KC12841AA 02 [1], WOM3P00CRC / 8DG59859AA 03 [2], WOMNW00ERB / 8DG59319AA 02 [3], EC PSS-4 (3KC-12828-ABAC) [1], E4PFDCAK [1], 11QPEN4 [1-3], 10G MR XFP [1-3], 10GBASE-SR XFP [1-3], 1AB396080001 [1-3], X8FCLC-L [1-3], X8FCSN-I [1-3], XL-64TU XFP [1-3], EC PSS-16/PSS-32 (8DG59241AD) [2,3], PF (-48V DC) PSS-16, 20A [2], 8DG-59418-AA [1-3], PF (-48V DC) PSS-32, 20A [3], 8DG-61258-GAAA-TSZZA [3], with FIPS Kits 3KC-13452-AAAA [1], 3KC-13453-AAAA [1], 8DG-62678-AAAA [2] and 8DG-62677-AAAA [3]; Firmware Version: 1.3.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/03/2015 | 9/2/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2828, #2829 and #2830); CVL (Certs. #255 and #256); SHS (Certs. #2370 and #2371) -Other algorithms: MD5; AES (Certs. #2829 and #2830, key wrapping) Multi-chip standalone "The 1830 PSS is a scalable, next-generation Dense Wave Division Multipexer (DWDM) platform that supports data center aggregation for Ethernet, Fiber Channel (FC) and other protocols. Multiprotocol services can then be dynamically and flexibly transported over metro and long-haul spans, using Tunable and Reconfigurable Optical Add-Drop Multiplexers (T-ROADMs) for optical wavelengths. The 1830 PSS enables transparent L2 Ethernet or FC and L3 IP services over the optical link." |
| 2435 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSL Module (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/20/2015 | 8/19/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3197, #3198 and #3199); Triple-DES (Cert. #1823); DSA (Cert. #915); RSA (Cert. #1628); ECDSA (Cert. #586); SHS (Certs. #2645, #2646 and #2648); HMAC (Certs. #2014, #2015 and #2016); DRBG (Certs. #674, #675 and #676); CVL (Certs. #430 and #431) -Other algorithms: Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); MD2; MD4; MD5; MDC-2; HMAC-MD5; Blowfish; Camellia; CAST; DES; IDEA; JPAKE; RC2; RC4; RC5; RIPEMD160; SEED; TLS-SRP; Whirlpool Multi-chip standalone "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C." |
| 2434 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | ProtectServer Internal Express 2 (PSI-E2) (Hardware Versions: VBD-05, Version Code 0200; Firmware Version: 5.00.02) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/20/2015 11/24/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #3118); DRBG (Cert. #428); DSA (Cert. #902); ECDSA (Cert. #563); HMAC (Cert. #1957); KAS (Cert. #51); RSA (Cert. #1589); SHS (Cert. #2576); Triple-DES (Certs. #1137 and #1789); Triple-DES MAC (Triple-DES Cert. #1789, vendor affirmed) -Other algorithms: AES (Cert. #3118, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1789, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-chip embedded "The SafeNet PSI-E 2 is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE 2 appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-E 2 also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC." |
| 2433 | Forcepoint 10240 Sorrento Valley Road San Diego, CA 92121 USA Matt Sturm TEL: 858-320-9444 Paul Lee TEL: 858-320-9369 CST Lab: NVLAP 100432-0 | Websense Java Crypto Module (Software Version: 2.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/19/2015 04/11/2016 | 4/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-chip standalone "The Websense Java Crypto Module provides cryptographic functions for a variety of security solutions from Forcepoint." |
| 2432 | VASCO Data Security International, Inc. Koningin Astridlaan 164 Wemmel 1780 Belgium Frederik Mennes TEL: +32 2 609 97 00 FAX: +32 2 609 97 09 CST Lab: NVLAP 100432-0 | DIGIPASS GO-7 (Hardware Version: DIGIPASS GO-7 FIPS 140-2; Firmware Version: 0355) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2015 | 8/18/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3216 and #3217); KBKDF (Cert. #44) -Other algorithms: N/A Multi-chip standalone "DIGIPASS GO-7 is a 'one-button' strong authentication hardware device, based on VASCO's proven DIGIPASS technology. With a single press of a button, DIGIPASS GO-7 generates and displays a dynamic one-time password every time the user wants to log onto an application, website or network." |
| 2431 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 (0)20 8991 6260 FAX: +44 (0)20 8991 6277 CST Lab: NVLAP 200802-0 | iStorage datAshur SSD 3.0 Cryptographic Module (Hardware Version: RevD; Firmware Version: 6.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2015 | 8/18/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip standalone "iStorage datAshur SSD 3.0 Cryptographic Module" |
| 2430 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC1.6) (When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/14/2015 09/04/2015 | 9/3/2020 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Lollipop 5.0.2 running on Samsung Galaxy S6 Android Lollipop 5.1 running on Samsung Galaxy Tab S2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3292 and #3461); SHS (Certs. #2731 and #2857); Triple-DES (Certs. #1877 and #1952); HMAC (Certs. #2090 and #2207); DRBG (Certs. #750 and #849) -Other algorithms: DES; Twofish; MD5; ansi_cprng; krng; ANSI X9.31 RNG; ARC4; Pcompress; CRC32c; Deflate; LZO; AES-GCM (non-compliant); RFC4106-AES-GCM (non-compliant); RFC4543-AES-GCM (non-compliant); AES-CTR (non-compliant); Triple-DES-CTR (non-compliant); GHASH; GF128MUL; 2-key Triple-DES Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2429 | SafeNet, Inc. 20 Colonnade Road Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® Backup HSM Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster." |
| 2428 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/18/2015 10/26/2015 12/15/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2427 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/30/2015 10/26/2015 12/15/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2426 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2425 | wolfSSL Inc. 10016 Edmonds Way Suite C-300 Edmonds, WA 98020 USA Todd Ouska TEL: 503-679-1859 Larry Stefonic TEL: 206-369-4800 CST Lab: NVLAP 100432-0 | wolfCrypt (Software Versions: 3.6.0, 3.6.1, 3.6.6 and 3.11.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/11/2015 09/15/2015 09/30/2015 11/18/2015 06/23/2016 08/11/2017 08/25/2017 | 6/22/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.13.0 (Ubuntu) running on a HP EliteBookiOS 8.1 running on an iPhone 6Android 4.4 running on a Samsung Galaxy S5FreeRTOS 7.6 running on uTrust TS ReaderWindows 7 (64-bit) running on Sony Vaio ProLinux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSignLinux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge r630™Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630Android Dalvik 4.2.2 running on a MXT-700-NC 7” Touch PanelLinux 4.1.15 running on a NX-1200 NetLinx NX Integrated ControllerDebian 8.8 running on CA PAM 304L Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #3157, #3330, #3417, #3490, #3508, #4635 and #4643); DRBG (Certs. #650, #775, #821, #863, #875, #1561 and #1566); HMAC (Certs. #1990, #2121, #2175, #2228, #2241, #3068 and #3075); RSA (Certs. #1602, #1710, #1749, #1791, #1803, #2530 and #2534); SHS (Certs. #2614, #2763, #2823, #2882, #2893, #3799 and #3806); Triple-DES (Certs. #1800, #1901, #1928, #1966, #1972, #2465 and #2470) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-chip standalone "wolfCrypt module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency." |
| 2423 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 CST Lab: NVLAP 200658-0 | QTI Cryptographic Module on Crypto 5 Core (Hardware Version: Snapdragon 810; Software Version: 5.f3-64) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 08/11/2015 12/03/2015 | 12/2/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 5.0 running on Snapdragon 810 (single-user mode) -FIPS Approved algorithms: DRBG (Cert. #655); Triple-DES (Cert. #1802); HMAC (Cert. #1992); AES (Cert. #3164); SHS (Cert. #2617) -Other algorithms: HWRNG; DES; AEAD; kasumi; snow-3g Multi-chip standalone "This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A." |
| 2422 | Nimble Storage Inc. 211 River Oaks Parkway San Jose, CA 95134 USA Kent Peacock TEL: 408-514-3452 CST Lab: NVLAP 200427-0 | Nimble Storage FIPS Object Module (Software Version: 2.0.9) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/11/2015 03/01/2016 06/07/2016 07/25/2016 | 7/24/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 2.6 running on a Nimble Storage CS300 with PAA Linux 2.6 running on a Nimble Storage CS500 with PAA Linux 2.6 running on a Nimble Storage CS700 with PAA Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without PAA Linux 2.6 running on a Nimble Storage AF3000 with PAA Linux 2.6 running on a Nimble Storage AF5000 with PAA Linux 2.6 running on a Nimble Storage AF7000 with PAA Linux 2.6 running on a Nimble Storage AF9000 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2484 and #3351); CVL (Certs. #85 and #496); DRBG (Certs. #342 and #784); DSA (Certs. #764 and #950); ECDSA (Certs. #413 and #664); HMAC (Certs. #1526 and #2134); RSA (Certs. #1273 and #1718); SHS (Certs. #2102 and #2778); Triple-DES (Certs. #1522 and #1912) -Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt) Multi-chip standalone "The Nimble Storage FIPS Object Module 2.0.9 is a general purpose cryptographic module built from the OpenSSL FIPS Object Module 2.0.9 source code, which is validated under certificate #1747. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit." |
| 2421 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Aironet 1142, 1262, 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points (Hardware Versions: {1142[2], 1262[3], 1532e[6], 1532i[6], 1552e[3], 1552i[3], 1572[5], 1602e[4], 1602i[4], 1702[5], 2602e[5], 2602i[5], 2702e[5], 2702i[5], 3502e[3], 3502i[3], 3602e[1,5], 3602i[1,5], 3602p[1,5], 3702e[1,5], 3702i[1,5] and 3702p[1,5] with AIR-RM3000M[1], Marvell 88W8363P[2], Marvell 88W8364[3], Marvell 88W8763C[4], Marvell 88W8764C[5] and Qualcomm Atheros AES-128w10i[6]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 with IC2M v2.0) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/06/2015 | 8/5/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2334, #2335, #2336, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441) -Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant) Multi-chip standalone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
| 2420 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Alex Hennekam TEL: +61 7-5552-4045 FAX: +61 7-5571-0420 Peter Waltenburg TEL: +61 7- 5552-4016 FAX: +61 7-5571-0420 CST Lab: NVLAP 200658-0 | IBM® Crypto for C (Software Version: 8.4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/05/2015 | 8/4/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on S2600CP with PAA Microsoft Windows Server 2008® 64-bit running on S2600CP without PAA AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 with PAA AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 without PAA Solaris® 11 64-bit running on Netra SPARC T4-1 Server with PAA Solaris® 11 64-bit running on Netra SPARC T4-1 Server without PAA Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP with PAA Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP without PAA Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 with PAA Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 without PAA Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 with PAA Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 without PAA SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 with CPACF SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 without CPACF (single-user mode) -FIPS Approved algorithms: AES (Certs. #3226, #3227, #3228, #3229, #3230, #3231, #3232, #3233, #3235, #3236, #3237, #3238, #3239, #3240, #3241, #3242, #3243, #3244, #3245, #3246, #3247, #3248, #3249, #3250, #3251 and #3252); Triple-DES (Certs. #1832, #1833, #1834, #1835, #1836, #1837, #1838, #1839, #1840, #1841, #1842, #1843 and #1844); DSA (Certs. #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929, #930 and #931); RSA (Certs. #1640, #1641, #1642, #1643, #1645, #1646, #1647, #1648, #1649, #1650, #1651, #1652, #1653, #1654 and #1655); ECDSA (Certs. #596, #597, #598, #599, #600, #601, #602, #603, #604, #605, #606, #607, #608, #609 and #610); SHS (Certs. #2666, #2667, #2668, #2669, #2670, #2671, #2672, #2673, #2675, #2676, #2677, #2678, #2679, #2680, #2681, #2682, #2683, #2684, #2685, #2686, #2687 and #2688); DRBG (Certs. #687, #688, #689, #690, #691, #692, #693, #694, #696, #697, #698, #699, #700, #701, #702, #703, #704, #705, #706, #707, #708, #709, #710, #711, #712 and #713); HMAC (Certs. #2030, #2031, #2032, #2033, #2034, #2035, #2036, #2037, #2038, #2039, #2040, #2041, #2042, #2043, #2044, #2045, #2046, #2047, #2048, #2049, #2050 and #2051); CVL (Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC-MD5; DES; CAST; Camellia; Blowfish; Password based encryption; RC4; RC2; TRNG; KBKDF (non-compliant); DSA (non-compliant) Multi-chip standalone "The IBM Crypto for C v8.4.0.0 (ICC) cryptographic module is implemented in the Cprogramming language. It is packaged as dynamic (shared) libraries usable byapplications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. TheICC allows these applications to access cryptographic functions using an ApplicationProgramming Interface (API) provided through an ICC import library and based on theAPI defined by the OpenSSL group." |
| 2419 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Intrusion Prevention System (Hardware Versions: 2600NX, 5200NX, 6200NX, 7100NX, and 7500NX with HP FIPS Security Enclosure: Part# JC856A; Firmware Version: 3.8.2) (When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/05/2015 08/14/2015 12/09/2015 01/06/2016 | 1/5/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2417 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center (Hardware Versions: FWE-C1015 with FIPS Kit: FWE-CC-FIPS-KIT1, FWE-C2050 with FIPS Kit: FWE-CC-FIPS-KIT2, FWE-C3000 with FIPS Kit: FWE-CC-FIPS-KIT2; Firmware Version: 5.3.2 Patch 6) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/30/2015 07/31/2015 | 7/30/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2972 and #3116); Triple-DES (Certs. #1761 and #1787); SHS (Certs. #2498 and #2572); HMAC (Certs. #1884 and #1953); DRBG (Cert. #566); DRBG (Cert. #627); RSA (Certs. #1561 and #1587); DSA (Certs. #885 and #900); CVL (Cert. #378) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 2416 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center Virtual Appliance (Software Version: 5.3.2 Patch 6) (When installed, initialized and configured as specified in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/30/2015 | 7/29/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with MLOS v2.2.3 on VMware vSphere 5.0 running on a Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Certs. #2973 and #3117); Triple-DES (Certs. #1762 and #1788); SHS (Certs. #2499 and #2573); HMAC (Certs. #1885 and #1954); DRBG (Cert. #567); DRBG (Cert. #628); RSA (Certs. #1562 and #1588); DSA (Certs. #886 and #901); CVL (Cert. #379) -Other algorithms: Diffie-Hellman (key wrapping; key establishment methodology provides 112 bitsof encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 2415 | Morpho 18 avenue chaussée Jules César Osny 95520 France Omar Derrouazi TEL: +33158116971 FAX: +33158113566 CST Lab: NVLAP 200901-0 | IDeal Citiz™ v2.0 Open (Hardware Versions: SLE78CFX3000P, SLE78CLFX3000P, SLE78CLFX3000PM, SLE78CFX4000P, SLE78CLFX4000P, SLE78CLFX4000PM; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2015 | 7/27/2020 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1689); Triple-DES MAC (Triple-DES Cert. #1689, vendor affirmed); AES (Cert. #2818); RSA (Cert. #1472); SHS (Cert. #2362); KBKDF (Cert. #62) -Other algorithms: AES (Cert. #2818, key wrapping, key establishment methodology provides 128 - 256 bits of encryption strength); Triple-DES (Cert. #1689, key wrapping, key establishment methodology provides 112 bits of encryption strength); TRNG Single-chip "The IDeal Citiz™ v2.0 Open is a single chip cryptographic module, which combines an implementation of the Sun Java Card Version 3.0.2 Classic Edition and GlobalPlatform Version 2.1.1 specifications on a dual interface chip (ISO 7816 contact and ISO 14443 contactless interface communication protocols).The module aims to host applets written in Java programming language and relying on cryptographic services and biometric features available at platform level. In particular, Ideal Citiz™ v2.0 Open allows third party developers to implement the biometric "Match On Card" user authentication." |
| 2414 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 FAX: n/a CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2015 | 7/22/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2413 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Intrusion Prevention System (Hardware Versions: S660N and S1400N; Firmware Version: 3.8.2) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2015 08/14/2015 12/09/2015 01/06/2016 | 1/5/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2411 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA OS X 10.10 running on Mac mini with i5 CPU without PAA OS X 10.10 running on iMac with i7 CPU with PAA OS X 10.10 running on iMac with i7 CPU without PAA OS X 10.10 running on MacPro with Xeon CPU with PAA OS X 10.10 running on MacPro with Xeon CPU without PAA OS X 10.10 running on MacBook with Core M CPU with PAA OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1895, #1896, #1897 and #1921); AES (Certs. #3066, #3067, #3068, #3069, #3070, #3071, #3072, #3073, #3102, #3323, #3324, #3325, #3382, #3383, #3384 and #3385); RSA (Certs. #1704, #1705, #1706 and #1737); SHS (Certs. #2543, #2544, #2545, #2546, #2579, #2580, #2581, #2582, #2583, #2584, #2585, #2586, #2755, #2756, #2757, #2800, #2801, #2802, #2803 and #2804); ECDSA (Certs. #652, #653, #654 and #673); HMAC (Certs. #1927, #1928, #1929, #1930, #1960, #1961, #1962, #1963, #1964, #1965, #1966, #1967, #2114, #2115, #2116, #2155, #2156, #2157, #2158 and #2159); DRBG (Certs. #598, #599, #600, #601, #602, #609, #769, #770, #771, #805, #806 and #816); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); DES; Triple-DES (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-Compliant); SP800-56C KDF; MD2; MD4; MD5; RIPEMD; ed25519; CAST5; Blowfish; RC2; RC4; OMAC; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves Multi-chip standalone "The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2410 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model NA02) (Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160; Firmware Versions: NA02, NA04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/22/2015 08/31/2016 | 8/30/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2409 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco ASR 1001, 1001-X, 1002, 1002-X, 1004, 1006 and 1013 (Hardware Versions: ASR1001, ASR1001-X, ASR1002, ASR1002-X, ASR1004, ASR1006 and ASR1013; Embedded Services Processors: ASR1000-ESP5, ASR1000-ESP10, ASR1000-ESP20, ASR1000-ESP40, ASR1000-ESP100 and ASR1000-ESP200; Route Processors: ASR-1000-RP1 and ASR-1000-RP2; Linecards: ASR1000-6TGE and ASR1000-2T+20X1GE; Firmware Version: IOS XE 3.13) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 9 of the Security Policy and with the configurations in Table 1 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #333, #2346, #2783 and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Certs. #137, #1455 and #1764); RSA (Cert. #1471); SHS (Certs. #408, #2023, #2338 and #2361); Triple-DES (Certs. #397, #1469, #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SHA-1 (non-compliant) Multi-chip standalone "The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments." |
| 2408 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA OS X 10.10 running on Mac mini with i5 CPU without PAA OS X 10.10 running on iMac with i7 CPU with PAA OS X 10.10 running on iMac with i7 CPU without PAA OS X 10.10 running on MacPro with Xeon CPU with PAA OS X 10.10 running on MacPro with Xeon CPU without PAA OS X 10.10 running on MacBook with Core M CPU with PAA OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1847, #1848, #1849, #1850, #1851, #1855, #1922 and #1923); AES (Certs. #3042, #3043, #3044, #3045, #3046, #3047, #3048, #3049, #3051, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3062, #3063, #3064, #3065, #3121, #3257, #3259, #3260, #3261, #3262, #3266, #3386, #3387, #3388, #3389, #3390, #3391, #3392, #3393, #3394 and #3395); RSA (Certs. #1658, #1659, #1660, #1661, #1662, #1666, #1738 and #1739); SHS (Certs. #2535, #2536, #2537, #2538, #2539, #2540, #2541, #2542, #2588, #2589, #2590, #2591, #2592, #2593, #2594, #2595, #2596, #2597, #2695, #2697, #2698, #2699, #2700, #2704, #2805,# 2806, #2807, #2808, #2809, #2810, #2811 and #2812); ECDSA (Certs. #614, #615, #616, #617, #618, #622, #674 and #675); HMAC (Certs. #1919, #1920, #1921, #1922, #1923, #1924, #1925, #1926, #1969, #1970, #1971, #1972, #1973, #1974, #1975, #1976, #1977, #1978, #2056, #2058, #2059, #2060, #2061, #2065, #2160, #2161, #2162, #2163, #2164, #2165, #2166 and #2167); DRBG (Certs. #586, #587, #588, #589, #590, #591, #592, #593, #594, #595, #596, #597, #716, #718, #719, #720, #721, #725, #807, #808, #809, #810, #811 and #812); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; DES; TDES (non-compliant); MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; RC2; RC4; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); OMAC (One-Key CBC MAC); KBKDF (non-compliant); ed25519; RFC6637 KDF; ANSI X9.63 KDF Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2407 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU iOS 8.0 running on iPhone5 with Apple A6 CPU iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU iOS 8.0 running on iPad (4th generation) with Apple A6X CPU iOS 8.0 running on iPhone5S with Apple A7 CPU iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1889, #1890, #1891, #1892, #1893, #1894 and #1919); AES (Certs. #3096, #3097, #3098, #3099, #3100, #3101, #3317, #3318, #3319, #3320, #3321, #3322, #3371 and #3380); RSA (Certs. #1698, #1699, #1700, #1701, #1702, #1703 and #1735); SHS (Certs. #2558, #2559, #2560, #2561, #2562, #2587, #2749, #2750, #2751, #2752, #2753, #2754, #2795 and #2798); ECDSA (Certs. #646, #647, #648, #649, #650, #651 and #671); HMAC (Certs. #1939, #1940, #1941, #1942, #1943, #1968, #2108, #2109, #2110, #2111, #2112, #2113, #2150 and #2153); DRBG (Certs. #763, #764, #765, #766, #767, #768 and #803); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); MD2; MD4; MD5; RIPEMD; Ed25519; CAST5; ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-compliant); SP800-56C KDF; Blowfish; RC2; RC4; CMAC AES 128; OMAC; HMAC DRBG (non-compliant); Hash DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2405 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/08/2015 02/03/2016 | 2/2/2021 | Overall Level: 2 Multi-Chip Stand Alone |
| 2404 | Digital Defence Ltd 400 Pavilion Drive Northampton Business Park Northampton NN4 7PA United Kingdom Ben Earl TEL: +44-1604-521-108 Heinrich Van Der Westhuizen TEL: +44-1604-521-108 CST Lab: NVLAP 200636-0 | Secure Mobile (Software Version: 11.1.0.0) (When operated with the Microsoft Windows CE, Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #560 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/06/2015 | 7/5/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Mobile 6.5 running on Motorola MC65 (Single-user mode) -FIPS Approved algorithms: AES (Certs. #2851 and #2852); HMAC (Certs. #1792 and #1793); KBKDF (Cert. #26); SHS (Certs. #2394 and #2395) -Other algorithms: N/A Multi-chip standalone "Secure Mobile Cryptographic Module provides core cryptographic functionality in a Windows Embedded Handheld environment. It supports XTS-AES-128 cipher mode for storage encryption, KDF acc. to NIST SP 800-108 to derive the storage encryption key, and HMAC-SHA-256 for integrity protection of its binaries and settings. For generation of XTS tweak values a validated RNG (Cert. #286) contained in "Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH)" , which is a FIPS 140-2 certified cryptographic software module contained in the platform." |
| 2403 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2402 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 x72921 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Tool Kit (Software Versions: 6.0, 6.0.2 and 6.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/01/2015 03/16/2016 06/03/2016 | 6/2/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): QNX Neutrino 6.6 QNX Neutrino 6.5 Red Hat Linux AS 5.6 Windows 7 Enterprise 64 bit Windows Phone 8.0 Android 4.4.2 Android 4.0.4 iOS version 6.1.4 Android 5.0.1 iOS 8.0 Windows 7 Enterprise 32 bit CentOS Linux Release 7.1 64-bit Mac OS X Yosemite 10.10.4 Mac OS X El Capitan 10.11.4 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1159, #1773 and #2164); AES (Certs. #1789, #3029 and 3946); SHS (Certs. #1571, #2530 and #3256); HMAC (Certs. #1054, #1914 and #2571); DRBG (Certs. #127, #579 and #1151); DSA (Certs. #563, #891 and #1076); ECDSA (Certs. #242, #553 and #866); RSA (Certs. #894, #1574 and #2017); KAS (Certs. #25, #50 and #79); CVL (Certs. #7, #367 and #789) -Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant) Multi-chip standalone "The BlackBerry Cryptographic Tool Kit is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The BlackBerry Cryptographic Tool Kit, part of the suite of BlackBerry cryptographic modules, provides application developers with a means to expand the secure capabilities and features BlackBerry is known for, to devices running operating systems other than BlackBerry OS." |
| 2401 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender 3000 (Hardware Versions: P/Ns KDF3000-4G [1, 2], KDF3000-8G [1, 2], KDF3000-16G [1, 2], KDF3000-32G [1, 2], KDF3000-64G [1, 2], KDF3000-128G [1, 2], KDF3000-8G-PRO [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/30/2015 06/21/2016 | 6/20/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 3000 is a 256-bit AES hardware encrypted USB flash drive used primarily to secure data at rest. The device can also be used as a secure platform for remote access and virtualized applications run directly from the drive. The Kanguru Defender line of secure USB solutions is remotely manageable through the Kanguru Remote Management Console (KRMC)." |
| 2400 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600 (Hardware Versions: P/Ns 101-500380-71, Rev. A (SM 9600), 101-500361-70, Rev. A (SM 9400), 101-500363-70, Rev. A (SM 9200), 101-500364-66, Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.0.10-15n) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/29/2015 03/22/2016 06/15/2017 | 3/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2756); CVL (Cert. #226); DRBG (Cert. #466); DSA (Cert. #843); HMAC (Cert. #1727); RSA (Cert. #1444); SHS (Cert. #2322); Triple-DES (Cert. #1657) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG Multi-chip standalone "The SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance." |
| 2398 | OpenSSL Validation Services 1829 Mount Ephraim Road Adamstown, MD 21710 USA Steve Marquess TEL: 301-874-2571 CST Lab: NVLAP 100432-0 | OpenSSL FIPS Object Module SE (Software Versions: 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15 or 2.0.16) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/24/2015 12/17/2015 02/08/2016 08/15/2016 12/30/2016 01/10/2017 01/30/2017 03/13/2017 05/23/2017 06/01/2017 08/22/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2) iOS 8.1 64bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56) iOS 8.1 64bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56) VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) iOS 8.1 32bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56) iOS 8.1 32bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2) AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without AES-NI (gcc Compiler Version 4.7.2) DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with AES-NI (gcc Compiler Version 4.7.2) AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1) AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1) Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3) Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3) Linux 3.10 32-bit running on Intel Atom E3845 (x86) without AES-NI (gcc Compiler Version 4.8.1) Linux 3.10 32-bit running on Intel Atom E3845 (x86) with AES-NI (gcc Compiler Version 4.8.1) AIX 7.1 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.1 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.1 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.1 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1) ExtremeXOS-Linux 3.1 running on Cavium Octeon II (MIPS)(gcc Compiler Version 4.9.2) SurfWare 7.2 running on TI c64 DSP (TMS320C6x Compiler Version 6.0.19) ExtremeXOS-Linux 3.18 running on Cavium Octeon II (MIPS) (gcc Compiler Version 4.9.2) ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) with PAA (gcc Compiler Version 4.9.2) ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) without PAA (gcc Compiler Version 4.9.2) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3090, #3264, #3451, #3751, #3990, #4141, #4391 and #4469); CVL (Certs. #372, #472, #534, #699, #814, #947, #1094 and #1181); DRBG (Certs. #1027, #607, #723, #845, #1182, #1256, #1414 and #1451); DSA (Certs. #1040, #896, #933, #970, #1085, #1124, #1170 and #1195); ECDSA (Certs. #558, #620, #698, #801, #886, #952, #1050 and #1091); HMAC (Certs. #1937, #2063, #2197, #2452, #2605, #2714, #2918 and #2966); RSA (Certs. #1581, #1664, #1766, #1928, #2048, #2258, #2374 and #2444); SHS (Certs. #2553, #2702, #2847, #3121, #3294, #3411, #3620 and #3681); Triple-DES (Certs. #1780, #1853, #1942, #2086, #2190, #2263, #2366 and #2399) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-chip standalone "The OpenSSL FIPS Object Module SE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications." |
| 2397 | WatchData Technologies Pte Ltd 7F QiMing International Building 101 Lize Middle Park Chaoyang District Beijing, Beijing 100102 People's Republic of China Fan Nannan TEL: +86-180-01226917 FAX: +86-010-64365760 Wang Xuelin TEL: +86-180-01226735 FAX: +86-010-64365760 CST Lab: NVLAP 200658-0 | WatchKey ProX USB Token Cryptographic Module (Hardware Versions: Smart Card Chip AS518 and K023314A; Firmware Version: 36410101) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2015 | 6/22/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Cert. #2647); Triple-DES (Cert. #1822); AES (Cert. #3196); RSA (Cert. #1630); DRBG (Cert. #673); ECDSA (Cert. #585) -Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The WatchKey ProX USB Token is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user’s private and public key pairs can be generated and stored on the embedded chip." |
| 2396 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/23/2015 | 6/22/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU with AES hardware accelaration iOS 8.0 running on iPhone4S with Apple A5 CPU without AES hardware accelaration iOS 8.0 running on iPhone5 with Apple A6 CPU with AES hardware accelaration iOS 8.0 running on iPhone5 with Apple A6 CPU without AES hardware accelaration iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware accelaration iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware accelaration iOS 8.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware accelaration iOS 8.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware accelaration iOS 8.0 running on iPhone5S with Apple A7 CPU iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1856, #1857, #1858, #1859, #1860, #1861, #1862, #1863, #1910 and #1920); AES (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3024, #3025, #3034, #3035, #3036, #3037, #3038, #3039, #3040, #3074, #3075, #3267, #3268, #3269, #3270, #3271, #3272, #3273, #3274, #3355, #3376, #3377, #3378, #3379 and #3381); RSA (Certs. #1667, #1668, #1669, #1670, #1671, #1672, #1673, #1674, #1734 and #1736); ECDSA (Certs. #623, #624, #625, #626, #627, #628, #629, #630, #670 and #672); SHS (Certs. #2523, #2524, #2525, #2526, #2527, #2532, #2533, #2534, #2705, #2706, #2707, #2708, #2709, #2710, #2711,#2712, #2781, #2796, #2797 and #2799); HMAC (Certs. #1907, #1908, #1909, #1910, #1911, #1916, #1917, #1918, #2066, #2067, #2068, #2069, #2070, #2071, #2072, #2073, #2137, #2151, #2152 and #2154); DRBG (Certs. #575, #576, #577, #581, #582, #583, #584, #585, #726, #727, #728, #729, #730, #731, #732, #733, #800, #801, #802 and #804); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; Ed25519; AES (key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); KBKDF (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; DES; TDES (non-compliant); CAST5; RC2; RC4; MD2; MD4; MD5; RIPEMD; Blowfish; OMAC (One-Key CBC MAC); Hash-DRBG (non-compliant); HMAC-DRBG (non-compliant); RSA (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2395 | Syn-Tech Systems, Inc. 100 Four Points Way Tallahassee, FL 32305 USA Brian Pietrodangelo TEL: 850-878-2558 FAX: 850-877-9327 CST Lab: NVLAP 100432-0 | ProFLEX01-R2 (Hardware Versions: 450-0139 and 450-0140; Firmware Version: 4.20) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2015 | 6/22/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3126, #3127, #3128 and #3129); KTS (AES Certs. #3127 and #3129) -Other algorithms: N/A Multi-chip embedded "Syntech's custom designed ProFLEX01-R2 encryption module is embedded into the foundation of the FuelMaster line of AIM Titanium products. This technology propels FuelMaster to the forefront in secure, automated fleet and fuel management systems. Trusting in NIST-Validated encryption for data-in-transit and data-at-rest, Information Assurance Managers can depend on knowing their data is protected to the highest standards of the US Government." |
| 2394 | Hewlett-Packard TippingPoint 14231 Tandem Blvd. Austin, TX 78728 USA Freddy Mercado TEL: 512-432-2947 Russ Meyers TEL: 512-432-2948 CST Lab: NVLAP 200427-0 | HP TippingPoint Crypto Core NSS (Software Version: 3.12.9.1) (When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. For Red Hat Linux 6.2, Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. For CentOS 5.6 the module is compiled from source available from Mozilla. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/15/2015 | 6/14/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system without PAA Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with PAA CentOS 5.6 64-bit running on an Intel Xeon E5-2620v3 CentOS 5.6 64-bit running on an Intel Xeon E5-2690v3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1908 and #3285); DRBG (Certs. #165 and #743); DSA (Certs. #602 and #942); HMAC (Certs. #1145 and #2082); RSA (Certs. #979 and #1682); SHS (Certs. #1675 and #2723); Triple-DES (Certs. #1240 and #1872) -Other algorithms: AES (Certs. #1908 and #3285, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1240 and #1872, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP TippingPoint Crypto Core NSS is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for HP TippingPoint security products." |
| 2393 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Integrated Services Router (ISR) 4451-X (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Integrated Services Router (ISR) 4431 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Versions: ISR 4451-X [1] and ISR 4431 [2] with SM-ES3X-16-P [1], SM-ES3X-24-P [1], SM-D-ES3X-48-P [1], PVDM4-32 [1,2], PVDM4-64 [1,2], PVDM4-128 [1,2] and PVDM4-256 [1,2]; Firmware Version: IOS-XE 3.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/15/2015 | 6/14/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1275, #2345 and #2817); CVL (Cert. #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Router are a highly scalable WAN and Internet Edge router platform that delivers embedded hardware acceleration for multiple Cisco IOS XE Software services without the need for separate service blades. The Routers are designed for business-class resiliency, featuring redundant Route and Embedded Services Processors, as well as software-based redundancy." |
| 2392 | Oberthur Technologies 4250 Pleasant Valley Rd Chantilly, VA 20151 USA Christophe Goyet TEL: 703-322-8951 FAX: n/a Said Boukyoud TEL: +33-1-78-14-72-58 FAX: +33-1-78-14-70-20 CST Lab: NVLAP 100432-0 | ID-One PIV on Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5) PIV Certificate #37 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/15/2015 | 6/14/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "ID-One PIV on Cosmo V8 is the next generation of FIPS 201-2 compliant Smart card. Performances have been optimized to allow a FICAM authentication in less than a second." |
| 2391 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Crypto Core OpenSSL (Software Version: 2.0.8) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/11/2015 12/24/2015 | 12/23/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0) Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0) Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00) uCLinux 0.9.29 (gcc Compiler Version 4.2.1) Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1) HP-UX 11i (32 bit) (HP C/aC++ B3910B) HP-UX 11i (64 bit) (HP C/aC++ B3910B) Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3) Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3) Android 3.0 (gcc Compiler Version 4.4.0) Linux 2.6.27 (gcc Compiler Version 4.2.4) Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00) Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3) Linux 2.6.33 (gcc Compiler Version 4.1.0) Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0) VxWorks 6.8 (gcc Compiler Version 4.1.2) Linux 2.6 (gcc Compiler Version 4.3.2) Linux 2.6.32 (gcc Compiler Version 4.3.2) Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3) Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3) Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2) Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2) CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5) CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5) Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2) Oracle Linux 6 (gcc Compiler Version 4.4.6) Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6) Oracle Solaris 11 (32 bit) (Sun C Version 5.12) Oracle Solaris 11 (64 bit) (Sun C Version 5.12) Android 4.0 (gcc Compiler Version 4.4.3) Apple iOS 5.1 (gcc Compiler Version 4.2.1) Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM) Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM) Linux 2.6 (gcc Compiler Version 4.1.0) DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13) Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3) NetBSD 5.1 (gcc Compiler Version 4.1.3) Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with PAA (Microsoft « C/C++ Optimizing Compiler Version 16.00 for x64) Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6) Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6) Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3) Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2) Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3) QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1) eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3) Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1) Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1) AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2) Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5) Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5) ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2) FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3) FreeBSD 10.0 running on Xeon E5-2430L (x86) with PAA (clang Compiler Version 3.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AESNI (gcc Compiler Version 4.5.1) QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) CentOS 5.6 64-bit running on Intel Xeon E5-2620v3 (gcc Compiler Version 4.1.2) CentOS 5.6 64-bit running on Intel Xeon E5-2690v3 (gcc Compiler Version 4.1.2) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929 and #3281); CVL (Certs. #10, #12, #24, #260, #331, #36, #464, #49, #53, #71 and #85); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540 and #739); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870 and #938); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528 and #634); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856 and #2078); RSA (Certs. #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1678 and #960); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465 and #2719); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742 and #1868) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-chip standalone "The TippingPoint Crypto Core OpenSSL is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for TippingPoint security products." |
| 2390 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYCOS® 3.0 QFN (Hardware Version: 742100004F; Firmware Version: 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/19/2015 12/09/2015 | 12/8/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Cert. #3028); KTS (Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications." |
| 2389 | INSIDE Secure Eerikinkatu 28 Helsinki 00180 Finland Serge Haumont TEL: +358 40 5808548 Marko Nippula TEL: +358 40 762 9394 CST Lab: NVLAP 200427-0 | SafeZone FIPS Cryptographic Module (Software Version: 1.1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2015 | 6/1/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 3.10 running on a Raspberry Pi < t-base 300 running on an Arndale Android 4.4 running on a Samsung Galaxy Note 3 Android 4.2 running on a Samsung Galaxy Tab 3 10.1 iOS 7.1 running on a iPad Mini with Retina Display (32-bit) iOS 7.1 running on a iPad Mini with Retina Display (64-bit) Linux kernel 3.13 running on an ASUS Transformer (x86) with PAA Linux kernel 3.13 running on an ASUS Transformer (x64) without PAA Linux kernel 3.13 running on an ASUS Transformer (x64) with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3123); CVL (Certs. #384 and #385); DRBG (Certs. #634 and #637); DSA (Cert. #905); ECDSA (Cert. #567); HMAC (Cert. #1980); KBKDF (Certs. #37, #38, #39 and #40); KTS (AES Cert. #3123, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #1593); SHS (Cert. #2599); Triple-DES (Cert. #1793) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-chip standalone "SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices." |
| 2388 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | IOS Common Cryptographic Module (IC2M) Rel5 (Firmware Version: Rel 5) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 05/28/2015 | 5/27/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cisco ASR1K RP2 with processor Intel Xeon on IOS XE3.13 Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.13 Cisco ISR 2951 with processor Freescale 8752E on IOS 15.4 Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.4 Cisco ISR 2921 with processor Cavium CN5220 on IOS 15.4 Cisco ISR 891 with processor MPC8358E on IOS 15.4 ESR 5940 with processor MPC8572C on IOS 15.4 -FIPS Approved algorithms: AES (Certs. #2783, #2817 and #3278); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); KBKDF (cert. #49); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 128 bits of encryption strength); KTS (AES cert. #3278; key establishment methodology provides 128 and 256 bits of strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEAL Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 2387 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Mondher Razouane TEL: +1(916)785-1894 FAX: +1(916)209-9495 Kris Meert TEL: +34-960-022029 FAX: +1(916)209-9495 CST Lab: NVLAP 200835-0 | HPE XP7 Encryption Ready Disk Adapter (eDKA) Level1 (Hardware Version: R800L1 or R800L1a; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/22/2015 01/28/2016 02/18/2016 02/23/2016 03/07/2016 08/04/2017 | 3/6/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775) -Other algorithms: AES (Cert. #3341, key wrapping) Multi-chip embedded "The HP XP7 Encryption Ready Disk Adapter (eDKA) Level1 provides high speed data at rest encryption for HP storage." |
| 2386 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Engine (Hardware Version: R800L1 or R800L1a; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/22/2015 01/28/2016 02/18/2016 08/04/2017 | 2/17/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Certs. #1748 and #1889); SHS (Certs. #2344 and #2504) -Other algorithms: AES (Cert. #2787, key wrapping) Multi-chip embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Engine provides high speed data at rest encryption for Hitachi storage." |
| 2385 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | µMACE (Hardware Version: P/N AT58Z04; Firmware Version: R01.07.01) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/22/2015 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1876, #2146 and #3089); SHS (Cert. #1619); HMAC (Cert. #1313); KAS (Cert. #28); ECDSA (Cert. #263) -Other algorithms: AES MAC (AES Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #1876, key wrapping); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
| 2382 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-7689 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar 7K6000 TCG Enterprise HDDs (Hardware Versions: P/Ns HUS726020AL4215 (0001) [1, 2, 4, 6, 7, 9]; HUS726020AL5215 (0001) [1, 2, 4, 9]; HUS726020ALS215 (0001) [3, 4, 9]; HUS726030AL4215 (0001) [1, 2, 4, 9]; HUS726030AL5215 (0001) [1, 2, 4, 9]; HUS726030ALS215 (0001) [3, 4, 9]; HUS726040AL4215 (0001) [1, 2, 4, 6, 7, 9]; HUS726040AL5215 (0001) [1, 2, 4, 9]; HUS726040ALS215 (0001) [3, 4 ,5, 9]; HUS726050AL4215 (0001) [1, 2, 4, 9]; HUS726050AL5215 (0001) [1, 2, 4, 9]; HUS726060AL4215 (0001) [1, 2, 4, 5, 6, 8, 9]; HUS726060AL5215 (0001) [1, 2, 4, 5, 9]; Firmware Versions: R519 [1], R7J0 [2], R7J7 [3], R907 [4], R9E0 [5], R910 [6], R930 [7], R9L0 [8] or RD05 [9]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 07/23/2015 10/14/2015 05/11/2016 08/30/2016 08/11/2017 | 8/29/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar 7K6000 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs." |
| 2381 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024C-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02)} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.7.00) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density." |
| 2380 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-701 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung UFS (Universal Flash Storage) Shark SED (Hardware Versions: KLUAG2G1BD-B0B2, KLUBG4G1BD-B0B1, KLUCG8G1BD-B0B1; Firmware Version: 0102) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2966); ECDSA (Cert. #544); SHS (Cert. #2494); DRBG (Cert. #563) -Other algorithms: NDRNG Single-chip "Samsung UFS Shark SED is a high-performance embedded storage that provides on-the-fly encryption/decryption of user data without performance loss and supports SSP (Secure Storage Protocol) v1.0. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and Hash_DRBG for key generation." |
| 2379 | Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Packet-Optical Platform 4x10G (Hardware Version: 1.0; Firmware Version: 1.10) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2963 and #2964); Triple-DES (Cert. #1759); SHS (Cert. #2493); HMAC (Cert. #1880); DRBG (Cert. #562); RSA (Cert. #1559); ECDSA (Cert. #543); CVL (Cert. #357) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering." |
| 2377 | Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA Kathryn Kriese TEL: 650-527-8000 CST Lab: NVLAP 200802-0 | Symantec PGP Cryptographic Engine (Software Version: 4.3) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/21/2015 07/06/2015 | 7/5/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Apple Mac OS X 10.7 with PAA running on Apple MacBook Pro Apple Mac OS X 10.7 without PAA running on Apple MacBook Pro Microsoft Windows 7 32-bit with PAA running on Dell M6600 Microsoft Windows 7 32-bit without PAA running on Dell M6400 Microsoft Windows 7 64-bit with PAA running on Dell M6600 Microsoft Windows 7 64-bit without PAA running on Dell M6400 Red Hat Enterprise Linux (RHEL) 6.2 32-bit with PAA running on Dell M6600 Red Hat Enterprise Linux (RHEL) 6.2 32-bit without PAA running on Dell M6400 Red Hat Enterprise Linux (RHEL) 6.2 64-bit with PAA running on Dell M6600 Red Hat Enterprise Linux (RHEL) 6.2 64-bit without PAA running on Dell M6400 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1675, #1676, #1683, #1684, #1711, #1712, #1713, #1714, #1715 and #1716); AES (Certs. #2766, #2786, #2799, #2805, #2866, #2867, #2868, #2869, #2870 and #2871); SHS (Certs. #2342, #2343, #2351, #2353, #2408, #2409, #2410, #2411, #2412 and #2413); HMAC (Certs. #1746, #1747, #1755, #1756, #1805, #1806, #1807, #1808, #1809 and #1810); RSA (Certs. #1459, #1465, #1466, #1468, #1503, #1504, #1505, #1508, #1509 and #1510); DSA (Certs. #846, #847, #848, #849, #859, #860, #861, #862, #863 and #864); ECDSA (Certs. #487, #488, #489, #490, #509, #510, #511, #512, #513 and #514); CVL (Certs. #240, #241, #248, #249, #302, #303, #304, #305, #306 and #307); DRBG (Certs. #473, #474, #478, #479, #510, #511, #512, #513, #514 and #515) -Other algorithms: AES EME2 (non-compliant); AES PlumbCFB (non-compliant); AESMixCBC (non-compliant); MD5; RIPEMD160; MD2; KECCEK; RC2; ARC4; IDEA; CAST5; TwoFish; BlowFish; El Gamal; PBKDF2 (non-compliant); KBKDF (non-compliant); OpenPGP S2K Iterated salted; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Symantec PGP Cryptographic Engine is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for Symantec Encryption products. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations." |
| 2376 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-4404 CST Lab: NVLAP 200802-0 | Aegis Secure Key 3.0 Cryptographic Module (Hardware Version: RevD; Firmware Versions: 6.5 and 6.5.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 02/02/2016 06/01/2016 | 5/31/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip standalone "The Aegis Secure Key 3.0 is a USB 3.0 portable encrypted memory key. Completely contained within a small footprint/boundary, the module is designed to allow simple, software free integration into various secure storage systems requiring a FIPS 140-2 validated encryption boundary." |
| 2375 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Drive West Houston, TX 77070 USA Catherine Schwartz CST Lab: NVLAP 200556-0 | HP P-Class Smart Array RAID Controllers (Hardware Versions: P230i, P430, P431, P731m, P830, and P830i; Firmware Version: 1.66) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/20/2015 | 5/19/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2902, #2903 and #2904); DRBG (Certs. #529, #530 and #531); HMAC (Certs. #1837, #1838 and #1839); SHS (Certs. #2442, #2443 and #2444); PBKDF (vendor affirmed) -Other algorithms: AES (Cert. #2902, key wrapping); NDRNG Multi-chip embedded "The HP P-Class Smart Array RAID Controllers are a family of serial-attached SCSI host bus adapters that provide intelligent storage array control. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest." |
| 2374 | Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA Edwin Wong TEL: 408-496-3517 FAX: 408-496-3481 CST Lab: NVLAP 100432-0 | Avaya WLAN 9100 Access Points (Hardware Versions: P/Ns WAO912200-E6GS [1], WAP913200-E6GS [2], WAP913300-E6GS [2], WAP917300-E6GS [2]; Enclosure (Form Factor): WAO912200-E6GS [1], WAB910003-E6 [2]; SKU WLB910001-E6; Firmware Version: AOS-7.1 or AOS-7.2.6) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/08/2015 08/07/2015 | 8/6/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5 Multi-chip standalone "Wireless LAN 9100 Access Points" |
| 2373 | Neopost Technologies, S.A. 113 Rue Jean Marin Naudin Bagneux 92220 France Nathalie TORTELLIER TEL: +33 1 45 36 30 72 FAX: +33 1 45 36 30 10 CST Lab: NVLAP 200983-0 | Neopost Postal Security Device (PSD) (Hardware Versions: A0014227-B, A0014227-C; Firmware Version: a30.00; P/N: A0038091-A) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/05/2015 06/21/2016 | 6/20/2021 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: ECDSA (Cert. #517); AES (Certs. #2874 and #2875); SHS (Cert. #2416); CVL (Cert. #310); RSA (Cert. #1513); DRBG (Cert. #518); HMAC (Cert. #1813) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Hardware RNG Multi-chip embedded "The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access." |
| 2372 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-5140B Chassis with FortiGate/FortiSwitch 5000 Series Blades (Hardware Versions: Chassis: P09297-01; Blades: P4CJ36-04, P4EV74, C4LG17 and P4EX84; AMC Component: P4FC12; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305, 141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/05/2015 | 5/4/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1996, #1997 and #1999); SHS (Certs. #2619, #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1806, #1807 and #1808); RSA (Certs. #1604, #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2371 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-3600C and FortiGate-3950B (Hardware Versions: C4MH12, [C4DE23 with P06698-02] with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2370 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiOS™ 5.0 (Firmware Versions: 5.0, build0305, 141216) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 05/04/2015 | 5/3/2020 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate-300C with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Certs. #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1997 and #1999); SHS (Certs. #2622 and #2624); Triple-DES (Certs. #1807 and #1808); RSA (Cert. #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 2369 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1500D and 3700D (Hardware Versions: C1AA64 [1] and C1AA92 [2] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,2]; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2368 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1000C, FortiGate-1240B, FortiGate-3140B and FortiGate-3240C (Hardware Versions: C4HR40 [1], C4CN43 [2], C4XC55 [3] and C4KC75 [4] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3,4] or FIPS-SEAL-BLUE [2]; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2367 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-100D, FortiGate-200B, FortiGate-200D, FortiGate-300C, FortiGate-600C and FortiGate-800C (Hardware Versions: C4LL40 [1], C4CD24 [2], C4KV72 [3], C4HY50 [4], C4HZ51 [5] and C4LH81 [6] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [2] or FIPS-SEAL-RED [1,3,4,5,6]; Firmware Versions: 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1996, #1997 and #1999); SHS (Certs. #2619, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1806, #1807 and #1808); RSA (Certs. #1604, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2366 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-60C/60D/80C and FortiWiFi-60C/60D (Hardware Versions: C4DM93 [1], C1AB28 [2], C4BC61[3], C4DM95 [4], and C1AB32 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [3] or FIPS-SEAL-RED [1,2,4,5]; Firmware Versions: 5.0, build0305, 141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3167, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1997 and #1999); SHS (Certs. #2619, #2620, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1807 and #1808); RSA (Certs. #1604, #1605, and #1607); CVL (Certs. #415 and #416) -Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2365 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 5508 Wireless LAN Controller (Hardware Versions: 5508 with 5508 FIPS kit (AIR-CT5508FIPSKIT=) and CN56XX; Firmware Versions: 8.0 with SNMP Stack v15.3, OPENSSL-0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPTO-7.0.0) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/04/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906 ); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-chip standalone "The Cisco 5500 Series Wireless Controller, is a highly scalable and flexible platform that enables system-wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2364 | Dell, Inc. 5450 Great America Parkway Santa Clara, CA 95054 USA Srihari Mandava TEL: 408-571-3522 Jeff Yin TEL: 408-571-3689 CST Lab: NVLAP 200002-0 | Dell OpenSSL Cryptographic Library (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/28/2015 | 4/27/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Dell Networking OS 9.6(0.0) running on a Dell Networking S4810, Dell Networking S4820T, Dell Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell Networking Z9000 , Dell Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator (single-user mode) -FIPS Approved algorithms: AES (Cert. #2971); DRBG (Cert. #565); DSA (Cert. #884); HMAC (Cert. #1883); RSA (Cert. #1560); SHS (Cert. #2497); Triple-DES (Cert. #1760) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); ANSI X9.31 RNG (non-compliant); Triple-DES CMAC (non-compliant); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant) Multi-chip standalone "Dell OpenSSL Cryptographic Library v2.1 is used within various Dell Networking products, including the S and Z-Series. Dell Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell Networking OS." |
| 2363 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 5760 Wireless LAN Controller (Hardware Version: Cisco Systems 5760 Wireless LAN Controller; Firmware Version: IOS XE 03.06.00aE) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/27/2015 | 4/26/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 5760 Wireless Controller is an industry-leading platform designed for 802.11ac networks with maximum performance and services at scale, combined with high availability for mission-critical wireless networks." |
| 2362 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Nick Goble TEL: 978-318-7544 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV1800-C [1], SV1800-F [2] and SV2800 [3]; 090-03061 [1], 080-03560 [1], 090-03062 [2], 080-03561 [2], 090-03063 [3] and 080-03562 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/23/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305 Multi-chip standalone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2361 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Nick Goble TEL: 978-318-7544 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV3800; 090-03064 and 080-03563 with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/23/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305 Multi-chip standalone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2360 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | IPCryptR2 (Hardware Version: BLN1306A; Firmware Version: R06.01.00) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/13/2015 01/30/2017 | 1/29/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Certs. #1292 and #2381); ECDSA (Cert. #498); CVL (Certs. #262 and #263); HMAC (Cert. #1780) -Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (Cert. #1424, key wrapping; key establishment provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-chip standalone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems." |
| 2358 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 FAX: n/a CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/13/2015 | 4/12/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2357 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2356 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/30/2015 05/29/2015 05/02/2017 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Cert. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) -Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography." |
| 2356 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17042) (When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/19/2015 05/29/2015 05/02/2017 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Cert. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) -Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)." |
| 2355 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/17/2015 05/18/2015 05/02/2017 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. #2373) -Other algorithms: MD5 Multi-chip standalone "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk." |
| 2354 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro,Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series (Software Versions: 6.3.9600 and 6.3.9600.17031) (When installed, initialized and configured as specified in the Security Policy Section 2 with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry, Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/23/2015 05/29/2015 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832) -Other algorithms: N/A Multi-chip standalone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
| 2353 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/23/2015 05/18/2015 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. #2373 and #2396) -Other algorithms: MD5 Multi-chip standalone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
| 2352 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3; Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/10/2015 05/18/2015 05/02/2017 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396) -Other algorithms: MD5; NDRNG Multi-chip standalone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
| 2351 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/12/2015 04/10/2015 05/02/2017 | 4/9/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. #2373 and #2396) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-chip standalone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
| 2350 | Canon Inc. 30-2 Shimomaruko 3-chome Ohta-ku, Tokyo 146-8501 Japan Yoichi Toyokura TEL: +81-3-3758-2111 FAX: +81-3-3758-1160 CST Lab: NVLAP 200822-0 | Canon MFP Security Chip (Hardware Versions: FK4-1731A, FK4-1731B; Firmware Versions: 2.10, 2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate JCMVP Cert. #J0021 Security Policy | Hardware | 04/20/2015 01/31/2017 | 1/30/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2907); SHS (Cert. #2601); DRBG (Cert. #638) -Other algorithms: NDRNG Multi-chip embedded "The Canon MFP Security Chip handles cryptography for the storage device of the Canon MFP/printer. The Canon MFP Security Chip realizes high-speed data encryption/decryption through a serial ATA interface, using AES CBC mode. This allows the Canon MFP/printer's storage device to be protected against the risk of information leakage, without compromising objectives such as extensibility, flexibility, usability, and high performance." |
| 2349 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/15/2015 04/14/2016 | 4/13/2021 | Overall Level: 2 Multi-chip standalone |
| 2348 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar He8 TCG Enterprise HDDs (Hardware Versions: HUH728080AL5205 (0001) [1, 2, 3, 4, 7, 9, 10, 11], HUH728060AL5205 (0001) [1, 2, 3, 4, 10], HUH728080AL4205 (0001) [1, 2, 3, 4, 5, 6, 7, 8, 10] and HUH728060AL4205 (0001) [1, 2, 3, 4, 10]; Firmware Versions: R515 [1], R55B [2], R7J0 [3], R907 [4], R920 [5], R9D0 [6], R9E2 [7], R9L0 [8], RAG1 [9], RD05 [10] or RD51 [11]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/17/2015 05/08/2015 07/23/2015 04/28/2016 06/24/2016 05/02/2017 05/23/2017 08/04/2017 08/11/2017 | 6/23/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DRBG (Cert. #302); AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar He8 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs." |
| 2343 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Peter Tsai TEL: (408) 433-6000 FAX: (408) 844-8638 Peter Henschied TEL: (408) 433-6000 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Encryption Expert Cryptographic Module (Software Version: 5.1.3) (When operated in FIPS mode. When operating on Windows 8 R2, requires module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/24/2015 | 3/23/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 2008 R2 64-bit running on a Lenovo Thinkpad T61 HPUX 11i v3 64-bit running on an HP Server rx7620 AIX 6.1 64 bit running on an AIX IBM P7 8233 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1168 and #2807); Triple-DES (Certs. #846 and #1685); SHS (Certs. #2355 and #2390); HMAC (Certs. #1758 and #1788) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services." |
| 2342 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Peter Tsai TEL: (408) 433-6000 FAX: (408) 844-8638 Peter Henschied TEL: (408) 433-6000 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Encryption Expert Cryptographic Module (Hardware Version: E5-2670; Software Version: 5.1.3) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 03/24/2015 | 3/23/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 running on a Supermicro X9DR7, SUSE Linux Enterprise Server 11 SP 2 running on a Supermicro X9DR7 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2807); Triple-DES (Cert. #1685); SHS (Cert. #2355); HMAC (Cert. #1758) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services." |
| 2341 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 3850 Series Switches and Cisco Catalyst 3650 Series Switches (Hardware Versions: Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches [1] and Cisco Field Replaceable Uplink Network Modules [1]; Firmware Version: IOS XE 03.06.00aE) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2015 | 3/19/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5, MD5, RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 3650 and 3850 Series family is the next generation of enterprise-class standalone and stackable access/aggregation layer switches that provide full convergence between wired and wireless on a single platform." |
| 2340 | Veritas Technologies LLC 500 East Middlefield Road Mountain View, CA 94043 USA Mohit Goyal TEL: 612- 310-8283 CST Lab: NVLAP 100432-0 | Veritas NetBackup Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/20/2015 02/11/2016 04/22/2016 04/27/2016 | 4/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell Optiplex 755 CentOS 6.3 on a Dell Optiplex 755 SUSE Linux Enterprise 11SP2 on a Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Veritas NetBackup Cryptographic Module provides cryptographic functions for Veritas NetBackup." |
| 2338 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS Combi PKI Native Smart Card (Hardware Versions: RS46X and RS47X; Firmware Versions: HardMask: 2.3 and SoftMask: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/16/2015 | 3/15/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1616); SHS (Cert. #2262); RSA (Cert. #1393); DRBG (Cert. #441) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1616, key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength) Single-chip "The HiCOS Combi PKI native smart card module is a single chip implementation of a cryptographic module that supports ISO-7816 contact interface and ISO-14443 contactless interface. The HiCOS Combi PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, the contactless faceplate, and the electronic connectors between the chip and contact pad/antenna, all contained within an epoxy substrate." |
| 2336 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-636M-HSE CyberFence Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/11/2015 03/29/2016 05/27/2016 | 5/26/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2060 and #2078); CVL (Cert. #285); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); KTS (AES Cert. #2060 and HMAC Cert. #1253; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1491); SHS (Certs. #1801 and #1807) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); SNMPv3 KDF (non-compliant) Multi-Chip Embedded "3e-636-HSE module provides high speed low latency dedicated Layer 2 data encryption for enhanced network security and performance. It supports multiple VLANs with bypass mode. Each VLAN uses its own data encryption key for data privacy and per data packet integrity." |
| 2333 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Osamu Kawashima TEL: +81-90-6171-0253 FAX: +81-45-890-2492 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (Hardware Versions: A0 with AL13SXQ300NB, AL13SXQ450NB or AL13SXQ600NB; Firmware Version: 0101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/03/2015 | 3/2/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2877); SHS (Cert. #2418); RSA (Cert. #1515); DRBG (Cert. #519) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2330 | Protegrity USA Inc. 5 High Ridge Park 2nd Fl. Stamford, Connecticut 06905 USA Yigal Rozenberg TEL: 203-428-4526 FAX: 203-348-1251 Raul Ortega TEL: 203-428-4713 FAX: 203-569-4013 CST Lab: NVLAP 200658-0 | Protegrity Cryptographic Module (Software Version: 1.0) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/03/2015 | 3/2/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux SLES 11 64-bit running on IBM x3550 model 7978 IBM z/OS 2.1 running on IBM zEC12 Microsoft Windows Server 2008 64-bit running on IBM x3550 model 7978 (single user mode) -FIPS Approved algorithms: AES (Certs. #2922, #2923 and #2926); Triple-DES (Certs. #1735, #1736 and #1739); HMAC (Certs. #1849, #1850 and #1853); SHS (Certs. #2458, #2459 and #2462) -Other algorithms: DTP2-AES; DTP2-TDES; DTP2-HMAC-SHA1; CUSP-AES; CUSP-TDES; MD5; HMAC-MD5 Multi-chip standalone "The Protegrity Cryptographic Module is a software module that provides FIPS validated cryptographic services for Protegrity Data Security products." |
| 2329 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/12/2015 | 2/11/2020 | Overall Level: 3 Multi-chip standalone |
| 2328 | Zebra Technologies Corporation 475 Half Day Road, Suite 500 Lincolnshire, IL 60069 USA Erv Comer TEL: 480-628-7901 Tom McKinney TEL: 631-738-3586 CST Lab: NVLAP 100432-0 | Fusion Wireless LAN Cryptographic Module for WM/CE (Hardware Versions: P/Ns WL1283CYFVR (Rev C), WL1273LYFVR, WL1273BYFVR, WL1271BYFVR, WL1270BYFVR; Firmware Version: 1.01; Software Version: X_2.02.0.0.4) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/10/2015 02/19/2016 | 2/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Mobile 6.5 running on MC67 Windows CE7.0 running on WT41 Windows CE7 running on MC18 Windows Mobile 6.5 running on MC55N0 Windows CE6 running on MC2180 Windows CE6 running on SB1 Windows CE 6.0 running on 7528x Windows Embedded Handheld 6.5 running on 7528x (single-user mode) -FIPS Approved algorithms: AES (Certs. #2997, #2998, #2999, #3000 and #3001); HMAC (Cert. #1898); SHS (Cert. #2512) -Other algorithms: N/A Multi-chip standalone "The Fusion module secures the WLAN radio for numerous deviceson the Windows Mobile and CE operating systems. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government." |
| 2327 | Giesecke+Devrient Mobile Security GmbH Prinzregentenstrasse 159 Munich D-81677 Germany Steffen Heinrich TEL: +49-89/4119-2453 CST Lab: NVLAP 100432-0 | Sm@rtCafé Expert 7.0 (Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/10/2015 07/03/2017 08/04/2017 | 2/9/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2720 and #2721); CVL (Certs. #177, #1192 and #1193); DSA (Cert. #837); DRBG (Cert. #455); ECDSA (Cert. #476); KBKDF (Cert. #18); RSA (Certs. #1506 and #1507); SHS (Certs. #2288, #2289 and #2890); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed) -Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides 128 to 256 bits of encryption strength); TRNG Single-chip "Sm@rtCafé Expert 7.0 is a Smart Card based on Java Card and GlobalPlatform Technology. Sm@rtCafé Expert 7.0 conforms to Java Card Classic Platform Specification 3.0.4 and GlobalPlatform Card Specification Version 2.2.1 supporting Secure Channel Protocol 03, Card Specification V2.2 Amendment D. The product is suitable for government and corporate identification, payment and banking, health care, and authentication" |
| 2326 | HGST, a Western Digital company 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C10K1800 TCG Enterprise HDDs (Hardware Versions: HUC101818CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101818CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21], HUC101818CS4205 (3), [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21], HUC101812CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101812CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20, 21], HUC101890CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20, 21], HUC101860CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101845CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101845CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20, 21], HUC101845CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20, 21], HUC101812CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101812CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101830CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101830CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101830CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21]; Firmware Versions: R1A0 [1], R3B0 [2], R3F0 [3], R3R0 [4], R3R2 [5], R3T0 [6], R3X0 [7], R3X2 [8], R703 [9], R770 [10], R7R1 [11], NA00 [12], NE00 [13], R801 [14], NE02 [15], R7G2 [16], R904 [17], R920 [18], R940 [19], R990 [20] and RA01 [21]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/10/2015 03/13/2015 07/23/2015 11/19/2015 11/27/2015 01/28/2016 04/19/2016 12/19/2016 | 12/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C10K1800 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2322 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches (Hardware Versions: [BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8-BND-AC, BR-VDX8770-8-BND-DC] w/ Field Replaceable Units (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 & 80-1006429-01) BR-VDX6710-54-F, BR-VDX6710-54-R, BR-VDX6720-16-F (80-1004566-07 & 80-1006701-02) BR-VDX6720-16-R (80-1004567-07 & 80-1006702-02) BR-VDX6720-24-F (80-1004564-07 & 80-1006699-02) BR-VDX6720-24-R (80-1004565-07 & 80-1006700-02) BR-VDX6720-40-F (80-1004570-07 & 80-1006305-02) BR-VDX6720-40-R (80-1004571-07 & 80-1006306-02) BR-VDX6720-60-F (80-1004568-07 & 80-1006303-02) BR-VDX6720-60-R (80-1004569-07 & 80-1006304-02) BR-VDX6730-16-F (80-1005649-03 & 80-1006709-02) BR-VDX6730-16-R (80-1005651-03 & 80-1006711-02) BR-VDX6730-24-F (80-1005648-03 & 80-1006708-02) BR-VDX6730-24-R (80-1005650-03 & 80-1006710-02) BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-40-F (80-1005680-03 & 80-1006719-02) BR-VDX6730-40-R (80-1005681-03 & 80-1006720-02) BR-VDX6730-60-F (80-1005679-03 & 80-1006718-02) BR-VDX6730-60-R (80-1005678-03 & 80-1006717-02) BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64-ALLSW-F, BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F & BR-VDX6740T-64-ALLSW-R w/ FIPS Kit P/N Brocade XBR-000195; Firmware Version: Network OS (NOS) v4.0.0 (P/N 63-1001271-01)) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3, 4, 5, 6 and 7 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2015 | 2/1/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #1965 and #1966); RSA (Certs. #1174, #1175, #1280 and #1282) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; NDRNG; Triple-DES (non-compliant); AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; 3DES; BLOWFISH-CBC; CAST128; ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments." |
| 2319 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | McAfee NGFW Cryptographic Library (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/28/2015 | 1/27/2020 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320 Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955); Triple-DES (Certs. #1752, #1753, #1754, #1755, #1756 and #1757); DSA (Certs. #878, #879, #880, #881, #882 and #883); RSA (Certs. #1549, #1550, #1551, #1552, #1553 and #1554); ECDSA (Certs. #537, #538, #539, #540, #541 and #542); DRBG (Certs. #549, #550, #551, #552, #553, #554, #555 and #556); SHS (Certs. #2482, #2483, #2484, #2485, #2486 and #2487); HMAC (Certs. #1869, #1870, #1871, #1872, #1873 and #1874); CVL (Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355) -Other algorithms: Diffie-Hellman (CVL Certs. #344, #346, #348, #350, #352 and #354, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip standalone "The McAfee NGFW Cryptographic Library is a software module thatprovides cryptographic services required by the McAfee NGFW product." |
| 2318 | Symantec Corporation 303 2nd Street 1000N San Francisco, CA 94107 USA Rajesh Devadasan CST Lab: NVLAP 200556-0 | Symantec DLP Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/28/2015 06/28/2016 | 6/27/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 on a Dell OptiPlex 755 Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 Apple Mac OS X 10.7 (64-bit) on a MacBook Air Apple Mac OS X 10.7 (32-bit) on a MacBook Air (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1495); AES (Cert. #2397); DSA (Cert. #749); ECDSA (Cert. #395); RSA (Cert. #1240); SHS (Cert. #2060); DRBG (Cert. #318); HMAC (Cert. #1490) -Other algorithms: PRNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual_EC_DRBG; RSA (key wrapping; key establishment provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The module, the Symantec DLP Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the Symantec Data Loss Prevention solution." |
| 2317 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module (Hardware Versions: ST6000NM0114 [1,2,3,4,5,6,7,8,9], ST4000NM0114 [1,2,3,4,5,6,7,8,9], ST2000NM0114 [1,2,3,4,5,6,7,8,9], ST6000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST4000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST2000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST6000NM0094 [30], ST4000NM0094 [30], ST2000NM0094 [30], ST6000NM0084 [31,32], ST4000NM0084 [31,32], ST2000NM0084 [31,32], ST8000NM0125 [33,34,35,36,37,38,39,40,41,42,43,44,45], ST8000NM0135 [46,47,48,49,50,51,52,53,54,55,56,57,58,59,60], ST8000NM0145 [61,62], ST8000NM0155 [63,64], ST6000NM0255 [65,66], ST4000NM0135 [67,68,69,70,71,72,73,74,75,76,77], ST3000NM0045 [78,79,80,81,82,83,84,85,86,87,88], ST6000NM0285 [89,90,91,92,93,94,95,96,97,98,99], ST4000NM0235 [100,101,102,103,104,105,106,107,108,109,110], ST6000NM0265 [111,112], ST4000NM0105 [113], ST3000NM0055 [114], ST6000NM0275 [115,116,117], ST4000NM0225 [118,119], ST600MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST450MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST300MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST600MP0085 [133,134], ST450MP0085 [133,134], ST300MP0085 [133,134], ST600MP0055 [135,136], ST450MP0055 [135,136], ST300MP0055 [135,136], ST600MX0102 [137,138,139,140], ST600MX0072 [141,142], ST1800MM0048 [143,144,145,146,147,148,149,150], ST1200MM0048 [143,144,145,146,147,148,149,150], ST900MM0048 [143,144,145,146,147,148,149,150], ST600MM0048 [143,144,145,146,147,148,149,150], ST1800MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST1200MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST900MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST600MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST1200MM00108 [162,163,164,165,166,167,168,169,170,171,172,173], ST600MM00108 [162,163,164,165,166,167,168,169,170,171,172,173], ST1800MM0118 [174,175,176], ST1200MM0118 [174,175,176], ST900MM0118 [174,175,176], ST600MM0118 [174,175,176], ST1800MM0158 [177,178], ST1200MM0158 [177,178], ST900MM0158 [177,178], ST600MM0158 [177,178], ST2000NX0333 [179,180,181,182,183,184,185], ST2000NX0353 [186,187,188,189,190,191,192,193,194,195], ST2000NX0453 [196,197] and ST1000NX0483 [198,199]; Firmware Versions: KF01[1], MT13[2], MF14[3], MF15[4], ETB1[5], MF17[6], KF05[7], MF18[8], KFH5[9], EF01[10], MEE4[11], HP00[12], MEE5[13], MEE6[14], MEE8[15], NE01[16,160], MSE1[17], MEE9[18], NE02[19], 3P00[20,49,161], 3P01[21,54], 3P02[22,58], NA00[23,98,109], EF05[24], MEEA[25], 3P03[26], NA01[27], MEEB[28], MEEC[29], NF05[30], ZZZZ[31], SF05[32], KFF1[33], PF11[34], PF12[35], UJ80[36], KF02[37,143,174,179], UV01[38], UJ81[39], PF13[40], KF03[41,65,133,137,183], PF14[42], UV05[43], UJ83[44], PF15[45], EFF1[46], PSE1[47], EF02[48,116,118,151,177,186], PSE3[50], FC70[51], NE03[52], FC71[53], EF03[55,93,104,135,141,190], FCD2[56], FC72[57], FCD3[59], FC73[60], NF01[61], NF02[62,69,80,112,162], SF01[63,111,115], SF02[64], DF12[66], DSF1[67,78], FK80[68,79], FK81[70,81], BE05[71,82], BF82[72,83], NF03[73,84,120,167], DSF2[74,85], DEC1[75,86], FK82[76,87], FK83[77,88], DEE2[89,100], DEE3[90,101], FC80[91,102], FC81[92,103], PSE4[94,105], DEE4[95,106], FC82[96,107], NE00[97,108], FC83[99,110], TF02[113,114], SF03[117,119], VSC4[121], VEC3[122], VEC4[123], VEC5[124], VSC5[125], VEC7[126], VEC8[127], VEC9[128], NF04[129,172,197,199], VSC6[130], VECA[131], VECB[132], KF04[134,140,148,176,184], ED04[136], VT13[138], VT14[139], EF04[142,159,178,193], TF12[144], TF13[145], TF16[146], 4201[147], TF17[149], TF18[150], TEE3[152], TEE4[153], TEE5[154], TEE8[155], TSE1[156], TEE9[157], TEEA[158], TSC4[163], TEC3[164], TEC4[165], TEC5[166], TSC5[168], TEC7[169], TEC8[170], TEC9[171], TSC6[173], TT13[175], NT17[180], NF13[181], NF14[182], NF15[185], NEE3[187], NEE4[188], NEE5[189], FD30[191], FD31[192], NEE6[194], FD32[195] and NSF1[196,198]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/21/2015 02/13/2015 03/13/2015 05/08/2015 06/09/2015 07/23/2015 09/30/2015 12/22/2015 01/04/2016 04/19/2016 06/03/2016 07/27/2016 10/13/2016 12/02/2016 12/20/2016 03/13/2017 04/03/2017 06/22/2017 | 12/19/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343, #2803, #2841, #2842 and #2947); DRBG (Cert. #62); HMAC (Cert. #1597); PBKDF (vendor affirmed); RSA (Cert. #1021); SHS (Certs. #1225, #2352 and #2383) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Enterprise Capacity® HDD v4 Self-Encrypting Drives model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2316 | Cavium Networks 2315 N First Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 Tasha Castaneda TEL: 408-943-7380 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1610-NFBE1-3.0-FW-2.2-G, CN1620-NFBE1-3.0-FW-2.2-G, CN1620-NFBE3-3.0-FW-2.2-G, CN1610-NFBE1-2.0-FW-2.2-G, CN1620-NFBE1-2.0-FW-2.2-G, CN1620-NFBE3-2.0-FW-2.2-G and FN1620‐NFBE2‐G; Firmware Versions: CN16XX-NFBE-FW-2.2-130013 and CN16XX-NFBE-FW-2.2-130014) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/21/2015 07/23/2015 12/04/2015 06/10/2016 06/24/2016 | 6/23/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265, #1266 and #2899); CVL (Cert. #166); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #801, #1166 and #1379); Triple-DES (Cert. #898) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 9000 RSA 2k-bit operations per second and 5 Gbps of bulk crypto." |
| 2315 | Software House, a brand of Tyco Security Products 6 Technology Park Drive Westford, MA 01886 USA Lou Mikitarian TEL: 978-577-4125 Rick Focke TEL: 978-577-4266 CST Lab: NVLAP 200928-0 | iSTAR Ultra Door Controller (Hardware Versions: USTAR008, USTAR016 and USTAR-GCM-2U with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/15/2015 | 1/14/2020 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293) -Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG Multi-chip standalone "The iSTAR Ultra door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Ultra controls up to 32 doors. The iSTAR Ultra records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Ultra can be deployed individually or in clusters. The iSTAR Ultra features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster." |
| 2313 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200416-0 | Acme Packet 4500 (Hardware Version: A1; Firmware Version: C6.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1373 and #1378); HMAC (Certs. #519, #900 and #907); RSA (Cert. #753); DRBG (Cert. #68) -Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG Multi-chip standalone "The Acme Packet 4500 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders." |
| 2312 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200416-0 | Acme Packet 3820 (Hardware Version: A1; Firmware Version: C6.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1372 and #1378); HMAC (Certs. #519, #899 and #907); RSA (Cert. #754); DRBG (Cert. #67) -Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG Multi-chip standalone "The Acme Packet 3820 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders." |
| 2311 | SecuTech Solutions PTY LTD Suite 514, 32 Delhi Road North Ryde, NSW 2113 Australia Fujimi Bentley TEL: 00612-98886185 FAX: 00612-98886185 Joseph Sciuto TEL: 00612-98886185 FAX: 00612-98886185 CST Lab: NVLAP 200658-0 | UniMate USB/TRRS PKI Token (Hardware Version: 2.11; Firmware Version: 5.1.6) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2836); Triple-DES (Cert. #1696); RSA (Cert. #1478); SHS (Cert. #2377); DRBG (Cert. #492); HMAC (Cert. #1777) -Other algorithms: HW RNG Multi-chip standalone "The UniMate USB/TRRS (Audio Port) PKI token is a hardware cryptographic module. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user's private and public key pairs can be generated and stored on the embedded chip within the UniMate cryptographic module. The private key can never be exported. UniMate provides the USB interface and audio port (TRRS) that can connect the module to a computer and smart mobile device. The UniMate implements type A USB 1.1 specifications and USB CCID protocol." |
| 2310 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX ™ 6610, ICX 6450, ICX 6650, ICX 7750 and SX 800/1600 Series (Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-C12-PD (P/N 80-1007578-01), FI-SX800-S (P/N 80-1003050-03; 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02; 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02; 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-FI-2XGMR-XL (P/N 80-1006607-01), SX-FI-2XGMR-XL-PREM6 (P/N 80-1007349-01), Filler Panels (P/N 11456-005; 11457-006; 18072-004), ICX6650-32-E-ADV (P/N 80-1007115-02), ICX6650-32-I-ADV (P/N 80-1007116-02), ICX6650-40-E-ADV (P/N 80-1007179-03), ICX6650-40-I-ADV (P/N 80-1007181-03), ICX6650-48-E-ADV (P/N 80-1007180-03), ICX6650-48-I-ADV (P/N 80-1007182-03), ICX6650-56-E-ADV (P/N 80-1007117-03), ICX6650-56-I-ADV (P/N 80-1007118-03), ICX6650-80-E-ADV (P/N 80-1007119-03), ICX6650-80-I-ADV (P/N 80-1007120-03), ICX7750-48F (P/N 80-1007607-01), ICX7750-48C (P/N 80-1007608-01) and ICX7750-26Q (P/N 80-1007609-01)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.10) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 12 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/08/2015 | 1/7/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1612, #1613, #1614, #1615 and #1617); AES (Certs. #2686, #2687, #2688, #2690 and #2697); SHS (Certs. #2257, #2258, #2259, #2260 and #2265); HMAC (Certs. #1673, #1674, #1675, #1676 and #1679); DRBG (Certs. #436, #437, #438, #439 and #442); RSA (Certs. #1386, #1387, #1388, #1391 and #1396); CVL (Certs. #154, #155, #156, #159 and #161) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); MD5; DES; NDRNG; HMAC-MD5; DSA (non-compliant) Multi-chip standalone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch." |
| 2309 | Software House, a brand of Tyco Security Products 6 Technology Park Drive Westford, MA 01886 USA Lou Mikitarian TEL: 978-577-4125 Rick Focke TEL: 978-577-4266 CST Lab: NVLAP 200928-0 | iSTAR Edge Door Controller (Hardware Versions: ESTAR001, ESTAR001-POE1, ESTAR002, ESTAR002-POE1, ESTAR004 with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/13/2015 | 1/12/2020 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293) -Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG Multi-chip standalone "The iSTAR Edge door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Edge controls up to four doors. The iSTAR Edge records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Edge can be deployed individually or in clusters. The iSTAR Edge features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster." |
| 2308 | SAP AG Albert-Einstein-Allee 3 Bensheim 64625 Germany Stephan André TEL: +49-6251-708-1730 FAX: +49-6227-78-55975 Thomas Rothe TEL: +49-6251-708-2339 FAX: +49-6227-78-55989 CST Lab: NVLAP 200636-0 | SAP NW SSO 2.0 Secure Login Library Crypto Kernel (Software Version: 2.0.0.1.32) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/06/2015 | 1/5/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with AIX 5.1 64-bit running on a Fujitsu Esprimo P5925 AIX 5.2 64-bit running on a IBM eServer pSeries 630 Model 6C4 AIX 6.1 64-bit on Vmware ESX 4.1.0 running on a IBM Power 770 HP-UX 11.00 64-bit running on a HP 9000 L3000 HP-UX 11.11 64-bit running on a HP 9000 rp5470 HP-UX 11.23 64-bit running on a HP Integrity rx5670 HP-UX 11.31 64-bit running on a HP 9000 rp3440 HP-UX 11.31 64-bit running on a HP Integrity rx6600 Linux 2.4.18 running on a IBM eServer xSeries 235 Linux 2.4.19 running on a HP Integrity rx2600 Linux 2.4.21 running on a Fujitsu Primergy TX300 Linux 2.6.16 on Vmware ESX 4.1.0 running on a IBM Power 595 Linux 2.6.16 running on a HP ProLiant DL385 G2 Linux 2.6.27 on Vmware ESX 4.1.0 running on a IBM eServer xSeries 235 Linux 2.6.32 on Vmware ESX 5.0.0 running on a IBM Power 770 Linux 2.6.32 running on a Fujitsu Esprimo P9900 E-Star5 with PAA Linux 2.6.32 running on a IBM eServer xSeries 3655 without PAA Linux 2.6.5 on Vmware ESX 4.1.0 running on a IBM S/390 Linux 2.6.5 on Vmware ESX 5.0.0 running on a IBM System p5 595 Linux 2.6.5 running on a HP Integrity rx5670 Linux 2.6.5 running on a IBM System x3755 Linux 2.6.5 running on a IBM eServer xSeries 250 Mac OS X 10.7 64-bit running on a MacPro Solaris 5.10 64-bit running on a Fujitsu PrimePower 650 Solaris 5.10 64-bit running on a Sun Fire X4150 Solaris 5.8 64-bit running on a Fujitsu GP7000F400R Solaris 5.9 64-bit running on a Sun Fire V880 Tru64 Unix 5.1 running on a Compaq AlphaServer ES40 Windows 7 Enterprise SP1 64-bit running on a Lenovo ThinkCentre M90P with PAA Windows Server 2008 R2 on Vmware ESX 4.1.0 running on a IBM System x3755 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2370, #2371 and #2372); Triple-DES (Certs. #1481, #1482 and #1483); DSA (Certs. #741, #742 and #743); RSA (Certs. #1225, #1226 and #1227); HMAC (Certs. #1472, #1473 and #1474); DRBG (Certs. #306, #307 and #308); SHS (Certs. #2042, #2043 and #2044) -Other algorithms: IDEA; RC2; RC5-32; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "SAP NW SSO 2.0 Secure Login Library Crypto Kernel v2.0.0.1.32 is a shared library, i.e. it consists of software only. SAP NW SSO 2.0 Secure Login Library Crypto Kernel provides an API in terms of C++ methods for key management and operation of cryptographic functions." |
| 2307 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | DataTraveler DT4000 G2 Series USB Flash Drive (Hardware Versions: DT4000 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/06/2015 11/20/2015 | 11/19/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); RSA (Cert. #1480); SHS (Cert. #2379); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Kingston's DataTraveler DT4000 G2 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen." |
| 2306 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module (Hardware Version: 1.0; Firmware Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/06/2015 06/03/2016 | 6/2/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1611 and #2060); SHS (Cert. #1801); RSA (Cert. #1491); ECDSA (Cert. #303); DRBG (Cert. #822); CVL (Cert. #285) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip embedded "3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module provides secured ISA 100.11a wireless communication services. Acting as industrial access point, it enables connectivity between remote field devices to securely relay process monitoring, automation, and network data securely back to the network." |
| 2302 | SecureMetric Technology Sdn. Bhd. 2-2, Incubator 2, Technology Park Malaysia, Lebuhraya Sg. Besi - Puchong, Bukit Jalil Kuala Lumpur 57000 Malaysia Nioo Yu Siong TEL: +603-8996 8225 FAX: +603-8996 7225 Edward Law TEL: +603-8996 8225 FAX: +603-8996 7225 CST Lab: NVLAP 100432-0 | ST3 ACE Token (Hardware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/09/2015 05/08/2015 | 5/7/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "ST3 ACE Token is a USB token containing SECUREMETRIC¦s own SECUREMETRIC-FIPS-COS cryptographic operating system. The SECUREMETRIC -FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support SECUREMETRIC¦s USB token. ST3 ACE Token is a secure microprocessor smart chip based USB token that work as a miniature cryptography computer designed for strong 2-Factor Authentication (2FA) and identification to support network login, secure online transaction, digital signatures and sensitive data protection." |
| 2298 | Ultra Electronics AEP Knaves Beech Business Centre Loud Water High Wycombe Buckinghamshire HP10 9UT United Kingdom Rob Stubbs CST Lab: NVLAP 200556-0 | Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module (Hardware Version: 2870-G1; Firmware Versions: 2r3 and 2r4) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2015 05/29/2015 | 5/28/2020 | Overall Level: 4 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #2255 and #2782); HMAC (Certs. #1671 and #2138); RSA (Cert. #1384); DSA (Cert. #813); ECDSA (Cert. #470); Triple-DES (Cert. #1610); Triple-DES MAC (Triple-DES Cert. #1610, vendor affirmed); AES (Cert. #2684); DRBG (Certs. #434 and #786) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); XOR_BASE_AND_DATA KDF (non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); SPKM KDF (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 KDF (non-compliant); Triple-DES KDF (Triple-DES Cert. #1610; non-compliant) Multi-chip embedded "The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications." |
| 2293 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2015 | 1/7/2020 | Overall Level: 2 Multi-chip standalone |