Last Updated: 8/31/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
---|---|---|---|---|---|---|
2810 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-745-2000 Seyed Safakish TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | EX4300 Ethernet Switches (Hardware Versions: P/N EX4300-24P, EX4300-24T, EX4300-48P, EX4300-48T, EX4300-32F with 520-052564 (Tamper Seal); Firmware Version: JUNOS 14.1X53-D30.3) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/21/2016 | 12/20/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3655); CVL (Cert. #668); DRBG (Cert. #984); ECDSA (Cert. #763); HMAC (Certs. #2404 and #2405); SHS (Certs. #3072 and #3073); Triple-DES (Cert. #2045) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; arcfour; blowfish; cast128; Diffie-Hellman (non-compliant); DSA; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; ripemd160; RSA (non-compliant); umac-64; umac-128 Multi-Chip Stand Alone "Juniper Networks EX4300 Ethernet Switches combine the carrier-class reliability of modular systems with the economics of stackable platforms, delivering a high-performance, scalable solution for data center and campus office environments. Offering a full suite of Layer 2 and Layer 3 switching capabilities, EX4300 switches offer 24 or 48-port 10/100/1000BASE-T configurations with redundant, hot-swappable internal power supplies and field-replaceable fans to ensure maximum uptime. In addition, Power over Ethernet (PoE)-enabled EX4300 switch models offer standards-based 802.3at PoE+." |
2809 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 100432-0 | Protiva™ PIV v1.55 on TOP DL v2 (Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55) (When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1690.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/20/2016 | 12/19/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1363); CVL (Certs. #217 and #224); ECDSA (Cert. #172); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
2808 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Jongseong Kim TEL: 82-10-4535-0110 FAX: 82-2-6950-2080 Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 CST Lab: NVLAP 100432-0 | LG OpenSSL Cryptographic Module (Software Version: 2.0.8) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985) Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3291); CVL (Cert. #468); DRBG (Cert. #749); DSA (Cert. #944); ECDSA (Cert. #638); HMAC (Cert. #2089); RSA (Cert. #1684); SHS (Cert. #2730); Triple-DES (Cert. #1876) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of strength); PRNG Multi-Chip Stand Alone "The LG OpenSSL Cryptographic Module is a software library that provides cryptographic functionality." |
2807 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Kazuhisa Kanazawa TEL: +81-45-890-2743 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (THNSB8 model) (Hardware Versions: A0 with THNSB8480PCSE, A0 with THNSB8800PCSE, A0 with THNSB8960PCSE, A0 with THNSB81Q60CSE, or A0 with THNSB81Q92CSE; Firmware Version: 8EEF7101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2016 | 12/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3899 and #3900); DRBG (Cert. #1127); HMAC (Certs. #2543 and #2625); RSA (Cert. #1998); SHS (Certs. #3213 and #3308) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2806 | KACST / Parsec An Nakhil Housing King Abdulaziz City for Science and Technology Riyadh, Riyadh 12371 Soudi Arabia Dr. Hatim M. Behairy TEL: +966-1-481-3549 FAX: +966-1-481-4572 Tobie van Loggerenberg TEL: +27-12-6789740 FAX: +27-12-6789741 CST Lab: NVLAP 100432-0 | HSID5000A (Hardware Version: HSID5000A; Firmware Version: v1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/13/2016 | 12/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3768 and #3961); DRBG (Cert. #1038); DSA (Cert. #1048); ECDSA (Cert. #811); HMAC (Cert. #2468); PBKDF (vendor affirmed); SHS (Cert. #3138); Triple-DES (Cert. #2096) -Other algorithms: Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RSA (non-compliant) Multi-Chip Stand Alone "The HSID5000A is a portable USB device that provides high security cryptographic functionality with secure storage for any personal computer. These cryptographic functions and storage allow the HSID5000A to be used in PKI environments with third party applications to securely login to domains, sign and verify emails and encrypt and decrypt files. The module supports a single user with access to the cryptographic functions and a cryptographic officer to enforce policy on the user. The module provides software interfaces as defined by the PKCS#11 standard and Microsoft CSP/KSP." |
2805 | Hospira, Inc. 275 North Field Drive Lake Forest, IL 60045 USA Chaitanya Srinivasamurthy TEL: 224-212-5715 FAX: 224-212-7910 Slawomir Ciapala TEL: 224-212-5545 FAX: 224-212-7910 CST Lab: NVLAP 100432-0 | Hospira CE3.0 OpenSSL Cryptographic Module (Software Version: 2.0.9) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/13/2016 | 12/12/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 2.3.7 running on Hospira Plum360 Infusion System with an i.MX53 Arm Cortex-A8 (single user mode) -FIPS Approved algorithms: AES (Cert. #3930); CVL (Cert. #781); DRBG (Cert. #1139); DSA (Cert. #1073); ECDSA (Cert. #860); HMAC (Cert. #2553); RSA (Cert. #2007); SHS (Cert. #3240); Triple-DES (Cert. #2157) -Other algorithms: EC Diffie-Hellman (CVL Cert. #781, key agreement, key establishment methodology provides between 112 and 256 bit of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG Multi-Chip Stand Alone "Hospira OpenSSL FIPS Object Module 2.0.9 is used within various Hospira Infusion Pumps for providing secure communication between Infusion pumps and external server." |
2804 | SafeLogic Inc. 530 Lytton Ave Suite 200 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 100432-0 | CryptoComply™ | Java (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/08/2016 | 12/7/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "CryptoComply™ | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
2803 | Acronis International GmbH Rheinweg 9 8200 Schaffhausen Switzerland Oleg Mikhalsky TEL: +7 (495) 648-14-27 FAX: +7 (495) 708-44-89 Anton Enakiev TEL: +7 (495) 648-14-27 FAX: +7 (495) 708-44-89 CST Lab: NVLAP 200968-0 | Acronis AnyData Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/06/2016 | 12/5/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on an Intel Core i5-5300U system with PAA Red Hat Enterprise Linux 7.1 running on an Intel Core i5-5300U system with PAA Windows 2008 R2 64bit running on an Intel Core i5-5300U system with PAA Windows 2012 R2 64bit running on an Intel Core i5-5300U system with PAA Acronis Virtual Appliance Linux 11.5 on vSphere 5.5 running on an Intel Core i5-5300U system with PAA Windows 7 Ultimate 64bit running on an Intel Core i5-5300U system with PAA Windows 8.1 Pro 64bit running on an Intel Core i5-5300U system with PAA Red Hat Enterprise Linux 6.6 running on an Intel Core i3-3217U system without PAA Red Hat Enterprise Linux 7.1 running on an Intel Core i3-3217U system without PAA Windows 2008 R2 64bit running on an Intel Core i3-3217U system without PAA Windows 7 Ultimate 32bit running on an Intel Core i3-3217U system without PAA Windows 2012 R2 64bit running on an Intel Core i3-3217U system without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3520 and #3521); CVL (Cert. #746); DRBG (Certs. #879 and #880); DSA (Cert. #1056); ECDSA (Cert. #838); HMAC (Cert. #2249); RSA (Cert. #1807); SHS (Cert. #2903); Triple-DES (Cert. #1977) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Acronis AnyData Cryptographic Library (AACL) is a cryptographic software module used in various Acronis products." |
2802 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Amir Shahhosseini TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | WildFire WF-500 (Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2016 | 12/4/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks" |
2801 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 100432-0 | Protiva™ PIV v2.0 using TOP DL v2 and TOP IL v2 (Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10) (When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1843.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/30/2016 | 11/29/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1973); CVL (Certs. #18, #217 and #224); ECDSA (Cert. #284); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
2800 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Palo Alto Networks VM-Series (Software Version: 7.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/30/2016 | 11/29/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): VMware ESXi 5.5 running on a Dell PowerEdge R730 CentOS 6.5 - KVM running on a Dell Power Edge R620 Citrix XenServer 6.1.0 running on a Citrix NetScaler SDX 11500 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4019); CVL (Certs. #843, #844, #845 and #846); DRBG (Cert. #1197); ECDSA (Cert. #895); HMAC (Cert. #2621); KAS (SP 800-56Arev2 with CVL Certs. #843 and #844, vendor affirmed); RSA (Cert. #2062); SHS (Cert. #3315) -Other algorithms: AES (Cert. #4019, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features." |
2799 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B, 910-000117-00A, 910-000137-00A, 910-000136-00A [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/28/2016 | 11/27/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
2798 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Jaroslav Reznik TEL: +420-532-294-645 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 with CPACF (Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: 4.0) (When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 11/23/2016 | 11/22/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3570, #3591, #3861, #3862 and #3863); DRBG (Certs. #916, #925, #1095, #1096 and #1097); HMAC (Certs. #2276 and #2508); RSA (Certs. #1838 and #1971); SHS (Certs. #2938 and #3183); Triple-DES (Certs. #1990, #2129 and #2130) -Other algorithms: DES; GHASH; PRNG; SHS (non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
2797 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-3060 and PA-7080 Firewalls (Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B, 910-000117-00A, 910-000136-00A, or 910-000137-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/22/2016 | 11/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures." |
2796 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive (Hardware Versions: ST4000NM0131 [1], ST4000NM0121 [2], ST900MP0126 [3,4,5,6,7,8], ST600MP0026 [9,10,11,12,13,14], ST900MP0166 [15,16,17,18], ST600MP0156 [19,20,21,22], ST10000NM0246 [23,24], ST10000NM0236 [25], ST1200MM0069 [26], ST2400MM0149 [27], ST1800MM0149 [27], ST1200MM0149 [27]; Firmware Versions: BE53[1], BE52[2], NF02[3,9], KSC4[4,10], KSC5[5,11], NF03[6,12], KSC6[7,13], KPC4[8,14], CF02[15,19], CFA2[16,20], CF03[17,21], KMT4[18,22], KF01[23], TF14[24], EF01[25], NF01[26] and CF01[27]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/22/2016 03/07/2017 06/22/2017 | 11/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947, #3759, #3760 and #3940); CVL (Certs. #828 and #852); DRBG (Cert. #1146); HMAC (Certs. #2565 and #2613); PBKDF (vendor affirmed); RSA (Certs. #2013 and #2056); SHS (Certs. #3250 and #3304) -Other algorithms: Diffie-Hellman (CVL Cert. #852, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided throug" |
2795 | STMicroelectronics Green Square Building B Lambroekstraat 5 Diegem/Machelen B-1831 Belgium Olivier COLLART TEL: +32 272 450 77 FAX: +32 272 451 43 Xavier BOUSSIN TEL: +33 223 470 695 FAX: +33 223 470 400 CST Lab: NVLAP 200002-0 | Trusted Platform Module ST33TPHF2ESPI (Hardware Versions: ST33HTPH2E28AHA5, ST33HTPH2E32AHA5, ST33HTPH2E28AAE5 and ST33HTPH2E32AAE5; Firmware Version: 47.08) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2016 | 11/14/2021 | Overall Level: 1 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4001); CVL (Cert. #829); DRBG (Cert. #1191); HMAC (Cert. #2614); KBKDF (Cert. #93); KTS (AES Cert. #4001 and HMAC Cert. #2614; key establishment methodology provides 128 bits of encryption strength); RSA (Cert. #2057); SHS (Certs. #3305 and #3306) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MGF1 Single Chip "ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification." |
2794 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2016 06/02/2017 | 11/14/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3977, #4003, #4004 and #4005); CVL (Cert. #807); DRBG (Cert. #1170); ECDSA (Cert. #876); HMAC (Cert. #2595); KAS (Cert. #81); RSA (Cert. #2039); SHS (Cert. #3282); Triple-DES (Cert. #2182) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN4010, CN4020 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is also equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms and GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC (Traffic Flow Security) which can be used to remove patterns in network traffic and prevent traffic analysis." |
2793 | Ultra Electronics AEP Knaves Beech Business Centre Loud Water High Wycombe Buckinghamshire HP10 9UT United Kingdom Rob Stubbs CST Lab: NVLAP 200556-0 | Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module (Hardware Version: 2870-G1; Firmware Versions: 2r3, 2r4, 3r2, 3r3, and 3r4) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2016 01/30/2017 07/11/2017 | 1/29/2022 | Overall Level: 4 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2684); DRBG (Certs. #434, #786, #1237, #1387, and #1501); DSA (Cert. #813); ECDSA (Cert. #470); HMAC (Certs. #1671, #2138, #2686, #2884, and #3004); RSA (Cert. #1384); SHS (Certs. #2255, #2782, #3384, #3581, and #3728); Triple-DES (Cert. #1610); Triple-DES MAC (Triple-DES Cert. #1610, vendor affirmed); -Other algorithms: AES (Cert. #2684, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); RIPEMD-160; RSA (non-compliant); SEED; SPKM KDF (non-compliant); XOR_BASE_AND_DATA (key derivation) Multi-Chip Embedded "The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications." |
2792 | Legion of the Bouncy Castle Inc. 85 The Crescent Ascot Vale, Victoria 3032 Australia David Hook TEL: +61438170390 Jon Eaves TEL: +61417502969 CST Lab: NVLAP 200928-0 | BC-FNA (Bouncy Castle FIPS .NET API) (Software Version: 1.0.1) (When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/14/2016 | 11/13/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Windows 7.0 SP1 on .NET framework 4.5.2 running on HP Zbook 14 G2 Windows 8.1 Pro on .NET framework 4.5.2 running on a HP Zbook 14 G2 Windows 10 Enterprise on .NET framework 4.6.1 running on a Lenovo Flex 3 Windows 10 Pro on .NET framework 4.6.1 running on an Asus T100HA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4015); CVL (Certs. #837, #838, #839 and #875); DRBG (Cert. #1194); DSA (Cert. #1087); ECDSA (Cert. #894); HMAC (Cert. #2618); KAS (Cert. #89); KAS (SP 800-56Arev2 with CVL Cert. #875, vendor affirmed); KTS (AES Cert. #4015; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2199; key establishment methodology provides 112 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #2059); SHA-3 (Cert. #5); SHS (Cert. #3312); Triple-DES (Cert. #2199) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256. Multi-Chip Stand Alone "The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well." |
2791 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) and ID Quantique SA 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN8000 Multi-slot Encryptor (Hardware Versions: A8003-01, A8003-02, A8003-03, A8003-04, A8003-05, A8003-06, A8003-07, A8003-08, A8003-09 and A8003-10; Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2016 06/02/2017 | 11/13/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3976, #4008, #4009 and #4010); CVL (Cert. #806); DRBG (Cert. #1169); ECDSA (Cert. #875); HMAC (Cert. #2594); KAS (Cert. #80); RSA (Cert. #2038); SHS (Cert. #3281); Triple-DES (Cert. #2181) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN8000 is a high-speed multi-slot hardware encryption platform that secures data over Ethernet and Fibre Channel networks. The CN8000 supports up to 10 high speed encryption slots. Each slot can be configured by the user to support 1-10Gb/s Ethernet or 1-4Gb/s Fibre Channel. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication." |
2790 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-5140B Chassis with FortiGate-5001D Blade (Hardware Version: Chassis: P09297-01; Blade: P1AB76; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build8892, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/08/2016 | 11/7/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
2789 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/08/2016 06/02/2017 | 11/7/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3347, #3978, #4006 and #4007); CVL (Cert. #808); DRBG (Cert. #1171); ECDSA (Cert. #877); HMAC (Cert. #2596); KAS (Cert. #82); RSA (Cert. #2040); SHS (Cert. #3283); Triple-DES (Cert. #2183) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN6000 Series are high-speed hardware encryption platforms that secure data over optical and twisted-pair Ethernet and Fibre Channel networks. Models included are the CN6100 10G Ethernet; operating at a line rate of 10Gb/s and the CN6040 Ethernet and FC selectable model, operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication. TRANSEC (aka Traffic Flow Security or TFS) can be used to remove patterns in network traffic and prevent traffic analysis." |
2788 | Check Point Software Technologies Ltd. 2101 Gaither Road Suite 350 Rockville, MD 20850 USA Malcom Levy TEL: +972-37534561 FAX: 732-416-1370 CST Lab: NVLAP 200427-0 | Check Point CryptoCore (Software Version: 4.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2016 | 11/6/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (User Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (User Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (Kernel Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (Kernel Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (User Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (User Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (Kernel Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (Kernel Space) (single-user mode) -FIPS Approved algorithms: AES (Cert. #4112); DRBG (Cert. #1238); HMAC (Cert. #2687); KTS (AES Cert. #4112; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2225); SHA-3 (Cert. #7); SHS (Cert. #3385); Triple-DES (Cert. #2247); Triple-DES MAC (Triple-DES Cert. #2247, vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5 Multi-Chip Stand Alone "Check Point CryptoCore is a 140-2 Level 1 cryptographic module for Windows 10 and macOS Sierra. The module provides cryptographic services accessible in kernel mode and user mode on the respective platforms through implementation of platform specific binaries." |
2787 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Amir Shahhosseini TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Panorama M-100 and M-500 (Hardware Versions: P/Ns 910-000030 Version 00D [1], 910-000092 Version 00D [1] and 910-000073 Version 00D [2]; FIPS Kit P/N 920-000140 Version 00A [1] and FIPS Kit P/N 920-000145 Version 00A [2]; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2016 11/14/2016 | 11/13/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "Panorama on the M-100 and M-500 provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. The M-500 provides an additional service, the PAN-DB private cloud, which is an on-premise solution suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service." |
2786 | Nokia Corporation 600 March Road Ottawa, ON K2K 2E6 Canada Carl Rajsic CST Lab: NVLAP 200556-0 | SR-OS Cryptographic Module (Firmware Version: 14.0R4) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 11/07/2016 | 11/6/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SR-OS on CPM-7950 XRS-20 CPM SR-OS on CPM-7950 XRS-16 CPM SR-OS on CPM-7750 SR CPM5 SR-OS on CFP-7750 SR-c12 CFM-XP-B SR-OS on CPM-7750 SR-a SR-OS on CPM-7750 SR-e -FIPS Approved algorithms: AES (Cert. #4011); CVL (Cert. #835); DRBG (Cert. #1193); DSA (Cert. #1086); ECDSA (Cert. #893); HMAC (Cert. #2616); RSA (Cert. #2058); SHS (Cert. #3309); Triple-DES (Cert. #2198) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it." |
2785 | Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 CST Lab: NVLAP 100432-0 | Protiva PIV Applet v1.55 on Protiva TOP DM Card (Hardware Versions: GCX4-M2569420 [1, 2], GXP4-M2569430 [3, 4], GCX4-M2569422 [1, 2], GCX4-A1004155 [1, 2] and GCX4-A1026517 [1, 2]; Firmware Versions: GCX4-FIPS EI07 (MPH051) [1], GCX4-FIPS EI08 [2], GXP4-FIPS EI07 (MPH052) [3] and GXP4-FIPS EI08 [4]; Applet Version: Protiva PIV Applet v1.55) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #691.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2016 | 11/6/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #355); CVL (Cert. #205); RSA (Cert. #119); SHS (Cert. #427); Triple-DES (Cert. #412); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, N" |
2784 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-30D/60D/92D, FortiWiFi-60D and FortiGateRugged-60D (Hardware Versions: C1AA93, C1AB28, C1AC34, C1AB32, and C1AB57 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718,160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3965); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2583); RSA (Certs. #2024 and #2025); SHS (Certs. #3267, #3268 and #3269); Triple-DES (Certs. #2172, #2173 and 2174) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CCM (non-compliant); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
2783 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1000D/1500D (Hardware Versions: C1AB95 and C1AA64 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
2782 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-3700D/3815D (Hardware Versions: C1AA92 and C1AE66 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
2781 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-100D/200D/300D/500D (Hardware Versions: C4LL40, C4KV72, C1AB49 and C1AB51 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
2780 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Jaroslav Reznik TEL: +420-532-294-645 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux GnuTLS Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/31/2016 | 10/30/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM z13 Red Hat Enterprise Linux 7.1 running on IBM Power System S814 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3613, #3614, #3615, #3616, #3617, #3618 and #3619); CVL (Certs. #632, #633, #634, #635, #636, #637, #638, #639, #640 and #641); DRBG (Certs. #943, #944, #945, #946, #947, #948 and #949); DSA (Certs. #1008, #1009, #1010, #1011 and #1012); ECDSA (Certs. #745, #746, #747, #748 and #749); HMAC (Certs. #2320, #2321, #2322, #2323 and #2324); RSA (Certs. #1860, #1861, #1862, #1863 and #1864); SHS (Certs. #2986, #2987, #2988, #2989 and #2990); Triple-DES (Certs. #2013, #2014, #2015, #2016 and #2017) -Other algorithms: Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST128; DES; GOST Hash; MD2; MD4; MD5; PBKDFv2 (RFC2898); PRNG; RC2; RC4; RIPEMD160; Salsa20; Serpent; SHA-3 (non-compliant); Twofish; UMAC Multi-Chip Stand Alone "GnuTLS is a secure communications library implementing the SSH, TLS, and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PCKS#12, and other required structures which is shipped with Red Hat Enterprise Linux 7.1." |
2779 | DocuSign, Inc. 221 Main St. Suite 1000 San Francisco, CA 94105 USA Ezer Farhi TEL: 972-3-9279529 FAX: 972-3-9230864 CST Lab: NVLAP 200002-0 | DocuSign Signature Appliance (Hardware Version: 8.0; Firmware Version: 8.1) (When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2016 | 10/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #787); DRBG (Certs. #98 and #1203); HMAC (Certs. #2564 and #2629); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2068); SHS (Certs. #1465, #3249 and #3324); Triple-DES (Certs. #2161 and #2206); Triple-DES MAC (Triple-DES Cert. #2206, vendor affirmed) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data." |
2778 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder FIPS Java Module (Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/24/2016 | 10/23/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1] Solaris 10 64-bit [1] Red Hat Linux AS 5.5 32-bit [1] Red Hat Linux AS 5.5 64-bit [1] Windows Vista 32-bit [1] Windows Vista 64-bit [1] Windows 2008 Server 64-bit [1] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG Multi-Chip Stand Alone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
2777 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/21/2016 | 10/20/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1] Solaris 10 64-bit [1] Red Hat Linux AS 5.5 32-bit [1] Red Hat Linux AS 5.5 64-bit [1] Windows Vista 32-bit [1] Windows Vista 64-bit [1] Windows 2008 Server 64-bit [1] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG Multi-Chip Stand Alone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry products such as the BlackBerry PlayBook Administration Service, and other BlackBerry products." |
2776 | Fuji Xerox Co., Ltd. 6-1, Minatomirai, Nishi-ku Yokohama-Shi, Kanagawa 220-8668 Japan Yoshinori Ando TEL: +81-45-755-5504 CST Lab: NVLAP 100432-0 | FX Cryptographic Kernel Module (Software Version: 1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/21/2016 | 10/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): WindRiver® Linux 6 running on Raspberry Pi 1 Model B (single-user mode) -FIPS Approved algorithms: AES (Cert. #3952); DRBG (Cert. #1190); HMAC (Cert. #2574); SHS (Cert. #3260); Triple-DES (Cert. #2165) -Other algorithms: N/A Multi-Chip Stand Alone "The FX Cryptographic Kernel Module is a kernel module which operates as callback functions of WindRiver® Linux CryptoAPI." |
2775 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Cloud Services Router 1000 Virtual (Software Version: 3.16) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/20/2016 | 10/19/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120S M2 IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120E 208 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3989); CVL (Cert. #830); DRBG (Cert. #1181); ECDSA (Cert. #885); HMAC (Cert. #2604); KBKDF (Cert. #94); RSA (Cert. #2047); SHS (Cert. #3293); Triple-DES (Cert. #2189) -Other algorithms: Diffie-Hellman (CVL Cert. #830, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The Cisco® Cloud Services Router 1000V (CSR 1000V) is a virtual form-factor router that delivers comprehensive WAN gateway and network services functions into virtual and cloud environments. Using familiar, industry-leading Cisco IOS® XE Software networking capabilities, the CSR 1000V enables enterprises to transparently extend their WANs into provider-hosted clouds" |
2774 | Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101 CST Lab: NVLAP 100432-0 | SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1085.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2016 | 10/18/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2" |
2773 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 CST Lab: NVLAP 100432-0 | Protiva PIV Applet v1.55 on Protiva TOP DL Card (Hardware Versions: A1005291- CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 -CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Version: Protiva PIV Applet v1.55) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1044.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2016 | 10/18/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255." |
2772 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | Rosetta microSDHC™ (Hardware Versions: 851314011F, 851314012F and 851314013F; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/18/2016 | 10/17/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3028); CVL (Cert. #419); DRBG (Cert. #658); ECDSA (Cert. #578); HMAC (Cert. #1913); KAS (Cert. #52); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1611); SHS (Cert. #2529); Triple-DES (Cert. #1772) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "The Rosetta microSDHC™ is a hardware encryption engine available in a microSD embodiment supporting Suite B functionality that is ideal for embedded, Internet of Things, and secure flash storage applications." |
2771 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 4506-E with Supervisor Card (WS-X45-SUP8-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP8-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/17/2016 | 10/16/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2057 and #4018); CVL (Cert. #841); DRBG (Cert. #1196); HMAC (Cert. #2620); KBKDF (Cert. #96); RSA (Cert. #2061); SHS (Cert. #3314); Triple-DES (Cert. #2200) -Other algorithms: AES (Cert. #4018, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev." |
2770 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade VDX 6740, VDX 6740T, VDX 6940 and VDX 8770 Switches (Hardware Versions: {[BR-VDX6740-24-F (80-1007295-01), BR-VDX6740-24-R (80-1007294-01), BR-VDX6740-48-F (80-1007483-01), BR-VDX6740-48-R (80-1007481-01), BR-VDX6740-64-F (80-1007520-01) and BR-VDX6740-64-R (80-1007521-01)], [BR-VDX6740T-24-F (80-1007273-01), BR-VDX6740T-24-R (80-1007274-01), BR-VDX6740T-48-F (80-1007485-01), BR-VDX6740T-48-R (80-1007487-01), BR-VDX6740T-64-F (80-1007522-01), BR-VDX6740T-64-R (80-1007523-01), BR-VDX6740T-56-1G-R (80-1007863-03) and BR-VDX6740T-56-1G-F (80-1007864-03)], [BR-VDX6940-24Q-AC-F (80-1008854-01), BR-VDX6940-24Q-AC-R (80-1008855-01), BR-VDX6940-36Q-AC-F (80-1008851-01), BR-VDX6940-36Q-AC-R (80-1008850-01), BR-VDX6940-64S-AC-F (80-1008529-01), BR-VDX6940-64S-AC-R (80-1008526-01), BR-VDX6940-96S-AC-F (80-1008530-01), BR-VDX6940-96S-AC-R (80-1008527-01), BR-VDX6940-144S-AC-F (80-1008531-01), BR-VDX6940-144S-AC-R (80-1008528-01)], [BR-VDX8770-4-BND-AC (80-1005850-02), BR-VDX8770-4-BND-DC (80-1006532-03), BR-VDX8770-8-BND-AC (80-1005905-02) and BR-VDX8770-8-BND-DC (80-1006533-03)] with FRUs (80-1006430-01, 80-1006295-01, 80-1006294-02, 80-1006293-02, 80-1006048-02, 80-1006431-01, 80-1006429-01)} with FIPS Kit P/N Brocade XBR-000195 (80-1002006-02); Firmware Version: Network OS (NOS) v6.0.2 P/N: 63-1001691-01) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 2, 3, 4 and 5 as defined in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/17/2016 | 10/16/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3544); CVL (Certs. #600 and #601); DRBG (Cert. #901); ECDSA (Cert. #722); HMAC (Cert. #2264); RSA (Cert. #1826); SHS (Cert. #2924); Triple-DES (Cert. #1985) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #600, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; CAST5; DES; DES3; DESX; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); MD2; MD4; RC2; RC4; RMD160; SNMPv3 KDF (non-compliant); UMAC-64 Multi-Chip Stand Alone "The Brocade VDX 6740 and VDX 6740T are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for Top of the Rack (TOR) fabric deployments. The Brocade VDX 6940 switches are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for high density 10GbE switch for the TOR or Middle of the Row (MOR) or for End of the Row (EOR) configurations. The Brocade VDX 8770 Switch is designed to scale out Brocade VCS Fabrics (VCS) and support complex environments with dense virtualization and dynamic automation requirements." |
2769 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type C (Hardware Version: A0 with PX04SMQ080B or PX04SMQ160B; Firmware Version: AR02) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/13/2016 | 10/12/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2768 | Legion of the Bouncy Castle Inc. 85 The Crescent Ascot Vale, Victoria 3032 Australia David Hook TEL: +61438170390 FAX: n/a Jon Eaves TEL: +61417502969 FAX: n/a CST Lab: NVLAP 100432-0 | BC-FJA (Bouncy Castle FIPS Java API) (Software Version: 1.0.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/12/2016 | 10/11/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHS (Cert. #3126); SHA-3 (Cert. #3); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well." |
2767 | Kaspersky Lab UK Ltd. 1st Floor, 2 Kingdom Street Paddington, London, W2 6BD United Kingdom Oleg Andrianov TEL: +7 495 797 8700 CST Lab: NVLAP 200968-0 | Kaspersky Cryptographic Module (Kernel Mode) (Software Version: 3.0.1.25) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2016 | 10/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA Windows 10 Enterprise 64 bit running on an Intel® Core™ i7-4600U CPU @ 2.10GHz system with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2956 and #2957); DRBG (Certs. #557, #558 and #892); HMAC (Certs. #1875 and #1876); PBKDF (vendor affirmed); RSA (Certs. #1555 and #1556); SHA-3 (vendor affirmed); SHS (Certs. #2488 and #2489) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Kaspersky Cryptographic Module (Kernel Mode) is a Windows kernel driver that provides cryptographic services for various Kaspersky Lab applications." |
2766 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Version: MZILS3T8HCJM-000G6; Firmware Versions: NA02 and NA04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2016 03/07/2017 | 10/10/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3213); DRBG (Cert. #121); ECDSA (Cert. #595); SHS (Cert. #2660) -Other algorithms: NDRNG Multi-Chip Stand Alone "Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase." |
2765 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiOS 5.2 (Firmware Versions: 5.2.7, build0718,160328) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 10/07/2016 | 10/6/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): FortiGate-300D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Certs. #3963 and #3964); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581 and #2582); RSA (Cert. #2024); SHS (Certs. #3267 and #3268); Triple-DES (Certs. #2172 and #2173) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
2764 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA CST Lab: NVLAP 100432-0 | nShield Remote Administration Token (Hardware Version: NXP P60D144; Firmware Version: Athena IDProtect 0501.5175.0001 with Authentication Token Applet 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/06/2016 | 10/5/2021 | Overall Level: 3 -Physical Security: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3780); CVL (Cert. #721); DRBG (Cert. #1046); ECDSA (Cert. #815); KBKDF (Cert. #82); KTS (AES Cert. #3780; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1948); SHS (Cert. #3147) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); NDRNG Single Chip "The nShield Remote Administration Token is a single chip smart card micro-controller implementing the Global Platform operational environment, with Card Manager and the Authentication Token Applet. It implements the Remote Administration Card which enables the remote administration of Thales nShield Hardware Security Modules." |
2763 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA John Monti TEL: 845-435-4164 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 2 Release 1 ICSF PKCS #11 Cryptographic Module (Hardware Versions: COP chips integrated within processor unit [1] and P/N 00LV487 [2]; Firmware Versions: Feature 3863 (aka FC3863) with System Driver Level 22H [1] and CCA 5.2.27z RC30 [2]; Software Version: OA50113) (When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 10/06/2016 | 10/5/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3958 and #4036); CVL (Certs. #882 and #883); DRBG (Certs. #1206 and #1212); DSA (Certs. #1092 and #1097); ECDSA (Cert. #901); HMAC (Cert. #2633); RSA (Certs. #2070 and #2088); SHS (Certs. #3196 and #3327); Triple-DES (Cert. #2214) -Other algorithms: AES (Cert. #3958, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #2214, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (encrypt/decrypt) Multi-Chip Stand Alone "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services." |
2762 | VT iDirect, Inc. 13861 Sunrise Valley Drive, Suite 300 Herndon, VA 20171 USA Chris Gormont TEL: 703.880.6257 CST Lab: NVLAP 200556-0 | Evolution e8350-FIPSL2 Satellite Router Board [1], iConnex e800-FIPSL2 Satellite Router Board [2], iConnex e850MP-FIPSL2 Satellite Router Board [3], Evolution eM1D1-FIPSL2 Line Card [4], and Evolution eM0DM-FIPSL2 Line Card [5] (Hardware Versions: E0000051-0005 [1], E0001340-0001 [2], E0000731-0004 [3], E0001306-0001 [4], and E0001306-0002 [5]; Firmware Version: iDX 3.3.2.5; iDX 3.4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/03/2016 06/17/2017 | 10/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3548, #3549, #3603 and #3623); CVL (Cert. #606); DRBG (Cert. #904); HMAC (Cert. #2267); RSA (Cert. #1828); SHS (Cert. #2927) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryptionstrength); PBKDF (non-compliant); NDRNG Multi-Chip Embedded "iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical." |
2761 | Ionic Security Inc. 1170 Peachtree Street NE Suite 400 Atlanta, GA 30309 USA Ionic Support TEL: 404-736-6000 Nicholas Smith TEL: 404-736-6000 CST Lab: NVLAP 200928-0 | FIPS Crypto Module (Software Version: 1.1) (When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/27/2016 | 9/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 SP1 running on a Hewlett-Packard (HP) Z230 desktop CentOS 7.1 running on an Intel Server System R1304GZ4GC (single-user mode) -FIPS Approved algorithms: AES (Cert. #3772); DRBG (Cert. #1042); HMAC (Certs. #2472 and #2520); PBKDF (vendor affirmed); RSA (Cert. #1942); SHS (Certs. #3142 and #3200) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Ionic Security’s Fusion Platform implements the FIPS Crypto Module for all cryptographic functions such as key pair generation, digital signature generation/ and verification, encryption and decryption, hashing functions, and message authentication." |
2760 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Mondher Razouane TEL: +1(916)785-1894 FAX: +1(916)209-9495 Kris Meert TEL: +34-960-022029 FAX: +1(916)209-9495 CST Lab: NVLAP 200835-0 | HPE XP7 Encryption Ready Disk Adapter (eDKA) (Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/27/2016 08/01/2017 | 9/26/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775); KTS (AES Cert. #3341) -Other algorithms: N/A Multi-Chip Embedded "The HPE XP7 Encryption Ready Disk Adapter (eDKA) provides high speed data at rest encryption for HPE storage." |
2759 | Utimaco IS GmbH Germanusstraße 4 52080 Aachen Germany Dr. Gesa Ott TEL: ++49 241-1696-200 FAX: ++49 241-1696-190 CST Lab: NVLAP 100432-0 | CryptoServer CSe (Hardware Version: P/N CryptoServer CSe Version 4.00.4.2; Firmware Version: Firmware Package Version 4.0.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/26/2016 10/03/2016 | 10/2/2021 | Overall Level: 3 -Physical Security: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3589); CVL (Cert. #613); DRBG (Cert. #1089); DSA (Cert. #997); ECDSA (Cert. #730); HMAC (Cert. #2289); RSA (Cert. #1845); SHS (Certs. #2951, #2954 and #3168); Triple-DES (Cert. #1998); Triple-DES MAC (Triple-DES Cert. #1998, vendor affirmed) -Other algorithms: AES (Cert. #3589, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #613, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Triple-DES (Cert. #1998, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (AES Cert. #3589; non-compliant); DES; ECIES; KDF (non-compliant); Retail-Triple-DES MAC; RIPEMD-160; RSA (encrypt/decrypt); MD5; MDC-2 Multi-Chip Embedded "CryptoServer CSe is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions." |
2758 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiKey PKI Token (Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.1) (With tamper evident seals as indicated in the Security Policy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #833); DRBG (Cert. #1172); ECDSA (Cert. #878); KTS (Triple-DES Cert. #2184); RSA (Cert. #2041); SHS (Cert. #3284); Triple-DES (Cert. #2184) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards." |
2757 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Navtanay Sinha TEL: 408-986-4112 Mayank Vasa TEL: 408-980-4978 CST Lab: NVLAP 200427-0 | EMC Data Domain Crypto-C Micro Edition (Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; Dual EC DRBG; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD4; MD5; NDRNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); PRNG; RC2; RC4; RC5 Multi-Chip Stand Alone "Data encryption module used for encrypting and decrypting all stored user data." |
2756 | iboss, Inc. 4110 Campus Point San Diego, CA 92121 USA Chris Park TEL: 858-568-7051 ext 7806 FAX: 858-225-6158 Peter Martini TEL: 858-568-7051 FAX: 858-225-6158 CST Lab: NVLAP 100432-0 | FireSphere 7960 (Hardware Version: FireSphere 7960_FIPS; Firmware Version: 8.2.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time." |
2755 | iboss, Inc. 4110 Campus Point San Diego, CA 92121 USA Chris Park TEL: 858-568-7051 ext 7806 FAX: 858-225-6158 Peter Martini TEL: 858-568-7051 FAX: 858-225-6158 CST Lab: NVLAP 100432-0 | FireSphere 14600 (Hardware Version: FireSphere 14600_FIPS; Firmware Version: 8.2.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time." |
2754 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 Canada Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie IMB-S2 4K Integrated Media Block (IMB) (Hardware Version: 000-102675-03; Firmware Versions: 1.7.0-4209 and 2.0.0-4398) (When operated in FIPS mode. The protocol TLS KDF shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2016 | 9/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: RSA (Cert. #1062); SHS (Cert. #1788) -Other algorithms: AES (non-compliant); HMAC (non-compliant); MD5; NDRNG; PRNG; TI ECDH; TLS KDF (non-compliant) Multi-Chip Embedded "The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material." |
2753 | DataLocker Inc. 7007 College Blvd., Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 100432-0 | Sentry 3 FIPS Series USB Flash Drive (Hardware Versions: SENTRY04F, SENTRY08F, SENTRY16F, SENTRY32F and SENTRY64F; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/21/2016 12/01/2016 | 11/30/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Sentry 3 FIPS is a Secure USB 3.0 flash drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to sensitive data and critical applications. The Sentry 3 FIPS allows enterprise class device management features like policy updates, password recovery and remote kill features." |
2752 | Cambium Networks, Ltd. Unit B2, Linhay Business Park, Eastern Road Ashburton TQ13 7UP UK Allen Yu TEL: 847-640-3650 FAX: 847-439-6343 CST Lab: NVLAP 201029-0 | PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G and PTP 820GX. (Hardware Versions: PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G, PTP 820GX, PTP820 TCC-B-MC: N000082H001, PTP820 TCC-B2: N000082H002, PTP820 TCC-B2-XG-MC: N000082H003, PTP820 RMC-B: N000082H004; Firmware Version: PTP820 Release 8.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/21/2016 | 9/20/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4014 and #4017); CVL (Cert. #840); DRBG (Cert. #1195); HMAC (Cert. #2619); KTS (AES Cert. #4017 and HMAC Cert. #2619; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #2060); SHS (Certs. #3313) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 128 and 256-bits bits of encryption strength); NDRNG; CRC7; CRC16; CRC32; DES; DSA (non-compliant); ECDSA (non-compliant); MD5; RC5 Multi-Chip Stand Alone "PTP 820 is a Point-to-Point wireless broadband solution for mission-critical communications in government, industrial and public safety spaces. Integrated with leading networking functionality with the industry most advanced microwave technologies, the platform creates a superior transport solution." |
2751 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series 2600, 3600, 4600, 5600 (Hardware Versions: P/Ns 101-500362-63 Rev. A (NSA 2600), 101-500338-64 Rev. A (NSA 3600), 101-500365-64 Rev. A (NSA 4600), 101-500360-65 Rev. A (NSA 5600); Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Enterprise-class security and performance made afordable for small- to medium-sized business. The NSA Series offers industry leading next-generation firewall protection, performance, and scalability. A suite of tools, including intrusion prevention, gateway anti-virus, and anti-spyware plus application intelligence and control, offer granular control through application blocking, bandwidth management and more." |
2750 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600 (Hardware Versions: P/Ns 101-500380-71 Rev. A (SM 9600), 101-500361-70 Rev. A (SM 9400), 101-500363-70 Rev. A (SM 9200), 101-500364-66 Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance." |
2749 | SonicWall, Inc. 5455 Great America Pkwy Santa Clara, CA 95054 USA Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL TZ Series TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W and TZ 600 (Hardware Versions: P/Ns 101-500403-56 Rev. A, 101-500404-55 Rev. A, 101-500405-56 Rev. A, 101-500406-55 Rev. A, 101-500411-57 Rev. A, 101-500412-56 Rev. A and 101-500413-57 Rev. A; Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Deliver full-featured security that combines intrusion prevention, gateway anti-virus, anti-spyware, content filtering and anti-spam services, with intuitive, easy-to-use SonicWall TZ Series firewalls." |
2748 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 4506-E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP7-E or WS-X45-SUP7L-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/16/2016 | 9/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2057 and #2624); CVL (Cert. #877); DRBG (Cert. #403); HMAC (Cert. #1622); KBKDF (Cert. #98); RSA (Certs. #1339, #1341 and #2083); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575) -Other algorithms: AES (Cert. #2624, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev." |
2747 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 Arnaud LOTIGIER TEL: +33 442366074 FAX: +33 442365545 CST Lab: NVLAP 100432-0 | IDPrime MD 830-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet version V4.3.5.D and MSPNP Applet V1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/16/2016 | 9/15/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100) -Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; non-compliant less than 112 bits of encryption strength) Single Chip "IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
2746 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 JungHa Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200997-0 | Samsung BoringSSL Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/16/2016 09/29/2016 | 9/28/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4 Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4 Android 6.0.1 with processor EXYNOS5433 running on Samsung Galaxy Note 4, Android 6.0.1 with processor EXYNOS3475 running on Samsung Galaxy J3 Android 6.0.1 with processor Qualcomm MSM8916 running on Samsung Galaxy J3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3917); CVL (Certs. #777, #784 and #802); DRBG (Cert. #1132); DSA (Cert. #1071); ECDSA (Cert. #857); HMAC (Cert. #2545); KTS (AES Cert. #3917); RSA (Cert. #2000); SHS (Cert. #3227) -Other algorithms: Diffie-Hellman (CVL Cert. #802, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #777, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data." |
2745 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Aironet 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points (Hardware Versions: 1532e[5], 1532i[5], 1552e[2], 1552i[2], 1572[4], 1602e[3], 1602i[3], 1702[4], 2602e[4], 2602i[4], 2702e[4], 2702i[4], 3502e[2], 3502i[2], 3602e[4], 3602i[4], 3602p[4], 3702e[4], 3702i[4], 3702p[4], 3602e[1,4], 3602i[1,4], 3602p[1,4], 3702e[1,4], 3702i[1,4] and 3702p[1,4] with AIR-RM3000M[1], Marvell 88W8364[2], Marvell 88W8763C[3], Marvell 88W8764C[4] and Qualcomm Atheros AES-128w10i[5]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 MR3 with IC2M v2.0) (The tamper evident seals installed as indicated in the Security Policy. This validation entry is a non-security relevant modification to Cert. #2421) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/15/2016 03/09/2017 03/22/2017 | 9/14/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2334, #2335, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441) -Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant) Multi-Chip Stand Alone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
2744 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Abraham Joseph Kang TEL: 408-324-3678 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200968-0 | Samsung SCrypto (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2016 | 9/12/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): QSEE 2.0 running on Qualcomm MSM8974 QSEE 4.0 running on Qualcomm MSM8996 MOBICORE Tbase 300 running on Samsung Electronics Exynos 5422 MOBICORE Tbase 302A running on Samsung Electronics Exynos 7420 MOBICORE Tbase 310B running on Samsung Electronics Exynos 8890 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3163, #3174, #3175, #3339, #3887 and #3888); CVL (Certs. #411, #433, #492, #752 and #753); DRBG (Certs. #656, #659, #781, #1111 and #1112); DSA (Certs. #912, #913, #947, #1057 and #1058); ECDSA (Certs. #577, #579, #662, #842 and #843); HMAC (Certs. #1991, #2002, #2129, #2525 and #2526); RSA (Certs. #1610, #1612, #1714, #1981 and #1982); SHS (Certs. #2616, #2627, #2773, #3207 and #3208); Triple-DES (Certs. #1801, #1811, #1908, #2135 and #2136) -Other algorithms: EC Diffie-Hellman; NDRNG; RNG; RSA (encrypt/decrypt) Multi-Chip Stand Alone "SCrypto is secure library which is used to provide a standardized common cryptographic API to trusted applications for the secure world/TEE environment." |
2743 | Chunghwa Telecom Co., Ltd. and Oberthur Technologies No. 99, Dianyan Road Yang-Mei District Taoyuan City 326 Taiwan Yeou-Fuh Kuan TEL: +886 3 424 4333 FAX: +886 3 424 4129 Jean-Michel Esteban TEL: +33 1 78 14 72 90 CST Lab: NVLAP 100432-0 | HiCOS PKI Applet and Taiwan eID Applet on Oberthur Technologies ID-One Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371') Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/13/2016 | 9/12/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2910 and 2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KBKDF (Cert. #33); KTS (AES Cert. #2910 and AES Cert. #2911; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG Single Chip "The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services. Taiwan eID Applet is a Javacard applet that stores personal information related to the card holder and supports the authentication mechanisms described in ICAO and EAC specifications with a fully configurable access control management over the Data Groups (DG)." |
2742 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 (Software Version: 4.0) (When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/12/2016 | 9/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A (single-user mode) -FIPS Approved algorithms: AES (Certs. #3567, #3568, #3569, #3571, #3572, #3573, #3574, #3575, #3590 and #3592); DRBG (Certs. #911, #912, #913, #914, #915, #917, #924 and #926); HMAC (Certs. #2273, #2274, #2275 and #2277); RSA (Certs. #1835, #1836, #1837 and #1839); SHS (Certs. #2935, #2936, #2937 and #2939); Triple-DES (Certs. #1988 and #1989) -Other algorithms: DES; PRNG; SHS (non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
2741 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security Modular Extensible Security Architecture (Software Versions: 5.3.1 and 5.3.3) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/08/2016 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): RHEL 6.3 Linux on VMware ESXi 5.5 (single-user mode) running on IBM X3550 M2 with Intel Xeon E5530 (2x) processor -FIPS Approved algorithms: AES (Certs. #3578 and #3579); CVL (Cert. #748); DRBG (Certs. #918 and #919); ECDSA (Certs. #726 and #727); HMAC (Certs. #2278 and #2279); RSA (Certs. #1840 and #1841); SHS (Certs. #2940 and #2941); Triple-DES (Certs. #1991 and #1992) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #748, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "IBM MESA (Modular Extensible Security Architecture) is an appliance framework hosting applications in a secure environment and providing all cryptographic or other security-relevant functions to the application. For example: IBM XGS-virtual is a specific application instance hosted in this fashion." |
2740 | Rajant Corporation 400 East King Street Malvern, PA 19355 USA Marty Lamb TEL: (484) 595-0233 FAX: (484) 595-0244 CST Lab: NVLAP 200416-0 | Rajant BreadCrumb ME4-2409 (Hardware Version: ME4-2409 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2016 | 9/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3445); CVL (Certs. #531 and #539); DRBG (Cert. #842); HMAC (Cert. #2194); KBKDF (Cert. #64); RSA (Cert. #1765); SHS (Cert. #2845) -Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-Chip Stand Alone "The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices." |
2739 | Rajant Corporation 400 East King Street Malvern, PA 19355 USA Marty Lamb TEL: (484) 595-0233 FAX: (484) 595-0244 CST Lab: NVLAP 200416-0 | Rajant BreadCrumb LX4-2495 and LX4-2954 (Hardware Versions: LX4-2495, LX4-2954 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2016 | 9/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3444); CVL (Certs. #529 and #538); DRBG (Cert. #841); HMAC (Cert. #2193); KBKDF (Cert. #61); RSA (Cert. #1764); SHS (Cert. #2844) -Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-Chip Stand Alone "The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices." |
2738 | APCON, Inc. 9255 SW Pioneer Court Wilsonville, OR 97070 USA Gerry Murphy TEL: 503-682-4050 FAX: 503-682-4059 CST Lab: NVLAP 100432-0 | ACI-3002-S Controller (Hardware Versions: P/N ACI-3002-S, Version 1.0; Firmware Version: 5.07.1 build 106) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/07/2016 | 9/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3866); CVL (Cert. #743); DRBG (Cert. #1100); HMAC (Cert. #2510); KTS (AES Cert. #3866 and HMAC Cert. #2510; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1974); SHS (Cert. #3186) -Other algorithms: ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Embedded "The ACI-3002-S is a Linux based control module designed to manage and control APCON's XR series product family while operating in FIPS-140-2 compliant mode." |
2737 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Sandra Hernandez TEL: 512-286-5624 Marie Fraser TEL: +353 21 7306043 CST Lab: NVLAP 200416-0 | IBM® Security QRadar® SIEM (Hardware Versions: 7.2 with FIPS Replacement Labels (Part Number: 00FK877) and FIPS Replacement Baffles (Part Number: 5YKKK); Firmware Version: 7.2) (When installed, initialized and configured as specified in the Security Policy Section 3. The tamper evident seals and baffles installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/02/2016 | 9/1/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3509); CVL (Cert. #577); DRBG (Cert. #876); HMAC (Cert. #2242); RSA (Cert. #1804); SHS (Cert. #2894); Triple-DES (Cert. #1973) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "IBM® Security QRadar® FIPS Appliance consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. The IBM Security QRadar FIPS Appliance provides a secure platform that meets FIPS 140-2 Level 2 requirements while allowing organizations to meet current and emerging compliance mandates." |
2736 | Tanium, Inc. 2200 Powell Street 6th Floor Emeryville, CA 94608 USA Jason Mealins TEL: 415-644-8134 CST Lab: NVLAP 200556-0 | Tanium Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy. When operating with the BCRYPTPRIMITIVES.DLL module validated to FIPS 140-2 under Certificates #1329, #1336, and #1892 operating in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/02/2016 | 9/1/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 (32-bit) running on a Dell PowerEdge R430 Microsoft Windows 7 (64-bit) running on a Dell PowerEdge R430 Microsoft Windows Server 2008 R2 (64-bit) running on a Dell PowerEdge R430 Microsoft Windows Server 2012 (64-bit) running on a Dell PowerEdge R430 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3876); CVL (Certs. #744 and #745); DRBG (Cert. #1105); ECDSA (Cert. #836); HMAC (Cert. #2519); SHS (Cert. #3197) -Other algorithms: NDRNG Multi-Chip Stand Alone "The Tanium Cryptographic Module underpins Tanium's security management platform. Tanium's platform is a security and configuration management solution that provides instant visibility and allows enterprises to collect data and update machines in any-sized network, in seconds. Tanium's platform is able to query information from hundreds of thousands of machines in seconds because of its intelligent peer-to-peer communication model. This speed means that information is current and accurate when assessing a security threat or vulnerability." |
2735 | Vormetric, Inc. 2860 Junction Ave San Jose, CA 95134 USA Peter Tsai TEL: (669) 770-6927 FAX: (408) 844-8638 Steve He TEL: (669) 770-6852 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Data Security Manager Virtual Appliance Module (Software Version: 5.3.0) (When operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/02/2016 | 9/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Centos 5.11 (64-bit) on VMware ESXi 5.5.0 running on a Supermicro X9DAX (single-user mode) -FIPS Approved algorithms: AES (Certs. #3588 and #3621); CVL (Certs. #612 and #643); DRBG (Cert. #951); ECDSA (Cert. #751); HMAC (Certs. #2287, #2288 and #2375); KTS (AES Cert. #3621 and HMAC Cert. #2375; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1866); SHS (Certs. #2949, #2950 and #3041) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Aria; SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Vormetric Data Security Virtual Appliance Module is a multi-chip standalone cryptographic module. The Vormetric Data Security Virtual Appliance Module is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module." |
2734 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-936-2247 Lakshman Garikapaty TEL: 978-589-0370 CST Lab: NVLAP 100432-0 | Juniper Networks LN1000 Mobile Secure Router (Hardware Versions: P/Ns LN1000-V, JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/02/2016 | 9/1/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3660); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1030); ECDSA (Certs. #758 and #767); HMAC (Certs. #2400, #2406 and #2410); RSA (Certs. #1885 and #1893); SHS (Certs. #3068, #3074 and #3078); Triple-DES (Certs. #2035, #2036 and #2042) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2410); NDRNG; ARCFOUR; BLOWFISH; CAST128; DES; DSA (Non-Compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC Multi-Chip Embedded "The Juniper Networks LN1000 Mobile Secure Router is a secure router that provides essential capabilities to connect, secure, and manage work force locations sized from handfuls to hundreds of users. The LN1000 provides high-performance network routing, next-generation firewall and intrusion prevention system (IPS) capabilities, and unified threat management in a standard VPX form factor." |
2733 | Cavium Inc. 2315 N 1st Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 FAX: n/a Tejinder Singh TEL: 408=943-7403 FAX: n/a CST Lab: NVLAP 100432-0 | NITROXIII CNN35XX-NFBE HSM Family (Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Version: CNN35XX-NFBE-FW-1.1 build 01) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/01/2016 | 8/31/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE Multi-Chip Embedded "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers." |
2732 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-7689 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar He10 TCG Enterprise HDD (Hardware Versions: P/Ns HUH721010AL5205 (0001), HUH721010AL4205 (0001), HUH721008AL5205 (0001) and HUH721008AL4205 (0001); Firmware Versions: R308, R328, R32A, R32G, R384, NA00, NA01, NE00 or LM10) (When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/01/2016 09/07/2016 11/17/2016 12/09/2016 02/14/2017 02/22/2017 06/02/2017 | 12/8/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3880 and #3881); RSA (Cert. #1978); SHS (Certs. #3203 and #3204); HMAC (Cert. #2522); DRBG (Cert. #1108); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-Chip Embedded "HGST's self-encrypting Ultrastar He10 TCG Enterprise Hard-Disk Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar He10, which is based on third generation HelioSeal ® technology, uses PMR technology and is the industry's first 10TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He10 provides the highest reliability rating available of all HDDs on the market today by building on the successful design of its 8TB and 6TB predecessors." |
2731 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey D300 Series USB Flash Drive (Hardware Versions: IKD300 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Kingston's IronKey D300 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen." |
2730 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways (Hardware Versions: P/Ns {SRX5400 (SRX5400B2-AC, SRX5400B2-DC, SRX5400BB-AC, or SRX5400BB-DC), SRX5600 (SRX5600BASE-AC or SRX5600BASE-DC), and SRX5800 (SRX5800BASE-AC or SRX5800BASE-DC)} with Service Processing Cards (SRX5K-SPC-2-10-40 or SRX5K-SPC-4-15-320) and Tamper Seals (JNPR-FIPS-TAMPER-LBLS); Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656, #3662 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022, #1032 and #1033); ECDSA (Certs. #758, #769 and #770); HMAC (Certs. #2400, #2406, #2412 and #2413); RSA (Certs. #1885, #1895 and #1896); SHS (Certs. #3068, #3074, #3080 and #3081); Triple-DES (Certs. #2035, #2036, #2037 and #2038) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-64; UMAC-128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
2729 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX 6450, ICX 7750, ICX 7250 and SX 800/1600 Series (Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX6450-24 (80-1005997-03), ICX6450-24P (80-1005996-04), ICX6450-48 (80-1005999-04), ICX6450-48P (80-1005998-04), ICX6450-C12-PD (80-1007578-01)], [ICX7250-24P (80-1008381-02), ICX7250-24G (80-1008379-02), ICX7250-24 (80-1008380-02), ICX7250-48P (80-1008386-02), ICX7250-48 (80-1008384-02)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), with Components (80-1002957-03; 80-1006607-01; 80-1006486-02; 80-1003883-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 5, 13 and 14 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2687, #2688, #2690, #2697, #2981, #3133, #3139, #3140, #3141, and #3142); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); Triple-DES (Certs. #1613, #1614, #1615, #1617, #1764) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; RC4 Multi-Chip Stand Alone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX7250 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments." |
2728 | BlackBerry Limited BlackBerry B 2200 University Ave. E Waterloo, Ontario N2K 0A7 Canada Security Certifications Team TEL: (519) 888-7465 x 72921 FAX: (519) 888-9852 CST Lab: NVLAP 200928-0 | BlackBerry Linux Kernel Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix C) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with AES-NI CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without AES-NI Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953) -Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG Multi-Chip Stand Alone "The BlackBerry Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel. The BlackBerry Linux Kernel Cryptographic Module expands the secure capabilities and features BlackBerry is known for, to devices running operating systems other than the BlackBerry OS." |
2727 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Adapter (Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/29/2016 10/04/2016 03/13/2017 08/01/2017 | 10/3/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748 and #1889); SHS (Certs. #2344 and #2504); KTS (AES Cert. #2787) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Adapter provides high speed data at rest encryption for Hitachi storage." |
2726 | Sony Mobile Communications, Inc. 1-8-15 Kohnan Minato-ku, Tokyo 108-0075 USA Takuya Nishibayashi TEL: +81-3-5782-5285 FAX: +81-3-5782-5258 CST Lab: NVLAP 100432-0 | Xperia Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 5.0 running on Xperia Z4 tablet with ARMv8 Cryptographic Instruction Android 5.0 running on Xperia Z4 tablet without ARMv8 Cryptographic Instruction (single-user mode) -FIPS Approved algorithms: AES (Cert. #3329); CVL (Cert. #485); DRBG (Cert. #774); DSA (Cert. #946); ECDSA (Cert. #658); HMAC (Cert. #2120); RSA (Cert. #1709); SHS (Cert. #2762); Triple-DES (Cert. #1900) -Other algorithms: EC Diffie-Hellman (CVL Cert. #485, key agreement methodology provides between 112 and 256 bits of security strength; non-compliant less than 112 bits of encryption strength); DUAL EC DRBG; RSA (key wrapping methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-Chip Stand Alone "The Xperia Cryptographic Module provides a functionality/service, intended to protect data in transit and at rest." |
2725 | FinalCode, Inc. 3031 Tisch Way Suite 115 San Jose, CA 95128 USA Inquiries TEL: 855-201-8822 CST Lab: NVLAP 201029-0 | FinalCode FIPS Crypto Module (Software Version: 1.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "FinalCode FIPS Crypto Module is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform." |
2724 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 3560-CX Switch (Hardware Version: WS-3560CX-8TC-S; Firmware Version: 15.2(3)E1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3984 and #4016); CVL (Cert. #813); DRBG (Cert. #1177); HMAC (Cert. #2600); RSA (Cert. #2045); SHS (Cert. #3289); Triple-DES (Cert. #2187) -Other algorithms: AES (Cert. #3984, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); AES (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules." |
2723 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Coitat 13705 France Arnaud LOTIGER TEL: +33 442366074 FAX: +33 442365545 Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 CST Lab: NVLAP 100432-0 | IDCore 30-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore 30 rev B - Build 06, Demonstration Applet version V1.1) (When operated in FIPS mode with module IDPrime MD 830-revB validated to FIPS 140-2 under Cert. #2714 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2016 | 8/25/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG Single Chip "IDCore 30-revB is a highly secured smartcard platform compliant with Javacard 2.2.2, Global Platform 2.1.1 & 2.2 Amendment D standards, designed to operate with Infineon SLE78 chip family. The library implements TDEA, AES, AES-CMAC, SHA1-224-256-384-512, RSA, RSA CRT, ECDSA, ECC CDH and SP800-90A RNG algorithms." |
2722 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 Jack Young TEL: 408-392-4334 FAX: 408-392-0319 CST Lab: NVLAP 100432-0 | SPYRUS MDTU-P384 Encryption Module (Hardware Versions: P/N 880074014F, Version 2.00.02; Firmware Version: 03.00.0D) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2016 | 8/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3877 and #3878); DRBG (Cert. #1106); ECDSA (Cert. #837); KAS (Cert. #75); SHS (Certs. #3198 and #3199) -Other algorithms: NDRNG Multi-Chip Stand Alone "The MDTU P-384 module is a Suite B cryptographic storage device featuring XTS-AES 256-bit full disk encryption and P-384 based digital signature services. The device is fully adapted for the storage and protection of sensitive data assets and provides an automated secure data exchange service with external devices by way of a high strength authentication mechanism. The physical security and capabilities of this module make it ideal for secure transfer of essential assets in mission-critical applications." |
2721 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 (Software Version: 4.0) (With module Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/29/2016 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: CVL (Certs. #679, #680 and #681) -Other algorithms: N/A Multi-Chip Stand Alone "Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec." |
2720 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054 USA Steve F. Taylor TEL: 202-361-7778 Kevin Fiftal TEL: 860-326-6293 CST Lab: NVLAP 200658-0 | Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset (Hardware Version: 3.0; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Tested Configuration(s): Intel Sunrise Point PCH chipset with ME device firmware version 11.6.0.1102 CORPORATE SKU -FIPS Approved algorithms: AES (Cert. #3923); CVL (Certs. #779, #798 and #799); DRBG (Cert. #1156); ECDSA (Certs. #871 and #872); HMAC (Certs. #2547 and #2548); KAS (SP 800-56B, vendor affirmed); Triple-DES (Cert. #2152); PBKDF (vendor affirmed); RSA (Certs. #2003 and #2022); SHS (Certs. #3232 and #3233) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset is a hybrid cryptographic module present on recent Intel® vPro™ platforms. The Security Engine Chipset consists of both hardware and firmware that are utilized by the Management Engine (ME) of vProTM platforms. The hardware and firmware combine to perform cryptographic functions within the Intel® vPro™ ME for applications executing in the ME." |
2719 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways (Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX1400BASE-XGE-AC with [1] or [2], SRX1400BASE-XGE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/24/2016 | 8/23/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1033); ECDSA (Certs. #758 and #770); HMAC (Certs. #2400, #2406 and #2413); RSA (Certs. #1885 and #1896); SHS (Certs. #3068, #3074 and #3081); Triple-DES (Certs. #2035, #2036 and #2038) -Other algorithms: ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; UMAC-64; UMAC-128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
2718 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 CANADA Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie F-IMB 4K Integrated Media Block (IMB) (Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4363) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2016 | 8/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: SHS (Cert. #1788); RSA (Cert. #1062) -Other algorithms: TI ECDH; RNG; NDRNG; MD5; AES (non-compliant); HMAC (non-compliant); TLS v1.0 KDF (non-compliant) Multi-Chip Embedded "The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material." |
2717 | FinalCode, Inc. 3031 Tisch Way Suite 115 San Jose, CA 95128 USA Inquiries TEL: 855-201-8822 CST Lab: NVLAP 201029-0 | FinalCode FIPS Crypto Module for Mobile (Software Version: 1.1) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/22/2016 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "FinalCode FIPS Crypto Module for Mobile is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode mobile components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform." |
2716 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-6289 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar® SSD800MH.B, SSD1600MM and SSD1600MR TCG Enterprise SSD (Hardware Versions: P/Ns HUSMH8080BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8040BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8020BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8010BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1620ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1619ASS235 (0003) [11], HUSMR1619ASS205 (0003) [12, 13, 17, 18], HUSMR1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1610ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1650ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14] and HUSMR1625ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14]; Firmware Versions: D326 [1], D327 [2], D370 [3], K326 [4], K370 [5], P326 [6], P33G [7], P344 [8], P370 [9], Q4CB [10], R1C0 [11], G192 [12], R192 [13], D371 [14], P382 [15], K382 [16], R1D2 [17], or M1D2 [18])) (When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2016 08/25/2016 09/16/2016 11/08/2016 | 11/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST's self-encrypting Ultrastar SSD800/1600 TCG Enterprise SSDs Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1600 family combines enterprise-grade MLC NAND Flash memory and advanced endurance management firmware. The power loss data management techniques extend reliability, endurance, and sustained performance over the life of the SSD." |
2715 | IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA Tom Benjamin TEL: 512-286-5319 FAX: 512-973-4763 Karthik Ramamoorthy TEL: 512-286-8135 FAX: 512-973-4763 CST Lab: NVLAP 200658-0 | IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/22/2016 04/10/2017 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 release 2 running on ThinkCentre M92P Tower Desktop with PAA Red Hat Enterprise Linux Server release 7.1 running on ThinkCentre M93P with PAA AIX 7 running on IBM 9119-MHE with PAA Red Hat Enterprise Linux Server release 7.1 running on IBM 9119-MHE with PAA Windows 7 64-bit running on ThinkCentre M93P without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3904, #3905, #3906, #3907 and #3908); CVL (Certs. #758, #759, #760, #761, #762, #763, #764, #765, #766 and #767); DRBG (Certs. #1119, #1120, #1121, #1122 and #1123); DSA (Certs. #1062, #1063, #1064, #1065 and #1066); ECDSA (Certs. #847, #848, #849, #850 and #851); HMAC (Certs. #2533, #2534, #2535, #2536 and #2537); KTS (vendor affirmed); RSA (Certs. #1988, #1989, #1990, #1991 and #1992); SHS (Certs. #3216, #3217, #3218, #3219 and #3220); Triple-DES (Certs. #2140, #2141, #2142, #2143 and #2144) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework." |
2714 | Gemalto 20 Colonade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet V4.3.5.D and MSPNP Applet V1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2016 | 8/18/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100) -Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single Chip "IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
2713 | INTEGRITY Security Services 7585 Irvine Center Drive Suite 250 Irvine, CA 92618 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 201029-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Firmware Version: 3.0.1) (When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/18/2016 | 8/17/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): ATSAM4CMS32 with ARM Cortex-M4 -FIPS Approved algorithms: AES (Cert. #3943); DRBG (Cert. #1147); ECDSA (Cert. #864); HMAC (Cert. #2567); SHS (Cert. #3252) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Embedded "Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
2712 | Imprivata 10 Maguire Road Building 4 Lexington, MA 02421 USA Troy Kuehl TEL: 781-674-2716 FAX: 781-674-2760 Joel Lemieux TEL: 781-674-2418 FAX: 781-674-2760 CST Lab: NVLAP 100432-0 | Imprivata FIPS 140-2 Cryptographic Module (Software Versions: 3.6.0 and 3.6.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/16/2016 | 8/15/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSign Linux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630 Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3417); DRBG (Cert. #821); HMAC (Cert. #2175); RSA (Cert. #1749); SHS (Cert. #2823); Triple-DES (Cert. #1928) -Other algorithms: RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; AES (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Stand Alone "Imprivata delivers best in class solutions that optimize clinical workflow efficiency and enhance care delivery. OneSign® offers single sign-on, authentication management, and virtual desktop roaming enabling fast, secure No Click Access® to clinical applications and patient information, anytime, anywhere and from any device. Cortext® enables clinicians to securely collaborate across care teams and organizations. Confirm ID™ is the comprehensive identity and two-factor authentication platform for remote access, EPCS and medical device access." |
2711 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux NSS Cryptographic Module v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/15/2016 12/19/2016 | 12/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610); CVL (Certs. #625, #626, #627, #628 and #629); DRBG (Certs. #935, #936, #937, #938 and #940); DSA (Certs. #1001, #1002, #1003, #1004 and #1005); ECDSA (Certs. #738, #739, #740, #741 and #742); HMAC (Certs. #2299, #2300, #2301, #2303 and #2305); RSA (Certs. #1853, #1854, #1855, #1856, #1857, #2031, #2032, #2033, #2034 and #2035); SHS (Certs. #2965, #2966, #2967, #2969 and #2971); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010) -Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE Multi-Chip Stand Alone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/" |
2710 | GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA Pranay Kumar TEL: (852) 2507 9565 FAX: (852) 2579 1131 Chern Yue Kwok TEL: (852) 2507 9552 FAX: (852) 2579 1131 CST Lab: NVLAP 100432-0 | Standalone IMB (Hardware Versions: GDC-IMB-v3, R12; Firmware Version: 2.5 with Security Manager Firmware Version 1.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/12/2016 | 8/11/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2148 and #3938); CVL (Cert. #785); DRBG (Cert. #1145); HMAC (Certs. #1315 and #2560); RSA (Cert. #2012); SHS (Certs. #1869 and #3247) -Other algorithms: EC Diffie-Hellman (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging." |
2709 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type A (Hardware Versions: A0 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[1], A1 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[2]; Firmware Versions: ZZ01[1], NA01[2], NA02[2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/11/2016 08/26/2016 09/29/2016 | 9/28/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); HMAC (Cert. #2231); SHS (Cert. #2879); RSA (Cert. #1795); DRBG (Cert. #867) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2708 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2016 | 8/8/2021 | Overall Level: 2 Multi-Chip Embedded |
2707 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type B (Hardware Versions: A2 with PX04SVQ040B, PX04SVQ080B, PX04SVQ160B or PX04SRQ192B; Firmware Version: PD09) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2016 | 8/8/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2706 | V-Key 72 Bendemeer Road #02-20 Luzerne Singapore, Singapore 339941 Singapore Joseph Gan TEL: +65 6471 2524 FAX: +65 6471 2526 CST Lab: NVLAP 200901-0 | V-Key Cryptographic Module (Software Version: 3.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/09/2016 | 8/8/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): VOS 3.6.0 running on a Samsung Galaxy S4 with Android 4.4.2 operating in single user mode -FIPS Approved algorithms: AES (Cert. #3679); Triple-DES (Cert. #2057); SHS (Cert. #3093); HMAC (Cert. #2425); KBKDF (Cert. #74); RSA (Cert. #1900) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RNG Multi-Chip Stand Alone "A software cryptographic module residing within a virtual machine, V-OS that provides a sandboxed operating environment. The Module provides symmetric ciphers, including AES and Triple DES, asymmetric cipher RSA, secure hash functions SHA-1 and SHA-256, message authentication, key derivation and key storage." |
2705 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009-1699 USA Savitha Naik TEL: 760-476-7416 FAX: 760-929-3941 David Suksumrit TEL: 760-476-2306 FAX: 760-929-3941 CST Lab: NVLAP 100432-0 | Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; P/N 1047117 (tamper evident seal applied over ESEM); Firmware Version: 02.09.06) (The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/08/2016 11/17/2016 | 11/16/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3449, #3450 and #3879); CVL (Certs. #454 and #747); DRBG (Cert. #1107); ECDSA (Cert. #839); HMAC (Cert. #2521); KAS (Cert. #76); KTS (AES Cert. #3879); SHS (Certs. #2689, #3201 and #3202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); DES; DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); HMAC MD5; MD5; PBKDF (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions." |
2704 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 3750-X Switch (Hardware Versions: WS-C3750X-24T with C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, or C3KX-NM-10GT; Firmware Version: 15.2(3)E1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/08/2016 | 8/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275, and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Cert. #1764); KBKDF (Cert. #49); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules." |
2703 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653) -Other algorithms: N/A Multi-Chip Stand Alone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
2702 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise (Software Version: 10.0.10586) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048) -Other algorithms: MD5 Multi-Chip Stand Alone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
2701 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048) -Other algorithms: MD5; NDRNG Multi-Chip Stand Alone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
2700 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-Chip Stand Alone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
2699 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Linda Gallops TEL: 704-972-5018 FAX: 980-355-5399 CST Lab: NVLAP 200928-0 | Oracle Solaris Userland Cryptographic Framework (Software Version: 1.3) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/08/2016 11/03/2016 | 11/2/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3936); Triple-DES (Cert. #2159); RSA (Cert. #2011); DSA (Cert. #1074); ECDSA (Cert. #862); SHS (Cert. #3245); HMAC (Cert. #2558); DRBG (Cert. #1143) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); SHS (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Oracle Solaris Userland Cryptographic Framework module provides cryptographic functionality for any application that calls into it. The module provides encryption, decryption, hashing, secure random number generation, signature generation and verification, certificate generation and verification, message authentication functions, and key pair generation for RSA and DSA. The module can leverage the algorithm acceleration from SPARC and x86 processors when available." |
2698 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Linda Gallops TEL: 704-972-5018 FAX: 980-355-5399 CST Lab: NVLAP 200928-0 | Oracle Solaris Kernel Cryptographic Framework (Software Version: 1.3) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/08/2016 11/03/2016 | 11/2/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3935); Triple-DES (Cert. #2158); RSA (Cert. #2010); ECDSA (Cert. #861); SHS (Cert. #3243); HMAC (Cert. #2556); DRBG (Cert. #1142) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Oracle Solaris Kernel Cryptographic Framework module provides cryptographic functionality for the kernel module. The module provides encryption, decryption, hashing, signature generation and verification, secure random number generation, and message authentication functions. The module can leverage the algorithm acceleration from SPARC and x86 processors when available." |
2697 | Ciena® Corporation 7035 Ridge Road Hanover, MD 21076 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module (Hardware Version: 1.0 with PCB P/N NTK539QS-220; Firmware Version: 2.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3601 and #3602); CVL (Cert. #624); DRBG (Cert. #934); ECDSA (Certs. #736 and #737); HMAC (Cert. #2298); SHS (Certs. #2963 and #2964); Triple-DES (Cert. #2005) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Embedded "The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service." |
2696 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways (Hardware Versions: P/Ns {SRX100H, SRX100H2, SRX100H-TAA, SRX110H2-VA, SRX110H2-VB, SRX110H-VA, SRX110H-VB; SRX210HE, SRX210HE2, SRX210HE2-POE, SRX210HE-POE, SRX210HE-POE-TAA, SRX210HE-TAA, SRX210H2-POE-TAA, SRX210H2-TAA; SRX220H, SRX220H2, SRX220H-POE, SRX220H2-POE; SRX240H, SRX240H2, SRX240H2-DC, SRX240H2-POE, SRX240H-DC, SRX240H-POE, SRX240H-POE-TAA, SRX240H-TAA, SRX240H2-DC-TAA, SRX240H2-POE-TAA, SRX240H2-TAA; SRX550-645AP, SRX550-645DP, SRX550-645AP-TAA, SRX550-645DP-TAA; SRX650-BASE-SRE6-645AP, SRX650-BASE-SRE6-645DP, SRX650B-SRE6-645AP-TAA} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #2035, #2036, #2039, #2040, #2041, #2042 and #2043); AES (Certs. #3650, #3656, #3657, #3658, #3659, #3660 and #3661); SHS (Certs. #3068, #3074, #3075, #3076, #3077, #3078 and #3079); HMAC (Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); CVL (Certs. #659 and #660); RSA (Certs. #1885, #1890, #1891, #1892, #1893 and #1894); DSA (Certs. #1022, #1027, #1028, #1029, #1030 and #1031); ECDSA (Certs. #758, #764, #765, #766, #767 and #768); DRBG (Cert. #981) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-128; UMAC-64; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
2695 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Harshad Thakar TEL: 720-684-2880 CST Lab: NVLAP 201029-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module (Hardware Versions: ST1000LM038 - 1RD172 [1], ST2000LM010 - 1RA174 [2], ST500LM033 - 1RD17D [3], ST1000LX017 - 1U9172 [4], ST2000LX003 - 1RJ174 [5]; Firmware Versions: SDM1 [1,2, 3], RSE1 [1, 3], LSM1 [1,2, 3], RDE1 [2], SSM1 [4,5]) (When operated in FIPS Mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/03/2016 05/23/2017 08/31/2017 | 8/2/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2804, #2947, #3758, #3759 and #3760); CVL (Certs. #707 and #708); DRBG (Cert. #62); HMAC (Certs. #1597 and #2460); KTS (AES Cert. #2947); RSA (Certs. #1933 and #1934); SHS (Certs. #1225, #3128 and #3129); PBKDF (vendor affirmed) -Other algorithms: Diffie-Hellman (CVL Cert. #707, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Embedded "The ‘Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module’ is embodied in Seagate Laptop thin and Laptop Self-Encrypting Drive model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
2694 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Board (Hardware Version: HM800SL1 or HM800SL1a; Firmware Versions: 03.07.49.00, 03.07.54.00 or 03.07.56.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/03/2016 08/04/2017 | 8/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); SHS (Cert. #2738); KTS (AES Cert. #3305) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Board provides high speed data at rest encryption for Hitachi storage." |
2693 | Forcepoint 10900-A Stonelake Blvd Quarry Oaks 1, Ste 350 Austin, TX 78759 USA Michael Carney TEL: 952-444-9546 CST Lab: NVLAP 200556-0 | Forcepoint Sidewinder (Firmware Version: 8.3.2P07 with patch 8.3.2E106) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/03/2016 | 8/2/2021 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): The module was tested on the 1402-C3 McAfee Firewall Enterprise with a proprietary OS (SecureOS® version 8.3) -FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
2692 | Zanjia Electronic Science & Technology (Beijing) Co., Ltd. Rm 1701, Bldg B, Wantong New World Plaza No.2 Fuchengmenwai St. Xicheng Dist. Beijing, Beijing 100037 China Jingqiang Lin TEL: +86-18910039067 Zheng Li TEL: +86-18600339661 CST Lab: NVLAP 200658-0 | HSM-ZJ2014 (Hardware Version: ZJ2014-2697v2-680-32G; Firmware Version: 1.0.0.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2016 | 7/27/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3912); DRBG (Cert. #1128); ECDSA (Cert. #855); HMAC (Cert. #2541); RSA (Cert. #1996); SHS (Cert. #3224) -Other algorithms: AES (Cert. #3912, key wrapping); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength ) Multi-Chip Stand Alone "HSM-ZJ2014 is a hardware security module, providing cryptographic services including encryption, decryption, signature generation and verification, and key management." |
2691 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA Michael Zagorski TEL: 845-435-1853 Michael Onghena TEL: 919-543-4049 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1] and IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2] (Hardware Versions: FC 3863 EC N98775 Drv 22H [1] and FC 3863 EC P00339 Drv D27I [2]; Software Versions: RACF level HRF7790 [1] and RACF level HRF77A0 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 07/28/2016 04/25/2017 05/09/2017 06/01/2017 | 7/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 IBM z/OS Version 2 Release 2 running on an IBM z13 (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1979); SHS (Cert. #3196) -Other algorithms: N/A Multi-Chip Stand Alone "The z/OS RACF Program Signature Verification package consists of the core module (IRRPVERS) that is utilized when verifying signed code as it is loaded as well as an auxiliary module responsible for driving the initialization of IRRPVERS. The RACF Program Signature Verification module consists of software-based cryptographic algorithms, as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF)." |
2690 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-936-2247 Seyed Safakish TEL: 408-745-8158 CST Lab: NVLAP 100432-0 | MX240, MX480, and MX960 3D Universal Edge Routers with the Multiservices MPC and Junos 14.2X4-D10.11 (Hardware Versions: MX240, MX480 and MX960 with components identified in Security Policy Table 1; Firmware Version: Junos 14.2X4-D10.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2016 05/02/2017 | 7/27/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3955, #3956 and #3957); CVL (Certs. #791 and #792); DRBG (Certs. #1157 and #1158); DSA (Certs. #1078 and #1079); ECDSA (Certs. #869 and #870); HMAC (Certs. #2575, #2576, #2577 and #2578); RSA (Certs. #2019 and #2020); SHS (Certs. #3261, #3262, #3263 and #3264); Triple-DES (Certs. #2166, #2167 and #2168); -Other algorithms: ARCFOUR; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC-MD5; HMAC-RIPEMD160; NDRNG; UMAC-128; UMAC-64 Multi-Chip Stand Alone "The MX 3D Universal Edge Routers deliver high performance, reliability, and scale to enable a cost-effective solution. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services." |
2689 | Kaminario 75 Second Avenue 6th Floor, Suite 620 Needham, MA 02494 USA Mike Jochimsen TEL: 1-925-915-0495 Mark Shteiman TEL: 972-52-5222883 CST Lab: NVLAP 201029-0 | Kaminario Encryption Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2016 | 7/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Kaminario Encryption Module is a standalone cryptographic module of the Kaminario K2 All Flash Array (AFA) product, the backbone of the modern data center. The module delivers core cryptographic functions and features robust algorithm support. Kaminario K2 offloads to the Cryptographic Module various crypto functions such as authentication, secure key management, data integrity, management traffic encryption and data at rest encryption." |
2688 | iStorage Limited iStorage House 13 Alpherton Lane, Perivale Middlesex UB6 8DH United Kingdom John Michael TEL: +44 (0)20 8991 6260 FAX: +44 (0)20 8991 6277 Lev Bolotin TEL: 425-820-9929 CST Lab: NVLAP 200983-0 | datAshur Pro 3.0 (Hardware Version: IS-FL-DA3-256-4; IS-FL-DA3-256-8; IS-FL-DA3-256-16; IS-FL-DA3-256-32; IS-FL-DA3-256-64; Firmware Version: Encryption Controller: V1.01.10; Security Controller: v1.11; Software Version: N/A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/26/2016 03/17/2017 06/02/2017 07/14/2017 | 7/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); SHS (Cert. #3127); PBKDF (Vendor Affirmed) -Other algorithms: NDRNG Multi-Chip Stand Alone "iStorage datAshur Secure USB Flash Drive (iStorage datAshur Pro 3.0 or datAshur) is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit XTS-AES encryption to secure sensitive information in the event that the drive is lost or stolen.The data encryption key (DEK) and other cryptographic parameters are generated within the module on first use through the use of a NIST approved DRBG. The seed for the DRBG is also produced within the module from an NDRNG." |
2687 | SyncDog, Inc. 1818 Library Street Suite 500 Reston, VA 20190 USA Jonas Gyllensvaan TEL: 1-855-796-2364 CST Lab: NVLAP 201029-0 | SyncDog Cryptographic Module (Software Version: 2.5) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/25/2016 | 7/24/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The SyncDog Cryptographic Module provides validated cryptographic functions for SentinelSecure™ SentinelSecure secures data in transport and data at rest for all applications utilizing its security protocols. SentinelSecure provides a secure mobile communications platform and app containerization." |
2686 | HPE Data Security 20400 Stevens Creek Blvd STE 500 Cupertino, CA 95014 USA Luther Martin TEL: 408-886-3255 FAX: 408-886-3201 CST Lab: NVLAP 200802-0 | Voltage Cryptographic Module v.5.0 (Software Version: Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/19/2016 08/04/2016 08/22/2016 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CPU Intel(R) Core(TM) i7-3770 with AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010 CPU Intel(R) Core(TM) i7-3770 w/o AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010 CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - OSS running on HP Integrity NonStop BladeSystem NB54000c CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running on HP Integrity NonStop X NS7 X1 CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - Guardian running HP Integrity NonStop BladeSystem NB54000c CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running on HP Integrity NonStop X NS7 X1 CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running HP Integrity NonStop X NS7 X1 CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running HP Integrity NonStop X NS7 X1 CPU Intel(R) Core(TM) i7-2600 with AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 CPU Intel(R) Core(TM) i7-2600 w/o AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 (single-user mode) -FIPS Approved algorithms: ECDSA (Certs. #803, #806, #829, #845 and #846); DSA (Certs. #1042, #1044, #1050, #1059 and #1060); Triple-DES (Certs. #1915, #1916, #1917, #1918, #2091, #2117, #2137, #2138, #2169, #2208 and #2209); SHS (Certs. #2791, #2792, #2793, #2794, #3131, #3166, #3210 and #3211); AES (Certs. #3372, #3373, #3374, #3375, #3410, #3411, #3412, #3413, #3761, #3843, #3894, #3895, #3918, #4033 and #4034); HMAC (Certs. #2455, #2461, #2493, #2528 and #2529); RSA (Certs. #1730, #1731, #1732, #1733, #1935, #1963, #1984 and #1985); DRBG (Certs. #796, #797, #798, #799, #1033, #1088, #1114, and #1115); KBKDF (Certs. #63, #67, #68, #69, #76, #83, #87 and #88); CVL (Certs. #509, #510, #511, #512, #709, #732, #754 and #755); PBKDF (vendor affirmed); -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; Dual EC DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The Voltage Cryptographic Module v.5.0 provides the Validated algorithms used by the HPE SecureMail, HPE SecureFile and HPE SecureData families of products." |
2685 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYRUS USB-3 Module (Hardware Version: SFP100000-1; SFP100000-2; SFP100000-3; SFP100000-4; SFP200000-1; SFP200000-2; SFP200000-3; SFP200000-4; SFP300000-1; SFP300000-2; SFP300000-3; SFP300000-4; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3406); KTS (AES Cert. #3115); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658); KBKDF (Cert. #54) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The SPYRUS USB-3 Module provides multiple security functionalities in a single platform, including WindowsToGo, PKI support, Secure Mass Storage and conventional cryptographic token capabilities. This Module provides Suite-B algorithms that ensure the protection and integrity of User Data and application data on board." |
2684 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco C819 ISR, C880 ISR, C890 ISR, CGR 2010, C800M, ESR5921, and IR809 (Hardware Versions: C819G-4G-GA, C819G-4G-NA, C819G-4G-ST, C819G-4G-VZ, C819HG-4G-A, C819HG-4G-G, C819HG-4G-V, ESR5921, C881, C881G-4G-GA, C887VAG-4G-GA, C891F, C892FSP, C897VA, C897VAG-LTE-GA, C899G-LTE-GA, C899G-LTE-NA, C899G-LTE-ST, C899G-LTE-VZ, CGR 2010 [1], C841M-4X, C841M-8X, IR809G-LTE-VZ, IR809G-LTE-NA with GRWIC-ESM-8x [1] or GRWIC-ESM-4x [1]; Firmware Version: IOS 15.5M) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1764 and #2377); RSA (Certs. #1471 and #1868); SHS (Certs. #2361 and #3043); Triple-DES (Certs. #1688 and #2020) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 to 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
2683 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Integrated Services Router (ISR) 891W, 1941W, 829W (Hardware Versions: C891FW-A, C891FW-E, 1941W, IR829GW-LTE-NA-A, IR829GW-LTE-VZ-A; Firmware Versions: Router IOS 15.5M and AP IOS 15.3.3-JB) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1791, #2343, #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1452, #1764 and #2377); KBKDF (Certs. #49 and #86); RSA (Certs. #1471 and #1868); SHS (Certs. #2020, #2361 and #3043); Triple-DES (Certs. #1466 and #1688) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
2682 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Integrated Services Router (ISR) 1905 ISR, 1921 ISR, 1941 ISR, 2901 ISR, 2911 ISR, 2921 ISR, 2951 ISR, 3925 ISR, 3925E ISR, 3945 ISR, 3945E ISR, 5915 ESR and 5940 ESR (Hardware Versions: 1905, 1921, 1941 [3], 2901 [4], 2911 [5], 2921 [6], 2951 [7], 3925 [8], 3945 [9], 3925E [10], 3945E [11], 5915, 5940 with PVDM2-8 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-48 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-128 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-192 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-256 [4, 5, 6, 7, 8, 9, 10, 11] and ISM-VPN-19 [3], ISM-VPN-29 [4, 5, 6, 7], ISM-VPN-39 [8, 9]; Firmware Version: IOS 15.5M) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2343 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1764 and #1452); RSA (Cert. #1471); SHS (Certs. #2020 and #2361); Triple-DES (Certs. #1466 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
2681 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024F-4X-RT-DC (80-1007212-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a) (When operated in FIPS mode with the tamper evident labels installed as specified in Appendix A and configured as specified in Tables 4 and 8 and as per Section 9 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2715 and #3143); SHS (Cert. #2280); RSA (Cert. #1411); HMAC (Cert. #1694); DRBG (Cert. #452); CVL (Certs. #173, #394 and #403); Triple-DES (Cert. #1632) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5; DES; HMAC-SHA-1-96 (HMAC Cert. #1694) Multi-Chip Stand Alone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor." |
2680 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Joonwoong Kim TEL: 82-10-2207-1919 FAX: 82-2-6950-2080 Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 CST Lab: NVLAP 100432-0 | LG Kernel Cryptographic Module (Software Versions: 3.4.0 [1] or 3.10.49 [2, 3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/15/2016 | 7/14/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): [1] Android 5.0.1 running on an LG G3 (Model VS985) [2] Android 5.0.1 running on an LG G-Flex 2 (Model LGLS996) [3] Android 5.1 running on an LG G4 (Model VS986) (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1875 and #1940); AES (Certs. #3290 and #3443); SHS (Certs. #2729 and #2843); HMAC (Certs. #2088 and #2192) -Other algorithms: DES; Twofish; MD5; MD4; ARC4; GHASH; RNG Multi-Chip Stand Alone "The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality." |
2679 | Gemalto SA 6, rue de la Verrerie - CS 20001 Meudon Cedex 92197 France Gilles ROMME TEL: +33 155015712 FAX: +33 155015170 Guennole Tripotin TEL: +33 442365522 FAX: +33 442365236 CST Lab: NVLAP 100432-0 | MultiApp V31 Platform (Hardware Versions: NXP P60D080P VC (MPH132), NXP P60D144P VA (MPH149); Firmware Versions: MultiApp V31 patch 1.4, Demonstration Applet version V1.3) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3543); CVL (Cert. #597); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #1984, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3543, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Single Chip "The MultiApp ID smart cards are fully compliant with two major industry standards: Sun's Javacard 2.2.1 and Global Platform (GP) Card Specification version 2.1.1. They are therefore Java-GP cards, capable of managing applets in a controlled and secure manner in this multi-applet environment. This platform is delivered with a set of applet already loaded loaded in ROM and that can be installed if proper ordering options have been set." |
2678 | EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA Marshall Schiring TEL: 402-479-8375 FAX: 402-479-8472 Josh Johnson TEL: 402-479-8459 FAX: 402-479-8472 CST Lab: NVLAP 100432-0 | Johnson Encryption Machine 2 (JEM2) (Hardware Versions: P/Ns R035-3900-180-00 and R035-3900-280-01; Firmware Version: 4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3436 and #3437); DRBG (Cert. #837); ECDSA (Cert. #692); HMAC (Cert. #2187); KTS (AES Cert. #3437); SHS (Cert. #2838) -Other algorithms: AES-MAC (AES Cert. #3436, vendor affirmed; P25 AES OTAR); DES; NDRNG Multi-Chip Embedded "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES Key Wrap, AES, ECDSA, DRBG, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms." |
2677 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SMA 6200 and SMA 7200 (Hardware Versions: P/Ns 101-500399-57 Rev A and 101-500398-57 Rev A; Firmware Version: SRA 10.7.2-619) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 06/13/2017 | 7/14/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #954); AES (Certs. #3626, #3627 and #3628); RSA (Certs. #1869 and #1870); Triple-DES (Certs. #2021, #2022 and #2023); SHS (Certs. #3044, #3045 and #3046); HMAC (Certs. #2378, #2379 and #2380); CVL (Certs. #646, #647, #648 and #649) -Other algorithms: MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "SonicWALL Software SMA 6200 and SMA 7200 are part of the SonicWALL Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS and Google Android among others." |
2676 | Cohesity, Inc. 451 El Camino Real Suite 235 Santa Clara, CA 95050 USA Vivek Agarwal TEL: 415-690-7805 CST Lab: NVLAP 200427-0 | Cohesity OpenSSL FIPS Object Module (Software Version: 1.0.1) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #2398) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/11/2016 | 7/10/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7.2 running on a Cohesity CS2500 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3967); CVL (Cert. #796); DRBG (Cert. #1162); DSA (Cert. #1081); ECDSA (Cert. #873); HMAC (Cert. #2585); RSA (Cert. #2027); SHS (Cert. #3271); Triple-DES (Cert. #2176) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG Multi-Chip Stand Alone "The Cohesity OpenSSL FIPS Object Module is a general purpose cryptographic module compiled from the source code for the OpenSSL FIPS Object Module ECP 2.0.12. It is incorporated into the CS2000 family of Cohesity Storage Systems." |
2675 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) & NCS 2000 Series (Hardware Versions: [15454-M2-SA, 15454-M6-SA, NCS2002-SA, NCS2006-SA, NCS2015-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, NCS2K-TNCS-O-K9, NCS2K-TNCS-K9, 15454-M-WSE-K9, NCS2K-MR-MXP-LIC, 15454-M-10X10G-LC, and NCS2K-200G-CK-LIC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 10.5) (When installed, initialized and configured as specified in Section 6 of the Security Policy with tamper evident seals installed as indicated in Section 5.6 of the Security Policy and when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2016 | 7/10/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2769, #2770, #3770 and #3771); CVL (Certs. #750 and #751); DRBG (Certs. #1040 and #1041); HMAC (Certs. #2470 and #2471); KBKDF (Cert. #79); RSA (Certs. #1940 and #1941); SHS (Certs. #3140 and #3141); Triple-DES (Cert. #2098) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Cisco ONS 15454 Multiservice Transport Platforms (MSTPs) and NCS 2000 Series provide capital and operational efficiency by addressing the increasing demand for multiple services, greater transport capacity, networking flexibility, multiple distance options, and management simplicity in a single platform." |
2674 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 JungHa Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC1.7) (When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/11/2016 09/20/2016 | 9/19/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 with PAA Android Marshmallow 6.0.1 running on Samsung Galaxy S7 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3836 and #3837); SHS (Certs. #3160, #3161 and #3193); HMAC (Certs. #2487, #2488 and #2516); DRBG (Certs. #1082 and #1083) -Other algorithms: DES; Twofish; MD5; krng; ARC4; Pcompress; CRC32c; Deflate; LZO; GHASH; GF128MUL; Triple-DES (non-compliant) Multi-Chip Stand Alone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
2673 | MRV Communications Inc. 300 Apollo Dr. Chelmsford, MA 01824 USA Tim Bergeron TEL: 978-674-6860 Phil Bellino TEL: 978-674-6870 CST Lab: NVLAP 200427-0 | LX-4000T Series Console Servers (Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive), 600-R3265 RevC through 600-R3288 RevC (inclusive), 600-R3265 RevD through 600-R3288 RevD (inclusive) and 600-R3265 RevE through 600-R3288 RevE (inclusive); Firmware Versions: LinuxITO Version: 6.1.0 and PPCiboot Version: 5.3.9) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IPsec, SNMP, SSH and TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/08/2016 | 7/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3765); DRBG (Cert. #1035); DSA (Cert. #1046); SHS (Cert. #3134) -Other algorithms: DES; EC Diffie-Hellman (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); IKEv2 KDF (non-compliant); MD5; NDRNG; RSA (non-compliant); SNMP KDF (non-compliant); SSH KDF (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access." |
2672 | Information Assurance Specialists, Inc. 900 Route 168 Suite C4 Turnersville, NJ 08012 USA William Morgan TEL: 856-581-8033 Ext. 1006 FAX: 856-228-1265 Keiron Tomasso TEL: 856-581-8033 Ext. 1001 FAX: 856-228-1265 CST Lab: NVLAP 100432-0 | IAS Router (Hardware Versions: P/Ns IAS STEW Rev 1.0, IAS KG-RU Rev 1.0 and IAS Router Micro Rev 1.0; Firmware Version: 50e8756 - 2015-11-24) (When operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2016 | 7/6/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1935); AES (Cert. #3430); DRBG (Cert. #782); ECDSA (Cert. #663); HMAC (Cert. #2182); CVL (Certs. #493 and #523); RSA (Cert. #1756); KTS (vendor affirmed); SHS (Cert. #2830) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "IAS Routers are purpose-built secure IP Routers/VPN Gateways designed to be small, lightweight, low power consumption, highly portable devices able to leverage a wide range of WAN connectivity options to allow secure communications back to a central site from nearly anywhere on the planet." |
2671 | Duo Security, Inc. 123 North Ashley Street Suite 200 Ann Arbor, MI 48104 USA Duo Mobile Security CST Lab: NVLAP 201029-0 | Duo Security Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/07/2016 | 7/6/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus -FIPS Approved algorithms: AES (Cert. #2125); HMAC (Cert. #1296); DSA (Cert. #666); ECDSA (Cert. #319); RSA (Cert. #1094); SHS (Cert. #1849); Triple-DES (Cert. #1351); DRBG (Cert. #233); CVL (Cert. #28) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Duo Security Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to Duo Security's Two-Factor Authentication mobile application." |
2670 | Ceragon Networks, Ltd. 24 Raul Wallenberg St. Tel Aviv 69719 Israel Yoav Shilo CST Lab: NVLAP 201029-0 | FibeAir® IP-20C, FibeAir® IP-20S, FibeAir® IP-20N, FibeAir® IP-20A, FibeAir® IP-20G, and FibeAir® IP-20GX (Hardware Versions: IP-20N, IP-20A, IP-20G, IP-20GX, IP-20C, IP-20S, IP-20-TCC-B-MC+SD-AF: 24-T009-1|A, IP-20-TCC-B2+SD-AF: 24-T010-1|A, IP-20-TCC-B2-XG-MC+SD-AF: 24-T011-1|A, IP-20-RMC-B-AF: 24-R010-0|A; Firmware Version: CeraOS 8.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/04/2016 | 7/3/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3865 and #3867); CVL (Cert. #742); DRBG (Cert. #1099); HMAC (Cert. #2509); KTS (AES Cert. #3865 and HMAC Cert. #2509; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1973); SHS (Certs. #3185) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RC5; CRC32; CRC16; CRC7; ECDSA (non-compliant); DSA (non-compliant); NDRNG; AES (non-compliant) Multi-Chip Stand Alone "FibeAir IP-20 platform provides secured wireless backhaul solutions to deliver mission-critical multimedia services, 4G and other applications with high security and reliability. The platform provides multi gigabit wireless links in 4-86GHz frequency bands, supporting IP and TDM services in a wide range of topologies and network architectures." |
2669 | INTEGRITY Security Services 7585 Irvine Center Drive Suite 250 Irvine, CA 92618 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 100432-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 3.0.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/30/2016 08/08/2016 12/06/2016 12/07/2016 | 12/6/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): FreeRTOS 7.6 running on Cubic PU-4 (ST-Micro STM32F4xxx/ARM Cortex-M4) OpenWrt/Linaro running on Gateway 5100 Ventana (i.MX6 800MHz/ARM Cortex-A9) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3773, #3774, #3775, #3776, #3777, #3889, #3890, #3891, #3892 and #3893); DRBG (Certs. #1043 and #1113); ECDSA (Certs. #812 and #844); CVL (Certs. #720 and #929); HMAC (Certs. #2473 and #2527); RSA (Certs. #1943 and #1983); SHS (Certs. #3143 and #3209); PBKDF (vendor affirmed) -Other algorithms: AES (Certs. #3773 and #3889, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (shared secret computation provides 192 bits of encryption strength); EC Diffie-Hellman (shared secret computation provides between 112 and 256 bits of encryption strength); Triple-DES (non-compliant); MD5; HMAC-MD5 Multi-Chip Stand Alone "Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
2668 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit P/N CLN1780L Rev F with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.8.1.06) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/30/2016 08/29/2016 | 8/28/2021 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #173 and #3547); DRBG (Cert. #903); HMAC (Certs. #39, #2265 and #2266); RSA (Cert. #1827); SHS (Certs. #258 and #2926); Triple-DES (Certs. #275 and #1986); CVL (Certs. #603, #604 and #605) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-96 (non-compliant); DSA (non-compliant); RNG Multi-Chip Stand Alone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
2667 | Micron Technology, LLC Micron Technology 8000 S. Federal Way Boise, ID 83716-9632 USA Paul Barna TEL: 208-492-1062 Michael Selzler TEL: 720-494-5217 CST Lab: NVLAP 200427-0 | Micron S650DC® SAS TCG Enterprise SSC Self-Encrypting Drive (Hardware Versions: MTFDJAK400MBS-2AN16FCYY, MTFDJAK800MBS-2AN16FCYY, MTFDJAL1T6MBS-2AN16FCYY and MTFDJAL3T2MBS-2AN16FCYY; Firmware Versions: MB13, MB17 and MB18) (When installed, initialized and configured as specified in Section 7 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/30/2016 01/19/2017 06/29/2017 | 1/18/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841) -Other algorithms: NDRNG Multi-Chip Embedded "The Micron Secure ® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Micron S650DC SAS SED model solid state drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
2666 | Cambium Networks, Ltd. Unit B2, Linhay Business Park, Eastern Road Ashburton TQ13 7UP UK Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | PTP 700 Point to Point Wireless Ethernet Bridge (Hardware Versions: P/Ns C045070B001A, C045070B002A, C045070B003A, C045070B004A, C045070B005A, C045070B006A, C045070B007A, C045070B008A, C045070B009A, C045070B010A, C045070B011A, C045070B012A, C045070B013A, C045070B014A, C045070B015A, C045070B016A, C045070B017A, C045070B018A, C045070B019A, C045070B020A, C045070B021A, C045070B022A, C045070B023A, C045070B024A, C045070B025A, C045070B026A, C045070B027A, C045070B028A, C045070B029A and C045070B030A; Firmware Version: 700-01-00-FIPS) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/29/2016 | 6/28/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2594 and #2754); DRBG (Cert. #465); DSA (Cert. #842); HMAC (Cert. #1728); SHS (Cert. #2323); CVL (Certs. #202 and #203); KTS (AES Cert. #2754 and HMAC Cert. #1728; key establishment methodology provides 128 or 256 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG Multi-Chip Stand Alone "The PTP 700 is deployed in pairs to create a wireless bridge between two Ethernet networks. The Module operates in licensed, lightly-licensed, and unlicensed frequency bands between 4400 MHz and 5875 MHz, in channel bandwidths up to 45 MHz, providing aggregate data rates up to 450 Mbit/s. The Module transmits and receives Ethernet frames as plaintext, and transmits and receives encrypted wireless signals. The Module is available in 24 different variants, consisting of combinations of physical format, regional variants, capacity variants and ATEX/HAZLOC units." |
2665 | DocuSign, Inc. 221 Main St. Suite 1000 San Francisco, CA 94105 USA Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0 | DocuSign Signature Appliance (Hardware Versions: 7.0 and 8.0; Firmware Version: 8.0) (When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2016 07/25/2016 | 7/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Certs. #786 and #787); DRBG (Certs. #98, #1137 and #1138); HMAC (Certs. #2551, #2552, #2563 and #2564); KTS (Triple-DES Cert. #2160 and HMAC Cert. #2563; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2005 and #2006); SHS (Certs. #3237, #3238, #3248 and #3249); Triple-DES (Certs. #2155, #2156 #2160 and #2161); Triple-DES MAC (Triple-DES Certs. #2155 and #2156, vendor affirmed) -Other algorithms: HMAC (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data." |
2664 | Advanced Card Systems Ltd. Units 2010-2013, 20/F Chevalier Commercial Centre 8 Wang Hoi Road Kowloon Bay Hong Kong Andrew Chan TEL: +852-27967873 FAX: +852-27961286 CST Lab: NVLAP 200427-0 | ACOS5-64 (Hardware Version: ACOS5-64; Firmware Version: 3.00) (When installed, initialized and configured as specified in the Security Policy Section Secure Initialization. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/20/2016 | 6/19/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3539); CVL (Cert. #591); DRBG (Cert. #893); RSA (Cert. #1816); SHS (Cert. #2917); Triple-DES (Cert. #1982); Triple-DES MAC (Triple-DES Cert. #1982, vendor affirmed) -Other algorithms: NDRNG; Triple-DES (Cert. #1982, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single Chip "ACOS5-64 is a hardware cryptographic module validated against FIPS 140-2 at Security Level 3. It is a two-factor authentication smart card module. It provides digital signature creation/verification for online authentication and data encryption/decryption for online transactions." |
2663 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-4000 Amir Shahhosseini TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.13) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/20/2016 06/23/2016 | 6/22/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3931 and #3932); RSA (Certs. #2008 and #2009); HMAC (Certs. #2554 and #2555); DRBG (Certs. #1140 and 1141); SHS (Certs. #3241 and #3242); CVL (Certs. #782 and 783) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
2662 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 Jongseong Kim TEL: 82-10-4535-0110 FAX: 82-2-6950-2080 CST Lab: NVLAP 100432-0 | LG Framework Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/17/2016 09/02/2016 | 9/1/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985) Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3289); DRBG (Cert. #748); DSA (Cert. #943); HMAC (Cert. #2087); RSA (Cert. #1683); SHS (Cert. #2728); Triple-DES (Cert. #1874) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG; ECDSA (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The LG Framework Cryptographic Module is a software library that provides cryptographic functionality." |
2661 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Bob Pittman TEL: 978-264-5211 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE 6125XLG Blade Switches (Hardware Version: HPE 6125XLG; Firmware Version: 7.1.045) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/16/2016 | 6/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2943 and #2990); CVL (Cert. #341); DRBG (Cert. #546); DSA (Cert. #875); HMAC (Certs. #1866 and #1896); RSA (Cert. #1546); SHS (Certs. #2479 and #2511) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The HPE Networking device is suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The device includes fixed-port L2/L3 managed Ethernet switch appliances. This device is based on the Comware 7.1 platform." |
2660 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Versions: MZILS3T8HCJM-000D8 [1], MZILS3T8HCJM-000G6 [2]; Firmware Versions: CXP2 [1], NA01 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/16/2016 07/22/2016 | 7/21/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121) -Other algorithms: NDRNG Multi-Chip Stand Alone "Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase." |
2659 | L-3 Communications, Aviation Recorders 100 Cattlemen Road Sarasota, Florida 34232 USA Tom Fields TEL: 941-377-5540 FAX: 941-377-5591 Robert S. Morich TEL: 941-371-0811, x5774 FAX: 941-377-5591 CST Lab: NVLAP 200002-0 | eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module (Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 06/16/2016 | 6/15/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): eSRVIVR® Cockpit Voice and Flight Data Recorder (Hardware version: 1493200-3000) with Nucleus PLUS 1.15.6 -FIPS Approved algorithms: AES (Cert. #3754) -Other algorithms: N/A Multi-Chip Embedded "A software-based AES implementation in a Cockpit Voice and Flight Data Recorder (CVFDR) that supports 128, 192, and 256 bit key lengths. Various data types can be selected for encryption prior to being recorded in a crash-protected module." |
2658 | Rubrik Inc. 299 South California Avenue Suite 250 Palo Alto, CA 94046 USA Rubrik Support CST Lab: NVLAP 201029-0 | Rubrik Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/15/2016 | 6/14/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 CentOS 6.3 on a GigaVUE-TA1 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Rubrik Cryptographic Library provides FIPS 140-2 validated cryptographic functions (including Suite B algorithms) for Rubrik’s Hybrid Appliances." |
2657 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux libgcrypt Cryptographic Module v4.0 [1] and Red Hat Enterprise Linux libgcrypt Cryptographic Module v5.0 [2] (Software Versions: 4.0 [1], 5.0 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 06/13/2016 07/28/2017 | 6/12/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with AES-NI [1] Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without AES-NI [1] Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A [1] Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions [1] Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645, #3646, #3647, #3648, #3649, #4580 and #4581); DRBG (Certs. #972, #973, #974, #975, #976, #977, #978, #979, #980, #1527 and #1528); DSA (Certs. #1017, #1018, #1019, #1020, #1021, #1214 and #1215); HMAC (Certs. #2395, #2396, #2397, #2398, #2399, #3030 and #3031); RSA (Certs. #1879, #1880, #1881, #1882, #1883, #2498 and #2499); SHS (Certs. #3062, #3063, #3064, #3065, #3066, #3756 and #3757); Triple-DES (Certs. #2030, #2031, #2032, #2033, #2034, #2433 and #2434) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; Blowfish; Camellia; Cast5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; SEED; Serpent; Tiger; Twofish; Whirlpool Multi-Chip Stand Alone "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 7.1 [1] and RHEL 7.4 [2]." |
2656 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola GGM 8000 Gateway (Hardware Versions: Base Unit P/N CLN1841E Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC); Firmware Version: KS-16.8.1.06) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2016 07/06/2016 08/29/2016 | 8/28/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #962 and #3547); DRBG (Cert. #903); HMAC (Certs. #1487, #2265 and #2266); CVL (Certs. #603, #604 and #605); RSA (Cert. #1827); SHS (Certs. #933 and #2926); Triple-DES (Certs. #757 and #1986) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); DSA (non-compliant); RNG Multi-Chip Stand Alone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
2655 | Nuvoton Technology Corporation 4, Creation Road III Hsinchu Science Park Taiwan Yossi Talmi TEL: +972-9-9702364 CST Lab: NVLAP 200556-0 | NPCT6XX TPM 1.2 (Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1) (When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2016 08/19/2016 | 8/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3093 and #3468); RSA (Certs. #1582 and #1779); HMAC (Certs. #1938 and #2213); SHS (Certs. #2554 and #2863); CVL (Certs. #373 and #535) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3093 and #3468, key wrapping); RNG Single Chip "Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation." |
2654 | Broadcom Ltd. 3151 Zanker Road San Jose, CA 95134 USA Gary Goodman TEL: 408-922-1092 FAX: 408-922-1023 Alfonso Ip TEL: 408-922-1023 FAX: 408-922-8050 CST Lab: NVLAP 100432-0 | BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 (Hardware Versions: P/Ns BCM58101B0, BCM58102B0 and BCM58103B0; Firmware Version: rev0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/07/2016 06/13/2016 | 6/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3762 and 3763); HMAC (Cert. #2462); SHS (Cert. #3132); DRBG (Cert. #1034); ECDSA (Cert. #807); DSA (Cert. #1045); RSA (Cert. #1936) -Other algorithms: EC Diffe-Hellman (key agreement; key establishment methodology provides 128-bits of encryption strength); NDRNG Single Chip "Highly integrated, low power, security processor." |
2653 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Adaptive Security Appliance (ASA) Virtual (Software Version: 9.4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/06/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco C220 M3 ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco E180D M2 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3911); CVL (Cert. #772); DRBG (Cert. #1126); ECDSA (Cert. #854); HMAC (Cert. #2540); RSA (Cert. #1995); SHS (Cert. #3223); Triple-DES (Cert. #2147) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
2652 | Vormetric, Inc. 2860 Junction Ave San Jose, CA 95134 USA Peter Tsai TEL: (669) 770-6927 FAX: (408) 844-8638 Steve He TEL: (669) 770-6852 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Data Security Manager Module (Hardware Version: 3.0; Firmware Version: 5.3.0) (When Operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/06/2016 | 6/5/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3499 and #3536); SHS (Certs. #2887, #2914 and #2915); HMAC (Certs. #2234, #2259 and #2260); RSA (Cert. #1796); ECDSA (Cert. #712); DRBG (Cert. #869); CVL (Certs. #589 and #590); KTS (AES Cert. #3499 and HMAC Cert. #2234) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); Triple-DES (non-compliant); MD5; Aria; SSH KDF (non-compliant); NDRNG Multi-Chip Stand Alone "The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module." |
2651 | Huawei Technologies Co., Ltd. Huawei Industrial Base, Bantian Longgang Shenzhen, Guangdong 518129 China blue.li@huawei.com TEL: 0086-0755-28976679 FAX: 0086-0755-28976679 CST Lab: NVLAP 200856-0 | Huawei FIPS Cryptographic Library (HFCL) (Software Version: V300R003C22SPC805) (When installed, initialized and configured as specified in the Security Policy Section 6.1. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/03/2016 | 6/2/2021 | Overall Level: 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): DELL PowerEdge T110 II Intel Pentium w/ RHEL 5.3 evaluated at EAL4 -FIPS Approved algorithms: AES (Cert. #3477); Triple-DES (Cert. #1960); DSA (Cert. #984); RSA (Cert. #1785); ECDSA (Cert. #707); SHA (Cert. #2872); DRBG (Cert. #857); HMAC (Cert. #2221); CVL (Certs. #551 and #552) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength) Multi-Chip Stand Alone "Huawei FIPS Cryptographic Library (HFCL) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)." |
2650 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA Service Module (SM) (Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/02/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444 and #3439); CVL (Cert. #525); DRBG (Certs. #332 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247 and #2188); RSA (Cert. #1760); SHS (Certs. #1794 and #2839); Triple-DES (Certs. #1321 and #1937) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes." |
2649 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® ICX ™ 6610 and ICX 7450 Series (Hardware Versions: {ICX6610-24F-I (80-1005350-04), ICX6610-24F-E (80-1005345-04), ICX6610-24-I (80-1005348-05), ICX6610-24-E (80-1005343-05), ICX6610-24P-I (80-1005349-06), ICX6610-24P-E (80-1005344-06), ICX6610-48-I (80-1005351-05), ICX6610-48-E (80-1005346-05), ICX6610-48P-I (80-1005352-06), ICX6610-48P-E (80-1005347-06), ICX7450-24 (80-1008060-01), ICX7450-24P (80-1008061-01), ICX7450-48 (80-1008062-01), ICX7450-48P (80-1008063-01), ICX7450-48F (80-1008064-01), with Components (80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1008308-01; 80-1008309-01; 123400000829A-R01; 123400000830A-R01; 123400000833A-R01)} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b) (When operated in FIPS mode with tamper evident labels installed and with configurations as defined in Table 5 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/27/2016 07/14/2016 | 7/13/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1197, #1269, #1276, #2697, #2981, #2984, #3008, #3139, #3142 and #3438); KTS (AES Certs. #2984 and #3438; key establishment methodology provides 128 bits of encryption strength); SHS (Certs. #2265 and #2505); HMAC (Certs. #1679 and #1890); DRBG (Certs. #442 and #569); RSA (Certs. #1396 and #1565); CVL (Certs. #161, #362, #386, #388, #390 and #400); KBKDF (Certs. #36 and #58); Triple-DES (Certs. #1617 and #1764); DSA (Certs. #819 and #887) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; DSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. The Brocade 7450 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments." |
2648 | NetApp, Inc. 495 E. Java Drive Sunnyvale, CA 94089 USA CST Lab: NVLAP 201029-0 | NetApp Cryptographic Security Module (Software Version: 1.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/27/2016 06/10/2016 | 6/9/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux 11 operating on Fujitsu RX300-S6 Server with Intel Xeon SUSE Linux 11 operating on Fujitsu RX200S5 Server with Intel Xeon FreeBSD 9.1 operating on Fujitsu RX300-S6 Server with Intel Xeon FreeBSD 9.1 operating on Fujitsu RX200S5 Server with Intel Xeon Debian Linux 8 operating on Fujitsu RX300-S6 Server with Intel Xeon Debian Linux 8 operating on Fujitsu RX200S5 Server with Intel Xeon Scientific Linux 6.1 operating on Fujitsu RX300-S6 Server with Intel Xeon Scientific Linux 6.1 operating on Fujitsu RX200S5 Server with Intel Xeon. -FIPS Approved algorithms: AES (Cert. #3593); CVL (Cert. #615); DRBG (Cert. #928); DSA (Cert. #998); ECDSA (Cert. #732); HMAC (Cert. #2290); RSA (Cert. #1847); SHS (Cert. #2955); Triple-DES (Cert. #2000) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #615, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-Chip Stand Alone "The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products." |
2647 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYCOS® 3.0 QFN (Hardware Version: 742100004F; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/25/2016 | 5/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3115); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single Chip "SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications." |
2646 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 Brian Wood TEL: +1-973-440-9125 CST Lab: NVLAP 200658-0 | Samsung Flash Memory Protector V1.1 (Hardware Version: 3.0.1; Software Version: 1.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 05/13/2016 | 5/12/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 edge (single-user mode) -FIPS Approved algorithms: AES (Cert. #3839); SHS (Cert. #3163); HMAC (Cert. #2490) -Other algorithms: N/A Multi-Chip Stand Alone "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services." |
2645 | Harris Corporation Communication Systems Division 1680 University Avenue Rochester, NY 14610 USA Esther Betancourt TEL: 585-242-3635 FAX: 585-241-8459 Eric Hackett TEL: 585-241-8168 FAX: 585-241-8459 CST Lab: NVLAP 200928-0 | RF-7800W Broadband Ethernet Radio (Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Versions: 4.10 and 5.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in Section 2.4 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2016 12/02/2016 12/09/2016 | 12/8/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3530 and #3581); Triple-DES (Cert. #1993); DRBG (Cert. #920); SHS (Cert. #2943); HMAC (Cert. #2281); RSA (Cert. #1842); DSA (Cert. #994); KAS (Cert. #69); CVL (Cert. #609) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform." |
2644 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ (Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
2643 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ (Hardware Versions: nC3423E-500, nC3423E-1K5 and nC3423E-6K0, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F2 500+, nShield F2 1500+, nShield F2 6000+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
2642 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock (Hardware Versions: nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N; Firmware Version: 2.61.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
2641 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3023E-010, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F2 10e, nShield F2 500e, nShield F2 1500e, nShield F2 6000e are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
2640 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-010, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.61.2-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Certs. #516 and #532); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10e, nShield F3 500e, nShield F3 1500e, nShield F3 6000e, nShield F3 500e for nShield Connect, nShield F3 1500e for nShield Connect, nShield F3 6000e for nShield Connect are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
2639 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | MiniHSM, MiniHSM for nShield Edge F3, and MiniHSM for Time Stamp Master Clock (Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200, Build Standard N; Firmware Version: 2.61.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The MiniHSM, MiniHSM for nShield Edge F3 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
2638 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ (Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
2637 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B or 910-000117-00A Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6], and 920-000112-00A Rev. A [7]; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 09/08/2016 | 9/7/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870) -Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
2636 | Redline Communications 302 Town Centre Blvd. 4th Foor Markham, ON L3R 0E8 Canada Andrew Spurgeon TEL: 905-479-8344 FAX: 905-479-5331 CST Lab: NVLAP 200928-0 | RDL-3000 and eLTE-MT (Hardware Versions: RDL-3000, eLTE-MT; Firmware Version: 3.1) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3469 and #3472); DRBG (Cert. #854); SHS (Certs. #2866 and #2867); HMAC (Certs. #2216 and #2217); RSA (Cert. #1780); DSA (Cert. #981); KAS (Cert. #63); ECDSA (Cert. #703); CVL (Cert. #541) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The RDL-3000, Elte-MT Broadband Wireless Systems by Redline Communications leverage proven orthogonal frequency-division multiplexing (OFDM) technology to deliver high-speed Ethernet throughput over wireless links." |
2635 | Ciena® Corporation 7035 Ridge Road Hanover, MD 21076 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Packet-Optical Platform 4x10G (Hardware Versions: 2.0 and 3.0; Firmware Version: 2.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 08/15/2016 | 8/14/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3599 and #3600); Triple-DES (Cert. #2004); SHS (Cert. #2962); HMAC (Cert. #2297); DRBG (Cert. #933); RSA (Cert. #1851); ECDSA (Cert. #735); CVL (Cert. #623) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Embedded "The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering." |
2634 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC 1200.2 SSD Self-Encrypting Drive (Hardware Versions: ST400FM0293, ST800FM0213, ST1600FM0023 and ST3200FM0043; Firmware Versions: 3504, 0204, 0205, 0206, FF15, C206, 0207 and FF19) (When installed, initialized and configured as specified in Section 7 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 10/25/2016 08/31/2017 | 10/24/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841) -Other algorithms: NDRNG Multi-Chip Embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate 1200.2 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
2633 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux OpenSSH Client Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/12/2016 06/17/2016 | 6/16/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: CVL (Certs. #700, #701 and #702) -Other algorithms: N/A Multi-Chip Stand Alone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
2632 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL SM 9800 (Hardware Versions: P/N 101-500380-71, Rev. A; Firmware Version: SonicOS v6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/12/2016 06/12/2017 | 5/11/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3403); Triple-DES (Cert. #1925); SHS (Cert. #2816); DSA (Cert. #960); RSA (Cert. #1742); HMAC (Cert. #2171); DRBG (Cert. #815); CVL (Cert. #503) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; NDRNG; MD5; RC4; RSA (non-compliant) Multi-Chip Stand Alone "The SonicWALL™ SuperMassive™ Series is SonicWALL's Next-Generation Firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency." |
2631 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 CST Lab: NVLAP 200928-0 | Intel OpenSSL FIPS Object Module (Software Versions: 2.0.5 and 2.0.8) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2016 | 5/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3) Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3) Linux 3.10 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3) Linux 3.10 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3) -FIPS Approved algorithms: AES (Certs. #3848 and #3849); DRBG (Certs. #1092 and #1093); DSA (Certs. #1051 and #1052); HMAC (Certs. #2496 and #2497); RSA (Certs. #1965 and #1966); SHS (Certs. #3170 and #3171); Triple-DES (Certs. #2119 and #2120); ECDSA (Certs. #831 and #832); CVL (Certs. #735 and #736) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant); Dual EC DRBG Multi-Chip Stand Alone "The Intel OpenSSL FIPS Object Module provides cryptographic services for Intel Security products." |
2630 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux OpenSSH Server Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/02/2016 06/17/2016 | 6/16/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: CVL (Certs. #700, #701 and #702) -Other algorithms: N/A Multi-Chip Stand Alone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
2629 | Zebra Technologies Corporation One Zebra Plaza Holtsville, NY 11742 USA Brian Stormont TEL: 401-276-5751 FAX: 401-276-5889 Gerry Corriveau TEL: 401-276-5667 FAX: 401-276-5889 CST Lab: NVLAP 100432-0 | ZBR-88W8787-WLAN (Hardware Versions: P/N: 88W8787, Version 1.0; Firmware Version: Marvell Firmware Version 14.66.35.p51; Zebra Driver Firmware Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 05/01/2016 | 4/30/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Zebra QLn320 Printer with QNX 6.5.0 -FIPS Approved algorithms: AES (Cert. #3003); HMAC (Cert. #2248); SHS (Cert. #2902) -Other algorithms: SAFER+ Multi-Chip Stand Alone "The ZBR-88W8787-WLAN Module implements cryptographic support for Zebra wireless devices." |
2628 | Giesecke+Devrient Mobile Security GmbH Prinzregentenstrasse 159 Munich D-81677 Germany Alexander Summerer TEL: +49-89/4119-2418 FAX: +49-89/4119-2819 Steffen Heinrich TEL: +49-89/4119-2453 CST Lab: NVLAP 100432-0 | StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element (Hardware Version: SLE78CUFX5000PH (M7893 B11); Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 07/03/2017 | 4/27/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #455); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed); AES (Certs. #2720 and #2721); SHS (Certs. #2288, #2289 and #2290); RSA (Certs. #1506 and #1507); DSA (Cert. #837); ECDSA (Cert. #476); KBKDF (Cert. #18); CVL (Cert. #177) -Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG Single Chip "StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element is a highly secured and integrated smartcard-based platform from Giesecke & Devrient complying with JavaCard Classic 3.0.4 and GlobalPlatform 2.2.1 standards.The Sm@rtCafé Expert 7.0 OS-platform is deployed in national ID, ePassport, authentication and digital signature programs with match-on-card biometric verification.StarSign Crypto-USB Token S is the ideal platform in a USB-Token form factor for secure logical access, online tax declaration, web based online authentication applications using FIDO and certificate" |
2627 | Nuvoton Technology Corporation 4, Creation Road III Hsinchu Science Park Taiwan Yossi Talmi TEL: +972-9-9702364 CST Lab: NVLAP 200556-0 | NPCT6XX TPM 2.0 (Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 1.3.0.1, 1.3.1.0, 1.3.2.8) (When installed, initialized, and configured as specified in the Security Policy Section 8 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 08/25/2016 03/14/2017 | 8/24/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3541 and #3542); CVL (Certs. #593, #594, #595, and #596); KAS (Certs. #66 and #67); ECDSA (Certs. #719 and #720); DRBG (Certs. #898 and #899); HMAC (Certs. #2262 and #2263); RSA (Certs. #1819 and #1820); SHS (Certs. #2919 and #2920) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3541 and #3542, key wrapping, key establishment methodology provides 128 bits of encryption strength) Single Chip "Nuvoton NPCT6XX TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation." |
2626 | Century Longmai Technology Co. Ltd 3rd Floor, Gongkong Building No. 1 Wangzhuang Rd Haidian District Beijing, Vendor State 100083 China Lemon Yang TEL: +86 13810314817 FAX: +86 10 62313636 CST Lab: NVLAP 200658-0 | mToken CryptoID (Hardware Version: SCC-X; Firmware Version: 3.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/14/2016 | 4/13/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1994); AES (Cert. #3582); SHS (Cert. #2944); DRBG (Cert. #921); ECDSA (Cert. #728); RSA (Cert. #1843); HMAC (Cert. #2282); KAS (Cert. #70); CVL (Cert. #610); KAS (SP 800-56Arev2 with CVL Cert. #610, vendor affirmed); KTS (Triple-DES Cert. #1994); KTS (AES Cert. #3582) -Other algorithms: SHS (non-compliant); RSA (key wrapping; non-compliant less than 112 bits of encryption strength); HMAC (non-compliant); NDRNG Multi-Chip Stand Alone "mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with computer device via USB interface in a "plug and play" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc." |
2625 | ECI Telecom Ltd. 30, Hasivim Street Petach Tikvah 49517 Israel Milind Barve TEL: +91-9987537250 FAX: +972-3-928-7100 CST Lab: NVLAP 200556-0 | ECI TR10_4EN Encryption Module (Hardware Versions: Board-Type=0x856B, Revision# D3; Firmware Version: R6.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 | 4/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3551, #3552 and #3576) -Other algorithms: AES (Cert. #3552, key wrapping) Multi-Chip Embedded "TR10_4EN is a ‘1U’ sized card that fits into ECI’s Apollo chassis." |
2624 | Siemens PLM Software Inc. 5800 Granite Parkway Suite 600 Plano, TX 75024 USA Vikas Singh TEL: 651-855-6176 CST Lab: NVLAP 200427-0 | Teamcenter Cryptographic Module (Software Version: 3.0) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/27/2016 | 4/26/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 SP1 (x86 32-bit) running on an HP Compaq Pro 6305 Windows 7 SP1 (x64) running on an HP Compaq Pro 6305 SUSE Linux 11.2 (x64) running on an HP Compaq Pro 6305 Mac OS X 10.11 (x64) running on a Mac Mini (single-user mode) -FIPS Approved algorithms: AES (Cert. #3680); CVL (Cert. #676); DRBG (Cert. #988); DSA (Cert. #1037); ECDSA (Cert. #774); HMAC (Cert. #2426); RSA (Cert. #1901); SHS (Cert. #3094); Triple-DES (Cert. #2058) -Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (CVL Cert. #676, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers." |
2623 | Veritas Technologies LLC 500 East Middlefield Road Mountain View, CA 94043 USA Ravi Mahendrakar CST Lab: NVLAP 201029-0 | Veritas Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/25/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Veritas Cryptographic Module from Veritas provides cryptographic services which are used to encrypt the data at rest and in the secure communication with a trusted third party." |
2622 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - NSS Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/22/2016 | 4/21/2021 | Overall Level: 2 -Physical Security: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3452); Triple-DES (Cert. #1943); DSA (Cert. #971); ECDSA (Cert. #699); RSA (Cert. #1767); SHS (Cert. #2848); HMAC (Cert. #2198); DRBG (Cert. #846) -Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Cert. #3452, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1943, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE Multi-Chip Stand Alone "SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications." |
2621 | Forcepoint 10900-A Stonelake Blvd. Quarry Oaks 1 Ste. 350 Austin, TX 78759 USA Matt Sturm TEL: 858-320-9444 CST Lab: NVLAP 201029-0 | Websense C Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/21/2016 | 4/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense C Crypto Module provides support for cryptographic and secure communications services for these solutions." |
2620 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Palo Alto Networks VM-Series (Software Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/21/2016 09/08/2016 | 9/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): VMware ESXi 5.5 running on PA-VM-ESX-7.0.1.ova or PA-VM-NSX-7.0.1.ova CentOS 6.5 - KVM running on PA-VM-KVM-7.0.1.qcow2 Citrix XenServer 6.1.0 running on PA-VM-SDX-7.0.1.xva (single-user mode) -FIPS Approved algorithms: AES (Cert. #3501); CVL (Certs. #568, #569, #570 and #571); DRBG (Cert. #871); ECDSA (Cert. #714); HMAC (Cert. #2235); RSA (Cert. #1797); SHS (Cert. #2888) -Other algorithms: AES (Cert. #3501, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #569, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features." |
2619 | Vocera Communications, Inc. 525 Race Street San Jose, CA 95126 USA Ammath Keunemany TEL: 408-882-4615 CST Lab: NVLAP 200996-0 | Vocera Cryptographic Module v3.0 (Hardware Version: 88W8787; Firmware Version: 3.0; Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 04/19/2016 | 4/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Vocera Embedded Linux Version 3.0 running on a B3000n badge (single-user mode) -FIPS Approved algorithms: AES (Certs. #3531 and #3532); HMAC (Cert. #2257); SHS (Cert. #2912); RSA (Cert. #1815); DRBG (Cert. #888); CVL (Cert. #586) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5 Multi-Chip Stand Alone "Vocera B3000n Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000n Badge, ensures protected communications using industry-standard secure wireless communication protocols." |
2618 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances (Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.4.3) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/19/2016 08/10/2016 | 8/9/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #3439); CVL (Cert. #525); DRBG (Certs. #332, #336, #819 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247, #1514, #2095 and #2188); RSA (Cert. #1760); SHS (Certs. #1794, #2091, #2737 and #2839); Triple-DES (Certs. #1321, #1513, #1881 and #1937) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
2617 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-4000 Amir Shahhosseini TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | WildFire WF-500 (Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.0.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/18/2016 | 4/17/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); RSA (Cert. #1782); ECDSA (Cert. #713); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; Triple-DES (non-compliant); CAST; ARCFOUR; Blowfish; Camellia; SEED; RC2; RC4; HMAC-MD5; UMAC; HMAC-RIPEMD Multi-Chip Stand Alone "WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks" |
2616 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-3060 and PA-7080 Firewalls (Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B or 910-000117-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/18/2016 09/08/2016 | 9/7/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870) -Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength); Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures." |
2615 | Mojo Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0 | AirTight Wireless Sensor (Hardware Versions: C-75 and C-75-E with Tamper Evident Seal Kit: C-TPL-A; Firmware Version: 7.2.FIPS.04) (When operated in FIPS mode and with tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/12/2016 04/14/2016 04/15/2016 04/19/2016 | 4/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3766); CVL (Cert. #710); DRBG (Cert. #1036); HMAC (Cert. #2465); KBKDF (Cert. #77); KTS (AES Cert. #3766 and HMAC Cert. #2465; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1937); SHS (Cert. #3135) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks." |
2614 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Crypto Engine Core (Hardware Version: 5.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/11/2016 | 4/10/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1980); AES (Cert. #3526); SHS (Cert. #2909); HMAC (Cert. #2254) -Other algorithms: DES; AEAD Single Chip "QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments." |
2613 | Nokia Corporation 600 March Road Ottawa, ON K2K 2E6 Canada Carl Rajsic CST Lab: NVLAP 200556-0 | SR-OS Cryptographic Module (Firmware Version: 13.0R4) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 04/11/2016 | 4/10/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SR-OS 13.0R4 on CPM-7950 XRS-20 CPM SR-OS 13.0R4 on CPM-7950 XRS-16 CPM SR-OS 13.0R4 on CPM-7750 SR CPM5 SR-OS 13.0R4 on CFP-7750 SR-c12 CFM-XP-B SR-OS 13.0R4 on CPM-7750 SR-a -FIPS Approved algorithms: AES (Cert. #3484); Triple-DES (Cert. #1965); RSA (Cert. #1789); HMAC (Cert. #2226); SHS (Cert. #2878); DRBG (Cert. #861); DSA (Cert. #985); CVL (Cert. #560) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it." |
2612 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Pseudo Random Number Generator (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2016 06/12/2017 | 4/7/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #885); SHS (Certs. #2908 and #2930) -Other algorithms: NDRNG Single Chip "QTI Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG." |
2611 | Silent Circle 4210 Fairfax Corner West Ave. Suite 215 Fairfax, VA 22033 USA Eric Carter Allen Stone CST Lab: NVLAP 201029-0 | Java Crypto Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/07/2016 06/20/2016 03/13/2017 | 6/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG; Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "The Java Crypto Module provides cryptographic functions for SilentOS from Silent Circle." |
2610 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA OS X El Capitan v10.11 running on iMac with i7 CPU with PAA OS X El Capitan v10.11 running on iMac with i7 CPU without PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847); CVL (Certs. #722, #723, #724, #725, #726, #727, #728 and #729); DRBG (Certs. #1059, #1060, #1061, #1062, #1063, #1064, #1065, #1066, #1067, #1068, #1069, #1070, #1071, #1072, #1073, #1074, #1075, #1076, #1077, #1078, #1079, #1080, #1081 and #1091); ECDSA (Certs. #820, #821, #822, #823, #824, #825, #826 and #827); HMAC (Certs. #2325, #2326, #2327, #2328, #2329, #2330, #2331, #2332, #2333, #2334, #2335, #2336, #2337, #2338, #2339, #2340, #2341, #2342, #2343, #2344, #2345, #2346, #2347, #2348, #2479, #2480, #2481, #2482, #2483, #2484, #2485 and #2486); KTS (AES Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1953, #1954, #1955, #1956, #1957, #1958, #1959 and #1960); SHS (Certs. #2991, #2992, #2993, #2994, #2995, #2996, #2997, #2998, #2999, #3000, #3001, #3002, #3003, #3004, #3005, #3006, #3007, #3008, #3009, #3010, #3011, #3012, #3013, #3014, #3152, #3153, #3154, #3155, #3156, #3157, #3158 and #3159); Triple-DES (Certs. #2106, #2107, #2108, #2109, #2110, #2111, #2112 and #2113); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
2609 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 9.0 running on iPhone4S with Apple A5 CPU iOS 9.0 running on iPhone5 with Apple A6 CPU iOS 9.0 running on iPhone5S with Apple A7 CPU iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU iOS 9.0 running on iPad (4th generation) with Apple A6X CPU iOS 9.0 running on iPad Air 2 with Apple A8X CPU iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747); DRBG (Certs. #1017, #1018, #1020, #1021, #1022, #1023, #1024, #1025 and #1026); ECDSA (Certs. #791, #792, #794, #795, #796, #797, #798, #799 and #800); HMAC (Certs. #2349, #2350, #2351, #2352, #2353, #2354, #2355, #2356, #2357, #2442, #2443, #2445, #2446, #2447, #2448, #2449, #2450 and #2451); RSA (Certs. #1918, #1919, #1921, #1922, #1923, #1924, #1925, #1926 and #1927); SHS (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3111, #3112, #3114, #3115, #3116, #3117, #3118, #3119 and #3120); Triple-DES (Certs. #2076, #2077, #2079, #2080, #2081, #2082, #2083, #2084 and #2085); KTS (AES Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RIPEMD; RC2; RC4; RFC6637 KDF; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
2608 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Adam Elshama TEL: 978-614-8327 CST Lab: NVLAP 200556-0 | SBC 5110 and 5210 Session Border Controllers (Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3480 and #3481); CVL (Certs. #554, #555 and #556); DRBG (Cert. #859); ECDSA (Cert. #708); HMAC (Certs. #2222 and #2223); RSA (Cert. #1787); SHS (Certs. #2874 and #2875); Triple-DES (Certs. #1961 and #1962) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
2607 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Secure Kernel Code Integrity (skci.dll) in Microsoft Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] (single-user mode) -FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048) -Other algorithms: MD5 Multi-Chip Stand Alone "Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed." |
2606 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #575, #576, #663 and #664); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024) -Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography." |
2605 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #576 and #663); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024) -Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)." |
2604 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048) -Other algorithms: AES (non-compliant); MD5 Multi-Chip Stand Alone "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk." |
2603 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498) -Other algorithms: N/A Multi-Chip Stand Alone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
2602 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) -Other algorithms: MD5 Multi-Chip Stand Alone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
2601 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) -Other algorithms: MD5; NDRNG Multi-Chip Stand Alone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
2600 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-Chip Stand Alone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
2599 | IBM 222 South Riverside Plaza Suite 1700 Chicago, Illinois 60606 US Mark Seaborn TEL: (312) 423-6640 Jason Resch TEL: (312) 423-6640 CST Lab: NVLAP 200002-0 | IBM Cloud Object Storage System’s™ FIPS Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/01/2016 04/12/2016 03/31/2017 | 4/11/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): ClevOS 3.8.0-FIPS-EDITION running on Intel Xeon with PAAClevOS 3.8.0-FIPS-EDITION running on Intel Xeon without PAAClevOS 3.8.2.19-FIPS-EDITION running on Intel Xeon with PAAClevOS 3.8.2.19-FIPS-EDITION running on Intel Xeon without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3611, #3612 and #4422); CVL (Certs. #630, #631 and #1137); DRBG (Certs. #941, #942 and 1428); DSA (Certs. #1006, #1007 and #1186); ECDSA (Certs. #743, #744 and #1071); HMAC (Certs. #2318, #2319 and #2935); RSA (Certs. #1858, #1859 and #2409); SHS (Certs. #2984, #2985 and #3640); Triple-DES (Certs. #2011, #2012 and #2380) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "The IBM Cloud Object Storage System’s™ FIPS Object Module is a full featured general purpose cryptographic library that is distributed as a component of ClevOS™ FIPS Edition, the underlying technology for IBM Cloud Object Store Appliances." |
2598 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Harjit Dhillon TEL: 916-501-1426 Steve Wierenga TEL: 650-265-3660 CST Lab: NVLAP 100432-0 | HPE Enterprise Secure Key Manager (Hardware Versions: P/Ns C8Z61AA, Versions 4.0 [1] and 4.1 [2]; Firmware Versions: 6.0.0-51 [1] and 6.1.0-14 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/01/2016 | 3/31/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3427 and #3428); CVL (Certs. #517, #518, #519, #520, #521 and #522); DRBG (Certs. #826, #827, #828 and #829); HMAC (Certs. #2179 and #2180); RSA (Certs. #1753 and #1754); SHS (Certs. #2827 and #2828); Triple-DES (Certs. #1932 and #1933) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES; MD5; RC4; RSA (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); SHS (non-compliant); SNMPv3 KDF (non-compliant); AES (non-compliant) Multi-Chip Stand Alone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover." |
2597 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/29/2016 | 3/28/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA OS X El Capitan v10.11 running on iMac with i7 CPU with PAA OS X El Capitan v10.11 running on iMac with i7 CPU without PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796); DRBG (Certs. #1047, #1048, #1049, #1050, #1051, #1052, #1053, #1054, #1055, #1056, #1057 and #1058); ECDSA (Certs. #816, #817, #818 and #819); HMAC (Certs. #2358, #2359, #2360, #2361, #2362, #2363, #2364, #2365, #2366, #2367, #2368, #2369, #2370, #2371, #2372, #2373, #2475, #2476, #2477 and #2478); KTS (AES Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1949, #1950, #1951 and #1952); SHS (Certs. #3024, #3025, #3026, #3027, #3028, #3029, #3030, #3031, #3032, #3033, #3034, #3035, #3036, #3037, #3038, #3039, #3148, #3149, #3150 and #3151); Triple-DES (Certs. #2102, #2103, #2104 and #2105); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
2596 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9300 P (Hardware Versions: P/N NS-9300 P, Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2595 | Chunghwa Telecom Co., Ltd. No.99, Dianyan Road Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card Cryptographic Module (Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.2) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 | 3/28/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #614); DRBG (Cert. #927); ECDSA (Cert. #731); RSA (Cert. #1846); SHS (Cert. #2953); Triple-DES (Cert. #1999) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Certs. #1999, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single Chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
2594 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/29/2016 | 3/28/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 9.0 running on iPhone4S with Apple A5 CPU with AES hardware acceleration iOS 9.0 running on iPhone4S with Apple A5 CPU without AES hardware acceleration iOS 9.0 running on iPhone5 with Apple A6 CPU with AES hardware acceleration iOS 9.0 running on iPhone5 with Apple A6 CPU without AES hardware acceleration iOS 9.0 running on iPhone5S with Apple A7 CPU iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware acceleration iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware acceleration iOS 9.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware acceleration iOS 9.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware acceleration iOS 9.0 running on iPad Air 2 with Apple A8X CPU iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750); CVL (Certs. #683, #684, #685, #686, #687, #688, #689, #690, #691, #692, #693, #694, #695 and #698); DRBG (Certs. #989, #990, #991, #992, #993, #994, #995, #996, #997, #999, #1000, #1001, #1002, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012, #1013, #1014, #1015 and #1016); ECDSA (Certs. #777, #778, #779, #780, #781, #782, #783, #784, #785, #786, #787, #788, #789 and #793); HMAC (Certs. #2302, #2304, #2306, #2307, #2309, #2310, #2311, #2312, #2313, #2314, #2315, #2316, #2317, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440 and #2444); KTS (AES Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1904, #1905, #1906, #1907, #1908, #1909, #1910, #1911, #1912, #1914, #1915, #1916, #1919 and #1920); SHS (Certs. #2968, #2970, #2972, #2973, #2974, #2975, #2976, #2977, #2978, #2979, #2980, #2981, #2982, #2983, #3096, #3097, #3098, #3099, #3100, #3101, #3102, #3103, #3104, #3105, #3106, #3107, #3108 and #3113); Triple-DES (Certs. #2060, #2061, #2062, #2063, #2064, #2065, #2066, #2067, #2068, #2069, #2070, #2071, #2072 and #2078); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
2593 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9300 S (Hardware Versions: P/N NS-9300 S, Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2592 | Zebra Technologies Corporation One Zebra Plaza Holtsville, NY 11742 USA Robert Pang TEL: 631-738-5419 FAX: n/a Mariya Wright TEL: 914-574-8189 FAX: 631-738-4656 CST Lab: NVLAP 100432-0 | Zebra DCS Cryptographic Library (Firmware Versions: DAACVS00-001-R00, DAACWS00-001-R00 or DAACUS00-001-R00) (This validation entry is a non-security relevant modification to Cert. #1467) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/25/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): LI3678 with uC/OS-II v2.85 DS3678 and DS8178 with TreadX v6.5 STB3678 with uC/OS-II v2.85 FLB3678 and CR8178 with uC/OS-II v2.85 -FIPS Approved algorithms: AES (Certs. #3856, #3857 and #3858); HMAC (Certs. #2504, #2505 and #2506); SHS (Certs. #3178, #3179 and #3180) -Other algorithms: N/A Multi-Chip Stand Alone "The Zebra DCS Cryptographic Library provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Embedded devices which include cordless scanners, cradles and terminals." |
2591 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9100 and NS-9200 (Hardware Versions: P/Ns NS-9100 Versions 1.2 and 1.3 and NS-9200 Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT2; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2590 | ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 USA Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0 | CoSign (Hardware Version: 7.0; Firmware Version: 7.7) (When operated in FIPS Mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 | 3/23/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #2074 and #2087); Triple-DES MAC (Triple-DES Cert. #2087, vendor affirmed); SHS (Certs. #3109 and #3122); HMAC (Certs. #2441 and #2453); DRBG (Certs. #1028 and #98); RSA (Cert. #1929); CVL (Certs. #697); PBKDF (vendor affirmed) -Other algorithms: NDRNG; MD5; Triple-DES (Cert. #2074, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant); Triple-DES (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant) Multi-Chip Stand Alone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data." |
2589 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Adam Elshama TEL: 978-614-8327 CST Lab: NVLAP 200556-0 | SBC 7000 Session Border Controller (Hardware Version: SBC 7000; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 | 3/23/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3482 and #3483); CVL (Certs. #557, #558 and #559); DRBG (Cert. #860); ECDSA (Cert. #709); HMAC (Certs. #2224 and #2225); RSA (Cert. #1788); SHS (Certs. #2876 and #2877); Triple-DES (Certs. #1963 and #1964) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "The SBC 7000 Session Border Controller is a high-performance air-cooled, 5U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
2588 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Inline Crypto Engine (SDCC) (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2016 | 3/21/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3556 and #3558) -Other algorithms: N/A Single Chip "QTI Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption." |
2587 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Dr. W Houston, TX 77070 USA Ramesh Narayanan TEL: +91 80 338 65384 Rituparna Mitra TEL: +91 80 251 65735 CST Lab: NVLAP 200928-0 | HP BladeSystem Onboard Administrator Firmware (Firmware Version: 4.40) (When installed, initialized and configured as indicated in the Security Policy in Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure -FIPS Approved algorithms: AES (Cert. #3333); CVL (Cert. #487); DRBG (Cert. #780); HMAC (Cert. #2124); RSA (Cert. #1712); SHS (Certs. #2766, #2767 and #2768); Triple-DES (Cert. #1903) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure." |
2586 | Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middlesex NW10 0UF United Kingdom Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 Francesco Rivieccio TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0 | Integral AES 256 Bit Crypto SSD Underlying PCB (Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INIS2564GCR140(R); INIS25128GCR140(R); INIS25256GCR140(R); INIS25512GCR140(R); INIS251TCR140(R); INIS252TCR140(R); INSSD64GS625M7CR140(R); INSSD128GS625M7CR140(R); INSSD256GS625M7CR140(R); INSSD512GS625M7CR140(R); INSSD1TS625M7CR140(R); INSSD2TS625M7CR140(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); INIS1864GCR140(R); INIS18128GCR140(R); INIS18256GCR140(R); INIS18512GCR140(R); INIS181TGCR140(R); INIS182TGCR140(R); INISHS64GCR140(R); INISHS128GCR140(R); INISHS256GCR140(R); INISHS512GCR140(R); INISHS1TCR140(R); INISHS2TCR140(R); INSSD128GM2M2260C140(R); INSSD256GM2M2260C140(R); INSSD512GM2M2260C140(R); INSSD1TM2M2260C140(R); INIM26064GCR140(R); INIM260128GCR140(R); INIM260256GCR140(R); INIM260512GCR140(R); INIM2601TCR140(R); INIM2602TCR140(R); INSSD64GM2M2280C140(R); INSSD128GM2M2280C140(R); INSSD256GM2M2280C140(R); INSSD512GM2M2280C140(R); INSSD1TGM2M2280C140(R); INIM28064GCR140(R); INIM280128GCR140(R); INIM280256GCR140(R); INIM280512GCR140(R); INIM2801TCR140(R); INIM2802TCR140(R); INSSD64GMSA6MCR140(R); INSSD128GMSA6MCR140(R); INSSD256GMSA6MCR140(R); INSSD512GMSA6MCR140(R); INSSD1TMSA6MCR140(R); INIMSA64GCR140(R); INIMSA128GCR140(R); INIMSA256GCR140(R); INIMSA512GCR140(R); INIMSA1TCR140(R); INIMSA2TCR140(R); INIM24264GCR140(R); INIM242128GCR140(R); INIM242256GCR140(R); INIM242512GCR140(R); INIM2421TCR140(R); INIM2422TCR140®; Firmware Version: S5FDM018) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/21/2016 06/21/2017 | 3/20/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2175); DRBG (Cert. #254); HMAC (Cert. #1335); SHS (Cert. #1887) -Other algorithms: NDRNG Multi-Chip Stand Alone "Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in 32 GB, 64 GB, 128 GB, 256 GB, 512 GB, 1 TB and 2 TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)." |
2585 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Greg Lazar TEL: 508-249-7822 Tom Dibb TEL: 508-249-7660 CST Lab: NVLAP 200556-0 | VNX 6 Gb/s SAS I/O Module with Encryption from EMC (Hardware Versions: 1.1.1-303-161-103B-04 and 1.2.1-303-224-000C-03; Firmware Version: 2.09.36) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3502 and #3512); KTS (AES Certs. #3502 and #3512) -Other algorithms: N/A Multi-Chip Embedded "The VNX 6Gb/s SAS I/O Module with Encryption is an optimized solution for native SAS/SATA HBA applications. It is the heart of any VNX storage system, providing the interface to the physical storage media. Its benefits include cost and universal drive support for SAS and SATA disks. The VNX 6Gb/s SAS I/O Module with Encryption is a high-density SAS controller solution that significantly increases total system performance, diagnostics, scalability and manageability. It provides the highest density, lowest power/port SAS controller solution available." |
2584 | Advantech B+B Smartworx Westlink Commercial Park Oranmore Co. Galway Ireland Paul Conway TEL: +353 91 792444 FAX: +353 91 792445 CST Lab: NVLAP 200556-0 | Advantech B+B SmartWorx Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Conel Linux 5 running on a Spectre V3 LTE (single-user mode) -FIPS Approved algorithms: AES (Certs. #3515 and #3516); CVL (Cert. #587); DRBG (Cert. #877); HMAC (Cert. #2244); RSA (Cert. #1805); SHS (Certs. #2896, #2897 and #2898); Triple-DES (Certs. #1974 and #1975) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1974, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Advantech B+B SmartWorx Cryptographic Module is a software module that provides cryptographic services to Advantech B+B SmartWorx products. The module provides a number of FIPS 140 validated cryptographic algorithms for services such as IPsec. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module." |
2583 | Box, Inc. 900 Jefferson Ave Redwood City, CA 94063 USA Crispen Maung TEL: 877-729-4269 CST Lab: NVLAP 200968-0 | Box JCA Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Scientific Linux 6.4 with JRE 1.6.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610) Scientific Linux 6.4 with JRE 1.7.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610) (single-user mode) -FIPS Approved algorithms: AES (Cert. #2666); DRBG (Cert. #429); HMAC (Cert. #1657); SHS (Cert. #2239) -Other algorithms: AES (non-compliant); Blowfish; DES; Triple-DES (non-compliant); RC2; Diffie-Hellman (non-compliant); PBE (non-compliant); ARCFOUR; RSA (non-compliant); HMAC-MD5; PBKDF (non-compliant); DSA (non-compliant); MD2; MD5; PRNG (non-compliant); NDRNG Multi-Chip Stand Alone "Box JCA Cryptographic Module is a Java Cryptography Architecture provider that provides encryption, hashing and random number generation utilizing FIPS 140-2 validated algorithms." |
2582 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 Kernel Crypto API Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with Network Security Services (NSS) Module validated to FIPS 140-2 under Cert. #2564 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/16/2016 04/12/2016 | 4/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3145, #3146, #3147, #3148, #3149, #3150, #3151, #3152, #3218 and #3219); DRBG (Certs. #639, #640, #641, #642, #643, #644, #645 and #646); DSA (Certs. #892, #893, #894, #895, #909 and #910); HMAC (Certs. #1933, #1934, #1935, #1936, #1985 and #1986); SHS (Certs. #2607 and #2608); Triple-DES (Certs. #1797 and #1798) -Other algorithms: DES; SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant); HMAC SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.6 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
2581 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA Peter Kim TEL: 408-321-6300 CST Lab: NVLAP 201029-0 | FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402 (Hardware Versions: HX 4400, HX 4400D, HX 4402, HX 9402; Firmware Version: 3.1.0) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2016 | 3/13/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye HX series appliances enable security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management, and network security products, apply intelligence from FireEye to continuously validate Indicators of Compromises on the endpoints and identify if a compromise has occurred and assess the potential risk." |
2580 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA Peter Kim TEL: 408-321-6300 CST Lab: NVLAP 201029-0 | FireEye MX Series: MX 900, MX 8400 (Hardware Versions: MX 900, MX 8400; Firmware Version: 2.0.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2016 | 3/13/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye MX series appliances are mobile management platforms that work in conjunction with the FireEye MTP App to assimilate and disperse threat information to mobile endpoints, and offer integration with MDM solutions for a true detect to fix solution." |
2579 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Inline Crypto Engine (UFS) (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/11/2016 | 3/10/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3555 and #3557) -Other algorithms: N/A Single Chip "QTI Inline Crypto Engine (UFS) provides high throughput storage data encryption and decryption." |
2578 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: 404-348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security Network Intrusion Prevention System Version 4.6.2 (Hardware Versions: GX4004, GX5008C, GX5008SFP, GX5208C, GX5208SFP, GX7412 and GX7800 with Tamper Evident Label Kit: 00VM255; Firmware Version: 4.6.2) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/07/2016 | 3/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3204 and #3210); DRBG (Certs. #679 and #682); ECDSA (Certs. #588 and #591); HMAC (Certs. #2018 and #2023); RSA (Certs. #1633 and #1635); SHS (Certs. #2651 and #2657); Triple-DES (Certs. #1825 and #1827) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Network Intrusion Prevention System (NIPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration." |
2577 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 512-319-2480 FAX: n/a CST Lab: NVLAP 201029-0 | Aruba Linux Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG, Dual EC DRBG Multi-Chip Stand Alone "The Aruba Linux Cryptographic Module implements full and approved cryptographic algorithm support, including Suite B algorithm compliance, for Aruba products. It provides secure key management, data integrity, data at rest encryption, and secure communications." |
2576 | Zinc Inc. 55 New Montgomery Street, Ste. 888 San Francisco, CA 94105 USA Evan Owen TEL: 877-586-5682 CST Lab: NVLAP 201029-0 | Zinc Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 08/08/2016 | 8/7/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Zinc Cryptographic Module provides cryptographic functions for Zinc Inc.’s mobile applications." |
2575 | Cellcrypt 6121 Lincolnia Rd Suite 100 Alexandria, VA 22312 USA Richard Chen TEL: 571-243-9445 CST Lab: NVLAP 100432-0 | Cellcrypt Secure Core 3 FIPS 140-2 Module (Software Version: 2.0.10) (When operated in FIPS mode and built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) (single user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3264); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #472); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #723); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #933); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #620); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2063); RSA (Certs. #1086, #1145, #1205, #1273, #1477, #1535, #1581 and #1664); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2702); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1853) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "Cellcrypt Secure Core 3 FIPS 140-2 Module Version 2.0.10 is a cryptographic software library providing privacy, authentication and integrity services. There are three major protocol groups supported:- Offline or store-and-forward based protocols- File storage and message attachments- Online or session-based protocols" |
2574 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Dr. W Houston, TX 77070 USA Luis Luciani TEL: 1-281-518-6762 CST Lab: NVLAP 200928-0 | iLO 4 Cryptographic Module (Hardware Versions: GLP-4: 531510-004 [1], GLP-3: 531510-003 [2] and Sabine: 610107-002 [3]; Flash Memory: (820595-001 [1,2,3]); NVRAM: (820597-001 [1]), (820596-001 [2,3]); DDR3 SDRAM: (820594-001 [1,2,3]); Firmware Version: 2.11) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3398, #3399, #3400 and #3401); CVL (Cert. #502); DRBG (Cert. #814); DSA (Cert. #959); ECDSA (Cert. #676); HMAC (Cert. #2169); RSA (Cert. #1740); SHS (Cert. #2814); Triple-DES (Cert. #1924) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5 Multi-Chip Embedded "The HP Integrated Lights-Out 4 (HP iLO 4) built into HP ProLiant Gen8 and Gen9 servers is an autonomous secure management component embedded directly on the server motherboard. iLO helps simplify initial server setup, power and thermal optimization, remote server administration, and provides server health monitoring with the HP Active Health System (AHS)." |
2573 | Aruba a Hewlett Packard Enterprise Company 3333 Scott Blvd. Santa Clara, CA 95054 USA Steve Weingart TEL: 512-319-2480 FAX: n/a CST Lab: NVLAP 100432-0 | Aruba Common Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/01/2016 02/28/2017 | 2/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise 32-bit User Mode running on an IBM ThinkPad Lenovo Windows 7 Enterprise 64-bit User Mode running on an IBM ThinkPad Lenovo Android 4.0 running on a Droid 3 Smartphone Red Hat Enterprise Linux 6 with Linux 2.6 Kernel (32-bit) running on a Dell Dimension 9200 iOS9 running on an iPad 2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2744 and #2746); CVL (Certs. #265 and #266); DRBG (Certs. #496 and #498); ECDSA (Certs. #499 and #500); HMAC (Certs. #1721 and #1722); RSA (Certs. #1483 and #1484); SHS (Certs. #2316 and #2317); Triple-DES (Certs. #1652 and #1653) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX; AES XCBC; AES MAC (non-compliant); RSAES-OAEP Multi-Chip Stand Alone "The Aruba Common Cryptographic Module Version 1.0 is a software shared library that provides cryptographic services required by Aruba software applications." |
2572 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 S (Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/25/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2571 | Canon U.S.A., Inc. One Canon Park Melville, NY 11747 USA Jiuyuan Ge TEL: 631-330-5774 CST Lab: NVLAP 200427-0 | Canon imageRUNNER Crypto Module 2.1.1.1 for MEAP (Software Version: 2.1.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/25/2016 | 2/24/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): MontaVista Linux running on a Canon imageRUNNER with MEAP SDK 4.60 SP4 and CDC 1.1 Foundation Profile 1.1 with optional JCE provider package (single-user mode) -FIPS Approved algorithms: AES (Cert. #3442); CVL (Cert. #528); DRBG (Cert. #840); DSA (Cert. #969); ECDSA (Cert. #694); HMAC (Cert. #2191); KBKDF (Cert. #60); KTS (AES Cert. #3442); RSA (Cert. #1763); SHS (Cert. #2842); Triple-DES (Cert. #1939) -Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; HMAC-MD5; MD4; MD5; NDRNG; PBE; RC2; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Triple-DES (Cert. #1939, key wrapping; key establishment methodology provides 112 bits of encryption strength); Multi-Chip Stand Alone "Canon imageRUNNER Crypto Module for MEAP security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements" |
2570 | Certicom Corp. 4701 Tahoe Blvd., Building A Mississauga, Ontario L4W 0B5 Canada Certicom Support TEL: 905-507-4220 FAX: n/a Certicom Sales TEL: 905-507-4220 FAX: n/a CST Lab: NVLAP 200928-0 | Security Builder® Linux Kernel Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/23/2016 | 2/22/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with PAA CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without PAA Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953) -Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG Multi-Chip Stand Alone "Certicom Security Builder® Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel." |
2569 | Hiddn Security AS Nedre Slottgate 25 Oslo 0157 Norway Atle Haga TEL: +47 92452750 FAX: +47 38104499 Terje Leira TEL: +47 91112899 FAX: +47 38104499 CST Lab: NVLAP 100432-0 | CM1+ (Hardware Versions: PCBA P/N HGD-59400200 with PCB P/N HGD-59300039, Rev C; Firmware Versions: CM1+ HW v1.8.7.4, CM1+ FW v1.8.7.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2016 | 2/21/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3362) -Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength) Multi-Chip Embedded "The CM1+ is a 256-bit AES hardware encryption engine for protection of data at rest. The unit operates on the SATA protocol independent of the storage device, which allows encryption of disk drives of various storage capacities." |
2568 | Security First Corp. 29811 Santa Margarita Parkway Suite 600 Rancho Santa Margarita, CA 92688 USA Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092 CST Lab: NVLAP 100432-0 | SecureParser® (Software Version: 4.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2016 10/03/2016 12/23/2016 | 12/22/2021 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Android 5.0 running on a Samsung Galaxy S5Android 5.1 running on a Samsung Galaxy S5Android 5.1 running on a Samsung Galaxy S6Android 5.1 running on a Samsung Galaxy Note5Android 6.0 running on a Samsung Galaxy S5Android 6.0 running on a Samsung Galaxy S6Android 6.0 running on a Samsung Galaxy Note5 Android 6.0 running on a Samsung Galaxy S7Microsoft Windows Server 2008 R2 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows Server 2008 R2 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows Server 2012 R2 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows Server 2012 R2 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 7 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows 7 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 8.1 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows 8.1 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 10 64-bit running on a Microsoft Surface Pro 4 with PAAMicrosoft Windows 10 64-bit running on a Microsoft Surface Pro 4 without PAARed Hat Enterprise Linux 6.7 64-bit running on a Dell Optiplex 7010 with PAARed Hat Enterprise Linux 6.7 64-bit running on a Dell Optiplex 7010 without PAARed Hat Enterprise Linux 7.2 64-bit running on a Dell Optiplex 7010 with PAARed Hat Enterprise Linux 7.2 64-bit running on a Dell Optiplex 7010 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4071 and #4148); DRBG (Certs. #1220 and #1260); ECDSA (Certs. #918 and #954); HMAC (Certs. #2658 and #2719); KTS (AES Cert. #4071 and AES Cert. #4148; key establishment methodology provides between 128 and 256 bits on encryption strength); RSA (Certs. #2203 and #2260); SHS (Certs. #3354 and #3415) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Stand Alone "The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available." |
2567 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security XGS 3100, XGS 4100, XGS 5100, and XGS 7100 (Hardware Versions: XGS 3100, XGS 4100, XGS 5100 and XGS 7100; FIPS-LABELS: FIPS 140 tamper evidence labels P/N 00VM255; Firmware Versions: 5.3.1 and 5.3.3) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/19/2016 12/20/2016 | 12/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3280, #3282, #3283, #3284, #3307, #3308, #3309 and #3310); CVL (Certs. #463, #465, #466 and #467); DRBG (Certs. #738, #740, #741, #742, #756, #757, #758 and #759); DSA (Certs. #937, #939, #940 and #941); ECDSA (Certs. #633, #635, #636, #637, #640, #641, #642 and #643); HMAC (Certs. #2077, #2079, #2080, #2081, #2099, #2100, #2101 and #2102); RSA (Certs. #1677, #1679, #1680, #1681, #1691, #1692, #1693 and #1694); SHS (Certs. #2718, #2720, #2721, #2722, #2740, #2741, #2742 and #2743); Triple-DES (Certs. #1867, #1869, #1870, #1871, #1883, #1884, #1885 and #1886) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Network Intrusion Prevention System (IPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration. The XGS 3100, XGS 4100, XGS 5100, and XGS 7100 can be securely managed via SiteProtector, which is a central management console" |
2566 | Skyhigh Networks 900 E. Hamilton Ave. Suite 400 Campbell, CA 95008 USA Skyhigh Networks CST Lab: NVLAP 201029-0 | Java Crypto Module (Hardware Version: N/A; Firmware Version: N/A; Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/18/2016 | 2/17/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "The Java Crypto Module provides cryptographic functions for Skyhigh Networks cloud visibility and enablement products." |
2565 | Hiddn Security AS Nedre Slottgate 25 Oslo 0157 Norway Atle Haga TEL: +47 92452750 FAX: +47 38104499 Terje Leira TEL: +47 91112899 FAX: +47 38104499 CST Lab: NVLAP 100432-0 | coCrypt CM1+ (Hardware Versions: PCBA P/N HGD-59401600 with PCB P/N HGD-59300063, Rev G; Firmware Versions: coCrypt CM1+ HW v1.8.8.4, CM1+ FW v1.8.7.5, Host Controller FW v1.0.5.8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/18/2016 | 2/17/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3362) -Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength) Multi-Chip Embedded "The coCrypt CM1+ is a 256-bit AES hardware encryption engine which encrypts data either to a replacable microSD storage card or an USB flash drive. The unit allows the user to expand the storage capacity whenever needed." |
2564 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 NSS Module (Software Version: 3.14.3-22) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/17/2016 | 2/16/2021 | Overall Level: 2 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on System x3500 M4 without PAA -FIPS Approved algorithms: AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087); CVL (Certs. #368, #369, #370 and #371); DRBG (Certs. #603, #604, #605 and #606); DSA (Certs. #892, #893, #894 and #895); ECDSA (Certs. #554, #555, #556 and #557); HMAC (Certs. #1933, #1934, #1935 and #1936); RSA (Certs. #1577, #1578, #1579 and #1580); SHS (Certs. #2549, #2550, #2551 and #2552); Triple-DES (Certs. #1776, #1777, #1778 and #1779) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; MD2; RC2; Camellia; J-PAKE; DES; SEED; Triple-DES (Certs. #1776, #1777, #1778 and #1779, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CTS block chaining mode Multi-Chip Stand Alone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/" |
2563 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security SiteProtector System Cryptographic Module (Software Version: 3.1.1) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/17/2016 | 2/16/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Server 2012 R2 Standard running on IBM Security SP 4001 with Intel Core i7-2600 @ 3.4GHz (1-CPU / 4-core) processor (single-user mode) -FIPS Approved algorithms: AES (Cert. #3279); CVL (Cert. #462); DRBG (Cert. #737); ECDSA (Cert. #632); HMAC (Cert. #2076); RSA (Cert. #1676); SHS (Cert. #2717); Triple-DES (Cert. #1866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #462, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-Chip Stand Alone "SiteProtector is a centralized management system that unifies management and analysis for network, server, and desktop protection agents and small networks or appliances. The SiteProtector is used as the central controlling point for IBM ISS appliances deployed on the network." |
2562 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Version: 2.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/17/2016 | 2/16/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3337, #3346, #3347 and #3348); CVL (Cert. #491); DRBG (Cert. #779); ECDSA (Cert. #661); HMAC (Cert. #2128); KAS (Cert. #58); RSA (Cert. #1727); SHS (Cert. #2772); Triple-DES (Cert. #1907) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC (also known as Traffic Flow Security or TFS) transmission security capability can be used to remove patterns from" |
2561 | Medtronic Care Management Services, LLC 7980 Century Blvd Chanhassen, MN 55317 USA Brian Golden TEL: 888-243-8881 Ben Lange TEL: 888-243-8881 CST Lab: NVLAP 100432-0 | CC FM TLS/SRTP (Software Version: 1.0.2) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/16/2016 03/22/2016 | 3/21/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Server 2008 R2 (x64) running on Intel Xeon E5620 (Dell PowerEdge R710), Android 4.0.4 running on ARM TI OMAP 4430 (Samsung Galaxy Tab 2) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3349); CVL (Certs. #494 and #495); DRBG (Certs. #794 and #795); HMAC (Cert. #2132); RSA (Cert. #1716); SHS (Cert. #2776) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SRTP-KDF (non-compliant); NDRNG Multi-Chip Stand Alone "CC FM TLS/SRTP facilitates secure communication for the TLS and SRTP protocols." |
2560 | Unisys Corporation 801 Lakeview Drive Suite 100 Blue Bell, PA 19422 USA Ralph Farina TEL: 610-648-3460 Timothy McCaffrey TEL: 610-648-4477 CST Lab: NVLAP 200928-0 | Unisys Linux Kernel Cryptographic API Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 11) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA and with PCLMULQDQ and SSSE 3 Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ and SSSE3 Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ and Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ and SSSE3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3513 and #3519); HMAC (Certs. #2246 and #2247); SHS (Certs. #2900 and #2901) -Other algorithms: N/A Multi-Chip Stand Alone "The Unisys Linux Kernel Cryptographic API Module is a software-only cryptographic module that comprises a set of Linux kernel modules. It provides general purpose cryptographic services to the remainder of the Linux kernel." |
2559 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Gary Sturdivant TEL: 1-650-427-4429 Eric Betts TEL: 1-650-427-1902 CST Lab: NVLAP 200928-0 | VMware Horizon JCE (Java Cryptographic Extension) Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Horizon 6, version 6.2 with Sun JRE 1.8 on Windows Server 2012R2 Datacenter hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630 Horizon 6, version 6.2 with Sun JRE 1.8 on Windows 7 SP1 Enterprise (32 bit) hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3554); DRBG (Cert. #905); DSA (Cert. #992); HMAC (Cert. #2268); RSA (Cert. #1830); SHS (Cert. #2929); Triple-DES (Cert. #1987) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #3554, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1987, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC Multi-Chip Stand Alone "The VMware Horizon JCE (Java Cryptographic Extension) Module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms." |
2558 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 P (Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/11/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2557 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B (DC); Senetas Corp. Ltd. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Firmware Versions: 2.6.1 and 2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/11/2016 04/11/2016 | 4/10/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3335, #3342 and #3343); CVL (Cert. #489); DRBG (Cert. #777); ECDSA (Cert. #659); HMAC (Cert. #2126); KAS (Cert. #56); RSA (Cert. #1725); SHS (Cert. #2770); Triple-DES (Cert. #1905) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis." |
2556 | Infineon Technologies AG Am Campeon 1-12 Neubiberg, Bavaria 85579 Germany Roland Ebrecht TEL: +49-821-2585168 FAX: +49-821-2585130 Thomas Hoffmann TEL: +49-821-2585124 FAX: +49-821-2585130 CST Lab: NVLAP 100432-0 | Trusted Platform Module 1.2 SLB 9660/SLB 9665/SLB 9670 (Hardware Versions: P/Ns SLB 9660, SLB 9665 and SLB 9670; Firmware Version: 4.80.0411.02 or 6.80.0113.02) (When operated in FIPS mode as specified in Security Policy Sections 1.1 and 8.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/09/2016 | 2/8/2021 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3523 and #3524); RSA (Certs. #1809 and #1810); SHS (Certs. #2905 and #2906); DRBG (Certs. #882 and #883); HMAC (Certs. #2251 and #2252); KBKDF (Certs. #70 and #71); CVL (Certs. #579, #580, #581, #582, #583 and #584); KTS (AES Certs. #3523 and #3524 and HMAC Certs. #2251 and #2252; key establishment methodology provides 128 bits of encryption strength); RSAEP (SP 800-56B, vendor affirmed) -Other algorithms: NDRNG; RSA (CVL Certs. #580 and #583, key wrapping provides 112 bits of encryption strength) Single Chip "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the TCG specifications Version 1.2, Revision 116, 1 March 2011. See www.trustedcomputinggroup.org for further information on TCG and TPM." |
2555 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10, M-1450 Version 1.10, M-2750 Version 1.50, M-2850 Version 1.00, M-2950 Version 1.00, M-3050 Version 1.20, M-4050 Version 1.20 and M-6050 Version 1.40; FIPS Kit P/Ns IAC-FIPS-KT2 and IAC-FIPS-KT7; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/09/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
2554 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Sandra Hernandez TEL: 512-286-5624 Marie Fraser TEL: +353 21 7306043 CST Lab: NVLAP 200416-0 | IBM(R) Security QRadar(R) Cryptographic Security Kernel (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/02/2016 | 2/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux (RHEL) v6.5 running on a IBM System X3650 M4 BD (single-user mode) -FIPS Approved algorithms: AES (Cert. #3131); CVL (Cert. #397); DRBG (Cert. #753); HMAC (Cert. #1981); RSA (Cert. #1686); SHS (Cert. #2600); Triple-DES (Cert. #1794) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The IBM(R) Security QRadar(R) Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine." |
2553 | ZOLL Medical Corporation 269 Mill Road Chelmsford, MA 01824-4105 USA Bryan Newman TEL: 978-421-9843 FAX: n/a Navid Shaidani TEL: 978-421-9843 FAX: n/a CST Lab: NVLAP 100432-0 | R Series Data Comm II (Hardware Version: 9214-00207 Rev B; Firmware Version: 03.02.010.1441) (When operated in FIPS mode. This module contains the embedded module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3276); CVL (Cert. #458); DRBG (Cert. #734); DSA (Cert. #935); ECDSA (Cert. #631); HMAC (Cert. #2074); RSA (Cert. #1688); SHS (Certs. #2714 and #2715); Triple-DES (Cert. #1864); KTS (AES Cert. #3276 and HMAC Cert. #2074; key establishment methodology provides 256 bits of encryption strength) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC4; AES CCM (non-compliant) Multi-Chip Stand Alone "The ZOLL R Series Data Comm II module allows data to be wirelessly transmitted." |
2552 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Motorola Solutions Astro Subscriber uMACE - Level 3 (Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2016 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822) -Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
2551 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/04/2016 01/04/2017 | 1/3/2022 | Overall Level: 2 Multi-Chip Embedded |
2550 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Linux Cryptographic Module (Software Version: 1.0.1) (When installed, initialized and configured as indicated in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/29/2016 | 1/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): McAfee Linux 2.2.3 running on an Intel SR1530SH McAfee Linux 2.2.3 running on an Intel SR2625URLX McAfee Linux 2.2.3 on VMware ESXi 5.0 running on an Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Certs. #3116 and #3117); CVL (Certs. #378 and #379); DRBG (Certs. #627 and #628); DSA (Certs. #900 and #901); HMAC (Certs. #1953 and #1954); RSA (Certs. #1587 and #1588); SHS (Certs. #2572 and #2573); Triple-DES (Certs. #1787 and #1788) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Linux Cryptographic Module provides cryptographic services for McAfee Linux and security appliance products built upon this platform. McAfee Linux is an operating system built with a focus on the needs of security appliances." |
2549 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - Kernel Crypto API Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module v2.0 validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode and with module SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module version 1.0 validated to FIPS 140-2 under Cert. #2484 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/29/2016 | 1/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 with PAA SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3286, #3287, #3288, #3297 and #3298); DRBG (Certs. #744, #745, #746 and #747); HMAC (Certs. #2083, #2084, #2085 and #2086); RSA (Cert. #1687); SHS (Certs. #2724, #2725, #2726 and #2727); Triple-DES (Cert. #1873) -Other algorithms: Anubis; ARC4; Blowfish; Camellia; CAST5; CAST6; DES; Fcrypt; Khazad; Salsa20; SEED; Serpent; TEA; XTEA; XETA; Twofish; Two key Triple-DES (non-compliant); LRW mode; Fcrypt-PCBC; MD4; MD5; Michael Mic; RIPEMD; Tiger; Whirlpool Multi-Chip Stand Alone "SUSE Kernel Crypto API module provides cryptographic services to the Linux operating system kernel." |
2548 | Redpine Signals, Inc. 2107 N. First Street #680 San Jose, CA 95131-2019 USA Mallik Reddy TEL: 408-748-3385 Ext. 202 FAX: 408-705-2019 CST Lab: NVLAP 200802-0 | RS9113 (Hardware Version: 6.0; Firmware Version: RS9113.N00.WC.FIPS.OSI.1.2.6 with Bootloader version 1.7) (When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/28/2016 | 1/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3299 and #3300); KTS (AES Cert. #3299; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2628); HMAC (Cert. #2003); RSA (Cert. #1689); DRBG (Cert. #907); KBKDF (Cert. #50); CVL (Cert. #474) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES; HMAC-MD4 Multi-Chip Embedded "The RS9113 modules' family is based on Redpine Signals' RS9113 ultra-low-power Convergence SoC. These modules offer dual-band 1x1 802.11n, dual-mode Bluetooth 4.0 and Zigbee 802.15.4 in a single device. They are high performance, long range and ultra-low power modules. The modules provide guaranteed availability of connectivity at all locations within the defined zones, availability at all times, devices' mobility, security of data collection and transmission to backend database, low power for battery operated devices and bandwidth needs." |
2547 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Motorola Solutions Astro Subscriber uMACE - Level 2 (Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/28/2016 01/30/2017 | 1/29/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Operational Environment: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822) -Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
2546 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN1000/CN3000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/26/2016 | 1/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3336, #3344 and #3345); CVL (Cert. #490); DRBG (Cert. #778); ECDSA (Cert. #660); HMAC (Cert. #2127); KAS (Cert. #57); RSA (Cert. #1726); SHS (Cert. #2771); Triple-DES (Cert. #1906) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet networks. The CN1000 Series supports line rates of 10/100/1000 Mbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
2545 | HID Global and Oberthur Technologies 611 Center Ridge Drive Austin, TX 78753 USA Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 Christophe Goyet TEL: 703-322-8951 CST Lab: NVLAP 100432-0 | HID Global ActivID Applet Suite v2.7.4 on Oberthur Technologies Cosmo V8 (Hardware Version: Oberthur Technologies 0F; Firmware Versions: Oberthur Technologies '5601' and HID Global ActivID Applet Suite 2.7.4) (When operated with module ID-One PIV-C on Cosmo V8 validated to FIPS 140-2 under Cert. #2303 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/26/2016 08/11/2017 08/17/2017 | 1/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Certs. #336 and #1302); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #91); KBKDF (Cert. #33); KTS (AES Certs. #2910 and #2911); RSA (Cert. #1532); SHS (Cert. #2449); Triple-DES (Cert. #1727) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength) Single Chip "HID Global ActivID Applet v2.7.4 is a Java Card applet suite that uses the Oberthur Technologies Cosmo v8 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4)." |
2544 | HID Global and Giesecke+Devrient Mobile Security America Inc. 611 Center Ridge Drive Austin, TX 78753 USA Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 Jatin Deshpande TEL: 669-999-6323 CST Lab: NVLAP 100432-0 | HID Global ActivID Applet Suite v2.7.5 on Giesecke & Devrient Sm@rtCafé Expert 7.0 (Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0 and HID Global ActivID Applet Suite 2.7.5) (When operated with module Sm@rtCafé Expert 7.0 validated to FIPS 140-2 under Cert. #2327 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/26/2016 07/03/2017 07/14/2017 | 1/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Operational Environment: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2720 and #2721); CVL (Certs. #177, #1192 and #1193); DRBG (Cert. #455); ECDSA (Cert. #476); KAS (Cert. #91); KBKDF (Cert. #18); KTS (AES Certs. #2720 and #2721); RSA (Cert. #1507); SHS (Certs. #2289 and #2290); Triple-DES (Cert. #1637) -Other algorithms: NDRNG Single Chip "HID Global ActivID Applet v2.7.5 is a Java Card applet suite that uses the Sm@rtCafé Expert 7.0 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4)." |
2543 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiClient 5.0 VPN Client (Software Versions: FortiClient 5.0, build0367, 151201) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms." |
2542 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiClient 5.0 VPN Client (Software Versions: FortiClient 5.0, build0367, 151201) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms." |
2541 | Relocation Management Worldwide 6077 Primacy Parkway Suite 223 Memphis, TN 38119 USA Rob Gerwing TEL: 303-716-5939 FAX: (303) 974-1108 CST Lab: NVLAP 200416-0 | VERN (TM) RMW Crypto Library (Software Version: 1.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Server 2012 running on a Dell Power Edge 2950 Server (single-user mode) -FIPS Approved algorithms: AES (Cert. #3275); HMAC (Cert. #2240); SHS (Cert. #2713) -Other algorithms: N/A Multi-Chip Stand Alone "The VERN RMW Crypto Library version 1.2 is a software cryptographic library that provides cryptographic services to the overall VERN Web application. The software contains implementations of approved cryptographic algorithms." |
2540 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiMail-1000D and FortiMail-3000D (Hardware Versions: Fortimail-1000D: C1AA85 with Disk Trays P/N: SP-D2000 and Power Supplies P/N: SP-FXX1000D-PS, FortiMail-3000D: C1AA63 with Disk Trays P/N: SP-D2TC and Power Supplies P/N: D750E-S1, Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiMailOS 5.2, build0460,150922) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2016 | 1/24/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities." |
2539 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiMail 5.2 (Firmware Versions: FortiMailOS 5.2, build0460,150922) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 01/25/2016 | 1/24/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiMail-3000D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities." |
2538 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) 7840 Extension Switch (Hardware Version: {7840 Extension Switch (P/N 80-1008000-01)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01)) (When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/19/2016 07/19/2016 | 7/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1723); AES (Certs. #2892, #3130 and #3132); SHS (Certs. #2435 and #2571); HMAC (Certs. #1828 and #1952); DRBG (Certs. #635 and #672); RSA (Cert. #1522); ECDSA (Cert. #522); CVL (Certs. #318, #319, and #396); -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNMPv3 KDF (non-compliant); HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; DES; DES3; DESX; RC2; RC4; NDRNG; MD2; MD4; MD5; ARCFOUR; BF; CAST; RIPEMD160; UMAC-64; EC Diffie-Hellman (CVL Certs. #311, #318 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (non-compliant); IKEv2 KDF (non-compliant); SHA-1 (non-compliant); SHA-256 (non-compliant); HMAC-SHA-512 (non-compliant) Multi-Chip Stand Alone "The Brocade 7840 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
2537 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 | 1/14/2021 | Overall Level: 2 Multi-Chip Stand Alone |
2536 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 04/11/2017 05/22/2017 | 1/14/2021 | Overall Level: 2 Multi-Chip Stand Alone |
2535 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 | 1/14/2021 | Overall Level: 1 Multi-Chip Stand Alone |
2534 | Kodiak Networks, Inc. 1501 10th Street Suite 130 Plano, TX 75074 USA Terry Boland TEL: 972-665-3381 FAX: 972-665-0198 Sanjay Kulkarni TEL: 972-665-3222 FAX: 972-665-0198 CST Lab: NVLAP 100432-0 | Push To Talk Client Crypto Module (Software Version: 3.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/14/2016 | 1/13/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): iOS 8.1 running on iPhone™ 6 and Android 4.4 running on Samsung Galaxy S5 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3330 and #3417); DRBG (Certs. #775 and #821); HMAC (Certs. #2121 and #2175); RSA (Certs. #1710 and #1749); SHS (Certs. #2763 and #2823); Triple-DES (Certs. #1901 and #1928) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Embedded "Kodiak Push-to-Talk is a carrier-integrated Broadband Push-to-Talk service platform. It sets a new standard for instant communications by providing PTT service over 4G LTE, 4G HSPA+, Wi-Fi, and 3G." |
2533 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) MLXe(R) NetIron(R) Ethernet Routers (Hardware Versions: {[BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-4-MR2-X-DC (80-1006875-03), BR-MLXE-8-MR2-X-AC (80-1007227-03), BR-MLXE-8-MR2-X-DC (80-1007228-03), BR-MLXE-16-MR2-X-AC (80-1006829-04), BR-MLXE-16-MR2-X-DC (80-1006834-04)] with Component P/Ns 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, 80-1005644-03, 80-1007878-02, 80-1007911-02, 80-1007879-02} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a) (When operated in FIPS mode with the tamper evident labels installed as specified in Annex A and configured as specified in Tables 8, 12 and 16 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/12/2016 05/23/2017 | 1/11/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1648, #2154, #2717, #2946, #3030 and #3144); KTS (AES Cert. #2946, key wrapping; key establishment methodology provides 112 bits of encryption strength); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #934 and #2282); RSA (Cert. #1413); HMAC (Certs. #1696 and #2883); DRBG (Certs. #454 and #684); CVL (Certs. #175, #393, #404, #437 and #1050); KBKDF (Cert. #35); ECDSA (Certs. #546 and #593) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-SHA1-96; HMAC-MD5; MD5; DES; Triple-DES (non-compliant); EC Diffie-Hellman (CVL Certs. #437 and #1050, key agreement; key establishment methodology provides between 128 or 192 bits of encryption strength) Multi-Chip Stand Alone "Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density; rich IPv4, IPv6, Multi-VRF, MPLS, and Carrier Ethernet capabilities without compromising performance; and advanced Layer 2 switching. This release introduces a new interface card BR-MLX-10GX4-IPSEC-M, which has built-in capability to negotiate IKEv2 sessions and establish IPSec tunnels to allow Virtual Private Networks to be created within the network. In addition, BR-MLX-10GX4-IPSEC-M has PHY level support for MACSec protocol." |
2532 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/13/2016 | 1/12/2021 | Overall Level: 2 Multi-Chip Embedded |
2531 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway WG5000 and WG5500 Appliances (Hardware Versions: 5000 with EWG-5000-FIPS-KIT and 5500 with EWG-5500-FIPS-KIT; Firmware Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic." |
2530 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) FCX 624/648, ICX (TM) 6610, ICX 6450, ICX 7750, ICX 7450 and SX 800/1600 Series (Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX 6610-24F-I (80-1005350-04), ICX 6610-24F-E (80-1005345-04), ICX 6610-24-I (80-1005348-05), ICX 6610-24-E (80-1005343-05), ICX 6610-24P-I (80-1005349-06), ICX 6610-24P-E (80-1005344-06), ICX 6610-48-I (80-1005351-05), ICX 6610-48-E (80-1005346-05), ICX 6610-48P-I (80-1005352-06), ICX 6610-48P-E (80-1005347-06)], [ICX 6450-24P (80-1005996-04), ICX 6450-24 (80-1005997-03), ICX 6450-48P (80-1005998-04), ICX 6450-48 (80-1005999-04), ICX 6450-C12-PD (80-1007578-01)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007872-01; 80-1007873-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [ICX-7450-24 (80-1008060-01), ICX-7450-24P (80-1008061-01), ICX-7450-48 (80-1008062-01), ICX-7450-48P (80-1008063-01), ICX-7450-48F (80-1008064-01), with Components (123400000829A-R01; 123400000830A-R01; 123400000833A-R01; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008308-01; 80-1008309-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), FI-SX1600-DC (80-1003005-02; 80-1007138-02), with Components (80-1002957-03; 80-1006486-02; 80-1007350-02; 80-1006607-01; 80-1007349-01; 80-1003883-02; 80-1003886-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.20a) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 7, 12 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #1613, #1614, #1615, #1617 and #1764); AES (Certs. #1197, #1276, #2687, #2688, #2690, #2697, #2981, #2984, #3008, #3133, #3139, #3140, #3141 and #3142); KTS (AES Cert. #2984, key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); KBKDF (Cert. #36) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; Base64; Triple-DES (non-compliant); AES (non-compliant); SHA-1 (non-compliant); DSA (non-compliant) Multi-Chip Stand Alone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX 7450 Switch delivers the performance, flexibility, and scalability required for enterprise Gigabit Ethernet (" |
2529 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer-200D (Hardware Version: C4FA20-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
2528 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer-3000D (Hardware Version: C1AA61-03AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923(GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/10/2016 | 1/9/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
2527 | Francotyp-Postalia GmbH Prenzlauer Promenade 28 Berlin 13089 Germany Dirk Rosenau TEL: +49-30220-660-616 FAX: +49-30220-660-494 Hasbi Kabacaoglu TEL: +49-30220-660-616 FAX: +49-30220-660-494 CST Lab: NVLAP 200983-0 | Postal mRevenector US 2014 (Hardware Version: Hardware P/N: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; US Application: 90.0036.0216.00/2014472001) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); ECDSA (Cert. #559); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG Multi-Chip Embedded "Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector US 2014 is FP’s latest generation of PSD.The cryptographic module neither relie" |
2526 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer 5.2 (Firmware Version: v5.2.4-build0738 150923(GA)) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiAnalyzer-200D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
2525 | CounterTack, Inc. 100 Fifth Ave., First Floor Waltham, MA 02451-1208 USA Aaron Ruby TEL: 855-893-5428 FAX: 703-224-3049 Stan Eramia TEL: 855-893-5428 FAX: 703-224-3049 CST Lab: NVLAP 100432-0 | CounterTack Sentinel Endpoint Module (Software Version: 3.6.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 (64-bit) running on a Sony Vaio Pro (single-user mode) -FIPS Approved algorithms: AES (Cert. #3508); DRBG (Cert. #875); HMAC (Cert. #2241); RSA (Cert. #1803); SHS (Cert. #2893); Triple-DES (Cert. #1972) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Stand Alone "The Sentinel Endpoint Module installs on target servers and workstations to provide cryptographic functionality for real-time threat detection and response capabilities. Deployed as part of CounterTack's Sentinel platform, the sensor communicates behavioral data to a central cluster, which provides real-time analysis, correlation with external threat intelligence and rapid-response containment that scales even the largest enterprises." |
2524 | HyTrust, Inc. 1975 W El Camino Real, Suite 203 Mountain View, CA 94040 USA Bill Hackenberger TEL: 650-681-8120 FAX: 650-681-8101 CST Lab: NVLAP 200802-0 | HyTrust KeyControl (TM) Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FreeBSD 9.2 on VMware vSphere Hypervisor (ESXi) 5.5.0u2 on Dell Inc. PowerEdge R220, Intel Xeon CPU E3-1241v3 @ 3.50GHz (single user mode) -FIPS Approved algorithms: AES (Certs. #3397, #3431 and #3432); DRBG (Cert. #813); HMAC (Cert. #2168); SHS (Cert. #2813) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "HyTrust KeyControl is a key management system that is available in three different formats (ISO, OVA and AMI) and can be run on physical x86 based hardware as a virtual machine and on one of a number of different hypervisor platforms or as a combination of both when running in clustered mode." |
2523 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances (Hardware Versions: WBG-5000-C and WBG-5500-C; Firmware Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver comprehensive security for all aspects of Web 2.0 traffic." |
2522 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway Virtual Appliance (Software Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): MLOS v2.2.3 on VMware vSphere Hypervisor 5.0 running on an Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Cert. #3117); CVL (Cert. #379); DRBG (Cert. #628); DSA (Cert. #901); HMAC (Cert. #1954); RSA (Cert. #1588); SHS (Cert. #2573); Triple-DES (Cert. #1788) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. The McAfee Web Gateway Virtual Appliance delivers scalable deployment flexibility and performance. The McAfee Web Gateway Virtual Appliance delivers comprehensive security for all aspects of Web 2.0 traffic." |
2521 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type A (Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SRQ384B[2]; Firmware Versions: ZZ00[1], NA00[1][2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 02/12/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2520 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type B (Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SVQ048B[2], A0 with PX04SVQ096B[2], A0 with PX04SVQ192B[2], A2 with PX04SVQ040B[3], A2 with PX04SVQ080B[3], A2 with PX04SVQ160B[3], A2 with PX04SRQ192B[3]; Firmware Versions: ZW00[1], 0501[1][2], MS00[1], MD04[3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 02/25/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
2519 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Bob Pittman TEL: 978-264-5211 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP FlexFabric 5900CP and 12910 Switch Series (Hardware Versions: HP 12910 and [HP 5900CP with JG719A] with FIPS Kit: JG585A or JG586A; Firmware Version: 7.1.045) (When operated in FIPS mode with opacity shield and tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 01/08/2016 | 1/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2945, #2985, #2988 and #2989); CVL (Certs. #343 and #364); DRBG (Certs. #548 and #571); DSA (Certs. #877 and #888); HMAC (Certs. #1868, #1891, #1894 and #1895); RSA (Certs. #1548 and #1566); SHS (Certs. #2481, #2506, #2509 and #2510) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The HP FlexFabric 5900CP Switch Series provides a converged, top-of-rack, data center switch architecture that offers wire once for FCoE converged environments. With 48 converged ports that support 1/10GbE and 4/8 FC, the FlexFabric 5900CP delivers versatile convergence for connecting FC, iSCSI and FC SANs. The HP FlexFabric 12910 Switch is a next-generation modular data center core switch designed to support virtualized data centers and the evolving needs of private and public cloud deployments. The FlexFabric 12910 switch delivers unprecedented levels of performance, buffering, scale, and av" |
2518 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager-4000D (Hardware Version: C1AA62-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances." |
2517 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager-1000D (Hardware Version: C1AA82-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "FortiManager Network Security Management Appliances were designed to providesecurity management for large enterprise organizations and service providers. Theyenable you to centrally manage any number of Fortinet devices, including FortiManager,FortiWiFi, and FortiCarrier™. FortiManager provides the high performance and scalabilityyou need to efficiently apply policies and distribute content security/firmware updates,regardless of the size of your network." |