CMVP Main PageLast Updated: 9/08/2017
It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.
When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.
NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.
NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.
NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).
Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.
| Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Sunset Date | Level / Description |
|---|---|---|---|---|---|---|
| 3012 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Jaroslav Reznik TEL: +420-532-294-645 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux GnuTLS Cryptographic Module (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/08/2017 | 9/7/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 with PAA Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4658, #4659, #4660, #4661, #4662 and #4663); CVL (Certs. #1307, #1308, #1309 and #1310); DRBG (Certs. #1574 and #1575); DSA (Certs. #1233 and #1234); ECDSA (Certs. #1146 and #1147); HMAC (Certs. #3086 and #3087); RSA (Certs. #2542 and #2543); SHS (Certs. #3817, #3818, #3819 and #3820); Triple-DES (Certs. #2479 and #2480) -Allowed algorithms: Diffie-Hellman (CVL Certs. #1307 and #1309; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1307 and #1309, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PCKS#12, and other required structures which is shipped with Red Hat Enterprise Linux 7.4." |
| 3011 | Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA Kasra Akhavan-Toyserkani TEL: (240) 243-1837 FAX: (240) 243-1853 Parag Patel TEL: (240) 243-1876 FAX: (240) 243-1853 CST Lab: NVLAP 200928-0 | Unified Crypto Module (Hardware Version: PL-0000235-2; Firmware Version: 2.2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/07/2017 | 9/6/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4077, #4078 and #4079); CKG (vendor affirmed); CVL (Certs. #899 and #1084); DRBG (Cert. #1225); ECDSA (Cert. #922); HMAC (Cert. #2663); KBKDF (Cert. #131); RSA (Cert. #2209); SHS (Cert. #3359); Triple-DES (Cert. #2229) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #899, key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic." |
| 3010 | Attivo Networks Inc. 47697 Westinghouse Drive Suite 201 Fremont, CA 94539 USA Satya Das TEL: 510-623-1000 CST Lab: NVLAP 200968-0 | Attivo Cryptographic Provider (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2017 | 10/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Open JDK 1.8 on CentOS 6.5 Intel 64-bit on ESXi 5.5.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system -FIPS Approved algorithms: AES (Cert. #4049); CVL (Certs. #878, #879 and #1190); DRBG (Cert. #1213); DSA (Cert. #1095); ECDSA (Cert. #908); HMAC (Cert. #2644); KAS (Cert. #90); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #99); KTS (vendor affirmed); KTS (AES Cert. #4049; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2215; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2084); SHA-3 (Cert. #9); SHS (Cert. #3339); Triple-DES (Cert. #2215) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "Attivo Cryptographic Provider is a component of Attivo Networks’ products such as the Attivo Central Manager 200, BOTsink 3200, and BOTsink 5100. These products constitute the Attivo ThreatMatrix Deception and Response Platform which detects stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments by deceiving attackers into revealing themselves. The detections along with comprehensive attack analysis and actionable alerts empower accelerated incident response." |
| 3009 | Amazon Web Services, Inc. 410 Terry Ave N Ste 1200 Seattle, WA 98109-5210 USA Kelvin Yiu TEL: n/a FAX: n/a Ken Beer TEL: n/a FAX: n/a CST Lab: NVLAP 201029-0 | AWS Key Management Service HSM (Hardware Version: 2.0; Firmware Version: 1.3.6) (When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/05/2017 | 9/4/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4527); CVL (Certs. #1208 and #1209); DRBG (Cert. #1487); ECDSA (Cert. #1102); HMAC (Cert. #2987); KAS (Cert. #122); KBKDF (Cert. #133); KTS (AES Cert. #4527, key establishment methodology provides 128 or 256 bits of encryption strength); KTS (SP 800-56B, vendor affirmed); RSA (Cert. #2464); SHS (Cert. #3708) -Allowed algorithms: EC Diffie-Hellman (CVL Cert. #1209, key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-Chip Stand Alone "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering." |
| 3008 | Fatpipe, Inc. 4455 South 700 E STE 100 Salt Lake City, UT 84107 United States Matt Gwyther TEL: (801) 281 - 3434 FAX: (801) 281 - 0317 CST Lab: NVLAP 200802-0 | Fatpipe Crypto Module (Software Version: 9.1.2-fips) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/31/2017 | 8/30/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): LFS (Linux from scratch) 1.1.0 x86 64 Pure64 without PAA running on Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz (single-user mode) -FIPS Approved algorithms: AES (Certs. #4314 and #4315); CVL (Certs. #1027 and #1028); DRBG (Cert. #1372); DSA (Cert. #1149); HMAC (Cert. #2846); SHS (Cert. #3549) -Allowed algorithms: Diffie-Hellman (CVL Cert. #1027, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "Fatpipe Crypto Module, a patented router clustering device, is an essential part of Disaster Recovery and Business Continuity Planning for Virtual Private Network (VPN) connectivity. It is integrated with several Kernel Space cryptographic algorithms and other security mechanisms" |
| 3007 | SafeLogic Inc. 530 Lytton Avenue Ste. 200 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 201029-0 | CryptoComply for Libgcrypt (Software Version: 4.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #2657.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/28/2017 | 6/12/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645 and #3646); DRBG (Certs. #972, #973, #974, #975, #979 and #980); DSA (Certs. #1020 and #1021); HMAC (Certs. #2398 and #2399); RSA (Certs. #1882 and #1883); SHS (Certs. #3065 and #3066); Triple-DES (Certs. #2033 and #2034) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength) Multi-Chip Stand Alone "SafeLogic CryptoComply for Libgcrypt is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality." |
| 3006 | Toshiba Memory Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type C2 (Hardware Versions: A0 with PX05SVQ096B, A0 with PX05SVQ192B, A0 with PX05SVQ384B; Firmware Versions: PX05AX01, PX05AX02, PX05AX03, PX05AX04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2017 | 8/27/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Allowed algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 3005 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-576-5000 CST Lab: NVLAP 100432-0 | IPCryptR2 (Hardware Version: BLN1306A; Firmware Version: R06.03.05) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/25/2017 | 8/24/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1424 and #1425); CVL (Certs. #262 and #263); ECDSA (Cert. #498); HMAC (Cert. #1780); KTS (AES Cert. #1424 and HMAC Cert. #1780, key wrapping; key agreement methodology provides 256 bits of encryption strength); SHS (Cert. #2381) -Allowed algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems." |
| 3004 | STMicroelectronics Green Square Building B Lambroekstraat 5 Diegem/Machelen B-1831 Belgium Olivier COLLART TEL: +32 272 450 77 FAX: +32 272 451 43 Fabien ARRIVE TEL: +33 223 470 633 FAX: +33 223 470 400 CST Lab: NVLAP 200002-0 | Trusted Platform Module ST33TPHF20SPI (Hardware Versions: ST33HTPH2E28AAF0 [1], ST33HTPH2E32AAF0 [1], ST33HTPH2E28AAF1 [1], ST33HTPH2E32AAF1 [1], ST33HTPH2028AAF3 [2] and ST33HTPH2032AAF3 [2]; Firmware Versions: 49.00 [1], 4A.00 [2]) (When operated in FIPS mode and installed, initialized and configured as specified in Section 1.7 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/25/2017 | 8/24/2022 | Overall Level: 2 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4336 and #4338); CKG (vendor affirmed); CVL (Certs. #1041 and #1045); DRBG (Cert. #1361); ECDSA (Cert. #1025); HMAC (Certs. #2870, #2875, #2876 and #2878); KAS (Certs. #108 and #110); KBKDF (Certs. #121 and #123); KTS (AES Certs. #4336 and #4338 and HMAC Certs. #2870 and #2875; key establishment methodology provides 128 bits or 256 bits of encryption strength); RSA (Certs. #2340 and #2342); SHS (Cert. #3539); Triple-DES (Certs. #2343 and #2345) -Allowed algorithms: NDRNG; RSA (CVL Certs. #1041 and #1045, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single Chip "ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 2.0 specification." |
| 3003 | Bull Atos Technologies Boulevard Jean JaurFs B.P.68 F-78340 Les Clayes sous Bois 78340 France Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 CST Lab: NVLAP 200928-0 | CHR Cryptographic Module (Hardware Version: 005/B; Firmware Version: V1.04-01L) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/24/2017 | 8/23/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: RSA (Cert. #2348); SHS (Cert. #3580) -Allowed algorithms: N/A Multi-Chip Stand Alone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR." |
| 3002 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexFabric 5700, 5900 and 5920 Switch Series (Hardware Versions: {[HPE FlexFabric 5700-32XGT-8XG-2QSFP+ Switch (JG898A), HPE FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-Compliant Switch (JG899A), HPE FlexFabric 5700-40XG-2QSFP+ Switch (JG896A), HPE FlexFabric 5700-40XG-2QSFP+ TAA1-Compliant Switch (JG897A), HPE FlexFabric 5700-48G-4XG-2QSFP+ Switch (JG894A), HPE FlexFabric 5700-48G-4XG-2QSFP+ TAA1-Compliant Switch (JG895A), HPE FlexFabric 5900AF-48G-4XG-2QSFP+ Switch (JG510A), HPE FlexFabric 5900AF-48G-4XG-2QSFP+ TAA1-Compliant Switch (JH038A), HPE FlexFabric 5900AF-48XG-4QSFP+ Switch (JG772A) and HPE FlexFabric 5900AF-48XG-4QSFP+ TAA1-Compliant Switch (JG554A)] with Opacity Kit JH063A, [HPE FlexFabric 5900AF-48XGT-4QSFP+ Switch (JG336A), HPE FlexFabric 5900AF-48XGT-4QSFP+ TAA1-Compliant Switch (JH037A), HPE FlexFabric 5900CP-48XG-4QSFP+ Switch (JG838A) and HPE FlexFabric 5900CP-48XG-4QSFP+ TAA1-Compliant Switch (JH036A)] with Opacity Kit JH719A and [HPE FlexFabric 5920AF-24XG Switch (JG296A) and HPE FlexFabric 5920AF-24XG TAA1-compliant Switch (JG555A)] with Opacity Kit JG720A} with Label Kit JG585A or JG586A; Firmware Versions: HPE Comware 7.1.045, Release R2422P01) (When operated in FIPS mode with tamper evident labels and opacity kits installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/23/2017 | 8/22/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4093 and #4098); CKG (vendor affirmed); CVL (Certs. #911 and #912); DRBG (Cert. #1231); DSA (Cert. #1114); ECDSA (Cert. #927); HMAC (Certs. #2673 and #2678); RSA (Cert. #2217); SHS (Certs. #3369 and #3374) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 3001 | Toshiba Memory Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type C1 (Hardware Version: A0 with PX05SMQ160B; Firmware Versions: PX05AW01, PX05AW02, PX05AW03, PX05AW04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/23/2017 | 8/22/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Allowed algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 3000 | Siemens Canada Ltd. 300 Applewood Crescent Concord, ON L4K 5C7 Canada Roy Zhang TEL: 905-482-4548 FAX: 905-856-1995 CST Lab: NVLAP 200416-0 | RUGGEDCOM Ethernet Switches and RUGGEDCOM Serial Device Server (Hardware Versions: M969F, M2100F, M2200F, RSG2100F, RSG2200F, RSG2488F, RS416F, RS900F, RS900GF, and RS940GF; Firmware Version: 4.2.1.F) (When installed, initialized and configured as specified in the Security Policy Section 3. The tamper evident seals and baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/21/2017 | 8/20/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4030 and #4037); CKG (vendor affirmed); CVL (Certs. #858, #859, #861, #862, #863, and #876); DRBG (Certs. #1204 and #1207); ECDSA (Certs. #899 and #903); HMAC (Certs. #2631 and #2635); RSA (Certs. #2072 and #2078); SHS (Certs. #3329 and #3336) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #858 and #863, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Certs. #862 and #876; key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The RUGGEDCOM Ethernet Switches and RUGGEDCOM Serial Device Server are utility-grade, fully-managed Ethernet devices designed to operate reliably in electrically harsh and climatically demanding environments. The devices’ rugged hardware design, coupled with the embedded Rugged Operating System (ROS®) version 4.2.1.F, provides improved system reliability and advanced cybersecurity and networking features. This makes them ideally suited for creating secure Ethernet networks for mission-critical, real-time control applications." |
| 2999 | Huawei Technologies Co., Ltd. No. 328, Xinghu Street Suzhou, JIANGSU 215000 CHINA Yang Ze TEL: +86 15919432118 Ji Xiang TEL: +86 15261806635 CST Lab: NVLAP 100432-0 | Huawei R230D, R240D and R250D Remote Radio Units (Hardware Versions: P/Ns R230D, R240D and R250D with Tamper-evident Seals 4057-113016; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper-evident seals and opacity stickers installed as indicated in Section 8 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/21/2017 | 8/20/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Huawei R230D, R240D, R250D Remote Radio Units are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to provide secure communication for data transmitted between different networks. The modules provide network interfaces for data input and output." |
| 2998 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Kevin Rohan TEL: 1-719-757-3374 FAX: n/a CST Lab: NVLAP 201029-0 | Oracle ILOM OpenSSL FIPS Object Module (Software Version: 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/18/2017 08/22/2017 08/22/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Oracle ILOM OS v3.0 running on Oracle ILOM SP v3 (ARM 7) with PAA (gcc Compiler Version 4.9) Oracle ILOM OS v3.0 running on Oracle ILOM SP v3 (ARM 7) without PAA (gcc Compiler Version 4.9)(single-user mode) -FIPS Approved algorithms: AES (Cert. #4629); CVL (Cert. #1289); DRBG (Cert. #1557); DSA (Cert. #1224); ECDSA (Cert. #1138); HMAC (Cert. #3064); RSA (Cert. #2527); SHS (Cert. #3793); Triple-DES (Cert. #2462) -Allowed algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Oracle ILOM OpenSSL FIPS Object Module is a software library providing a C language application program interface (API) for use by other processes that require cryptographic functionality and is classified by FIPS 1402 as a software module, multichip standalone module embodiment." |
| 2997 | SafeLogic Inc. 530 Lytton Avenue Ste. 200 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 201029-0 | CryptoComply for NSS (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2711) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/18/2017 | 12/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3605, #3606, #3607 and #3609); CVL (Certs. #626 and #627); DRBG (Certs. #936 and #937); DSA (Certs. #1002 and #1003); ECDSA (Certs. #739 and #740); HMAC (Certs. #2300 and #2301); RSA (Certs. #1854, #1855, #2034 and #2035); SHS (Certs. #2966 and #2967); Triple-DES (Certs. #2007 and #2008) -Allowed algorithms: AES (Certs. #3605, #3606, #3607 and #3609, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Certs.#2007 and #2008, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "SafeLogic CryptoComply for NSS is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality." |
| 2996 | Alcatel-Lucent Enterprise USA Inc. 26801 West Agoura Road Calabasas, CA 91301 USA Eric Tolliver TEL: 818-878-4623 CST Lab: NVLAP 200556-0 | OmniSwitch AOS 8.3.1.R01 Cryptographic Module (Software Version: AOS 8.3.1.R01) (When installed, initialized and configured as specified in the Security Policy Section 3.1. When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/18/2017 | 8/17/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-24 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-P24 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-48 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-P48 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-24 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-P24 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-48 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-P48 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-U28 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6865-P16X Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X20 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X40 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-T20 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-T40 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-Q32 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X72 Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 9900 -FIPS Approved algorithms: AES (Certs. #4285, #4286, #4287 , #4288, #4440, #4441, #4443 and #4444); CVL (Certs. #1184, #1185, #1186 and #1187); DRBG (Certs. #1345, #1346, #1347 and #1348); ECDSA (Certs. #1078, #1079, #1081 and #1082); HMAC (Certs. #2821, #2822, #2823 and #2824); RSA (Certs. #2306, #2307, #2308 and #2309); SHS (Certs. #3523, #3524, #3525 and #3526); Triple-DES (Certs. #2386, #2387, #2388 and #2389) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Multi-Chip Stand Alone "The AOS Cryptographic Module version 8.3.1.R01 provides cryptographic functionality to Alcatel-Lucent software applications present on the Alcatel-Lucent OmniSwitch series of routers." |
| 2995 | Check Point Software Technologies Ltd. 5 Ha'Solelim Street Tel Aviv 67897 Israel Malcom Levy TEL: +972-3-753-4561 FAX: +972-3-624-11-00 CST Lab: NVLAP 200996-0 | Check Point Cryptographic Library (Firmware Version: 1.0) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3 Secure Operation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/16/2017 08/18/2017 | 8/15/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Check Point 12400 appliance with Check Point OS Version R77.30 -FIPS Approved algorithms: AES (Cert. #3418); CVL (Certs. #514 and #920); DRBG (Cert. #823); ECDSA (Cert. #685); HMAC (Cert. #2176); RSA (Cert. #1750); SHS (Cert. #2824); Triple-DES (Cert. #1929) -Allowed algorithms: Diffie-Hellman (CVL Cert. #920, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The Check Point Cryptographic Library is a firmware module that provides cryptographic services to Check Point products. The module provides a number of NIST validated cryptographic algorithms for services such as IPSec and TLS. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module. For the purposes of FIPS 140-2 testing, the module was evaluated running on the Check Point 12400 appliance." |
| 2994 | Huawei Technologies Co., Ltd. No. 328, Xinghu Street Suzhou, JIANGSU 215000 CHINA Yang Ze TEL: +86 15919432118 Ji Xiang TEL: +86 15261806635 CST Lab: NVLAP 100432-0 | Huawei AP2030, AP4030, AP4130, AP5030, AP5130, AP6050, AP6150, AP7050 and AP8130 Wireless Access Points (Hardware Versions: P/Ns AP2030DN, AP4030DN, AP4130DN, AP5030DN, AP5130DN, AP6050DN, AP6150DN, AP7050DE and AP8130DN with Tamper-evident Seals 4057-113016; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper evident seals installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/14/2017 | 8/13/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Huawei AP AP2030, AP4030, AP4130, AP5030, AP5130, AP6050, AP6150, AP7050 and AP8130 Wireless Access Points are multi-chip standalone cryptographic modules enclosed in hard, commercial grade plastic and metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to provide secure communication for data transmitted between different networks. The modules provide network interfaces for data input and output." |
| 2993 | Huawei Technologies Co., Ltd. N. 328, Xinghu Street Suzhou, JIANGSU 215000 CHINA Yang Ze TEL: +86 15919432118 Ji Xiang TEL: +86 15261806635 CST Lab: NVLAP 100432-0 | Huawei AD9430DN-12 Wireless Access Device (Hardware Versions: P/Ns AD9430DN-12, Tamper Seals P/N 4057-113016; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper evident seals installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/14/2017 | 8/13/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Huawei AD9430DN-12 Wireless Access Device is a multi-chip standalone cryptographic module enclosed in a hard, commercial grade metal plastic case. The cryptographic boundary for this module is the enclosure. The primary purpose of this module is to provide secure communication for data transmitted between different networks. The module provides network interfaces for data input and output." |
| 2992 | Huawei Technologies Co., Ltd. No. 328, Xinghu Street Suzhou, JIANGSU 215000 CHINA Yang Ze TEL: +86 15919432118 Ji Xiang TEL: +86 15261806635 CST Lab: NVLAP 100432-0 | Huawei AD9430DN-24 Wireless Access Device (Hardware Versions: P/Ns AD9430DN-24 with Tamper-evident Seals 4057-113016 and External Baffles 99089JEB; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper evident seals and baffles installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/14/2017 | 8/13/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Huawei AD9430DN-24 Wireless Access Device is a multi-chip standalone cryptographic module enclosed in a hard, commercial grade metal case. The cryptographic boundary for this module is the enclosure. The primary purpose of this module is to provide secure communication for data transmitted between different networks. The module provides network interfaces for data input and output." |
| 2991 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 JungHa Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200997-0 | Samsung BoringSSL Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/10/2017 | 8/9/2022 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 7.0 with processor Qualcomm MSM8998 running on Samsung Galaxy S8+ Android 7.0 with processor Samsung EXYNOS8895 running on Samsung Galaxy S8 Android 7.0 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge Android 7.0 with processor Samsung EXYNOS8890 running on Samsung Galaxy S7 Edge Android 7.0 with processor Samsung EXYNOS7420 running on Samsung Galaxy S6 Edge Android 7.0 with processor Qualcomm MSM8996 running on Samsung Galaxy Tab S3 Android 7.0 with processor Qualcomm MSM8917 running on Samsung Galaxy J3 Android 7.0 with processor Samsung EXYNOS7570 running on Samsung Galaxy J3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4432); CVL (Certs. #1142 and #1143); DRBG (Cert. #1431); DSA (Cert. #1189); ECDSA (Cert. #1074); HMAC (Cert. #2944); KTS (AES Cert. #4432); RSA (Cert. #2413); SHS (Cert. #3650) -Allowed algorithms: Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength) Multi-Chip Stand Alone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data." |
| 2990 | Aruba a Hewlett Packard Enterprise company 8000 Foothills Blvd Roseville, CA 95747 USA Susan Scotten TEL: 916-785-8742 CST Lab: NVLAP 200002-0 | Aruba 2920 Switch Series (Hardware Versions: J9726A and J9729A; Firmware Version: WB.16.02.0015) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 11) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/10/2017 | 8/9/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4305); CVL (Cert. #1019); DRBG (Cert. #1366); DSA (Cert. #1145); HMAC (Cert. #2841); RSA (Cert. #2326); SHS (Cert. #3544); Triple-DES (Cert. #2326) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Aruba 2920 Switch series is a scalable Basic Layer 3 switch series that delivers modular stacking, static & RIP routing, IPv6, ACLs, and sFlow for a better mobile-first campus network experience. With a powerful ProVision ASIC, the 2920 provides security, scalability, and ease of use for the enterprise campus, SMB, and branch office networks." |
| 2989 | Aruba, a Hewlett Packard Enterprise company 3333 Scott Blvd Santa Clara, CA 95054 USA Steve Weingart TEL: 512-319-2480 CST Lab: NVLAP 200427-0 | Aruba AP-324 and AP-325 Wireless Access Points (Hardware Versions: [AP-324-F1 (HPE SKU JW185A) and AP-325-F1 (HPE SKU JW187A)] with FIPS Kit 4011570-01 (HPE SKU JY894A); Firmware Version: ArubaOS 6.5.1-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/10/2017 | 8/9/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1648, #3998 and #4138); CVL (Certs. #825, #944 and #945); DRBG (Cert. #1188); ECDSA (Certs. #891 and #950); HMAC (Certs. #538, #2610 and #2711); KBKDF (Cert. #92); RSA (Certs. #2054, #2254 and #2395); SHS (Certs. #934, #3300, #3408 and #3633); Triple-DES (Certs. #758, #2196 and #2262) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG Multi-Chip Stand Alone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2988 | Citrix Systems, Inc. 851 Cypress Creek Road Fort Lauderdale, FL 33309 USA Ben Tucker TEL: 954-267-3094 Jon Andersen TEL: 954-940-7737 CST Lab: NVLAP 100432-0 | Citrix FIPS Cryptographic Module (Hardware Versions: ARM v8-A, ARM v7-A, Intel Core i7 4th Generation, Intel Core i7 6th Generation, Intel Xeon 5600 series, Intel Exon E5-2600 v2 series; Software Version: 1.0) (When operated in FIPS Mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 08/10/2017 | 8/9/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): iOS 10 64bit running on an Apple 12.9-inch iPad Pro (A1584) with PAA Android 4.4 running on a Google Nexus 5 (LG D820) with PAA Android 5 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA Android 6 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA Windows 10 32bit running on a Lenovo 20CD00B2US with PAA Android 6 running on a Samsung Galaxy S6 (SM-G920T) with PAA Android 7 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA Android 7 running on a Google Nexus 5X (LG H790) with PAA Windows 10 64bit running on a Lenovo 20EV002JUS with PAA Linux 3.16 under XenServer 6 64bit running on a Dell PowerEdge C6100 with PAA Linux 3.16 under ESXi 5 64bit running on a HP ProLiant DL2000 with PAA Linux 3.16 under Hyper-V on Windows Server 2012 R2 64bit running on a HP ProLiant DL2000 with PAA FreeBSD 8.4 32bit running on a Citrix NetScaler MPX-14000-FIPS with PAA FreeBSD 8.4 64bit running on a Citrix NetScaler MPX-14000-FIPS with PAA Mac OS X 10.12 64bit running on an Apple Macbook Pro (A1398) with PAA Linux 3.13 64bit running on a Lenovo 20EV002JUS with PAA ViewSonic Thin OS running on a ViewSonic VS16585 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4397); CVL (Certs. #1101, #1102, #1103, #1104, #1105 and #1106); DRBG (Cert. #1417); DSA (Cert. #1174); ECDSA (Cert. #1056); HMAC (Cert. #2923); KAS (SP 800-56A-rev2 with CVL Certs. #1101, #1102, #1103 and #1106, vendor affirmed); KAS (SP 800-56B with CVL Certs. #1101, #1102, #1103 and #1104, vendor affirmed); KTS (AES Cert. #4397; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2379); SHS (Cert. #3626); Triple-DES (Cert. #2371) -Allowed algorithms: MD5 Multi-Chip Stand Alone "The Citrix FIPS Cryptographic Module is a software toolkit which provides various cryptographic functions to support the Citrix product portfolio." |
| 2987 | Trustonic 20 Station Road Cambridge CB1 2JD United Kingdom Alec Edgington TEL: +44 1223 347864 Mark Wooding TEL: +44 1223 347853 CST Lab: NVLAP 100432-0 | TRICX Cryptographic Library (Software Version: 1.0) (No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/10/2017 | 8/9/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Trustonic Kinibi 400A running on an ARM Cortex-A53 with PAA Trustonic Kinibi 400A running on an ARM Cortex-A53 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4468); CVL (Cert. #1180); DRBG (Cert. #1450); ECDSA (Cert. #1090); HMAC (Cert. #2965); KAS (Cert. #119, SP 800-56Arev2, vendor affirmed); KTS (AES Cert. #4468; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #2443); SHS (Cert. #3680); Triple-DES (Cert. #2398) -Allowed algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-Chip Stand Alone "TRICX is a general-purpose cryptographic library designed to be statically linked with a Trusted Application running on Trustonic's Kinibi operating system in a Trusted Execution Environment." |
| 2986 | Oberthur Technologies 4250 Pleasant Valley Rd Chantilly, VA 20151 USA Christophe Goyet TEL: +1 703-322-8951 FAX: n/a Said Boukyoud TEL: +33 178 147 258 FAX: n/a CST Lab: NVLAP 100432-0 | ID-One PIV on Cosmo V8.1 (Hardware Versions: P/Ns ‘30-5F01’ [1] and '40-6001' [2]; Firmware Versions: Firmware Extensions: ‘086294’+’086683’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 LARGE) [1] and Firmware Extensions: ‘086294’+’086693’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 STD) [2]) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) PIV Certificate #39 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/10/2017 | 8/9/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4107, #4108 and #4109); CVL (Certs. #921, #953 and #954); DRBG (Cert. #1234); ECDSA (Cert. #933); HMAC (Cert. #2683); KAS (Cert. #48); KBKDF (Cert. #106); KTS (AES Certs. #4107, #4108 and #4109); RSA (Certs. #2252 and #2253); SHA-3 (Cert. #6); SHS (Certs. #3379 and #3380); Triple-DES (Cert. #2245) -Allowed algorithms: NDRNG Single Chip "ID-One PIV on Cosmo V8.1 is the next generation of Personal Identification and Verification cards. It has an AES-256 Security Architecture and support both contact and contactless communications. It supports all features described in FIPS 201-2, SP800-73-4 and SP800-76-2 including Virtual Contact Interface and fingerprint on-card comparison. It can be used as a Smart Card (PIV/CIV) to provide physical and logical access control, or embedded in a hardware token for Derived Credentials. Its additional SAM capabilities make it the ideal portable HSM for the post-issuance management of PIV cards." |
| 2985 | Technologie Humanware 1800, rue Michaud Drummondville, QC J2C 7G7 Canada Dominic R. Labbé TEL: 450-463-1717 CST Lab: NVLAP 200556-0 | HumanWare Kernel Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/05/2017 | 8/4/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 4.4 running on a HumanWare BrailleNote Touch -FIPS Approved algorithms: AES (Cert. #4464); HMAC (Cert. #2962); SHS (Cert. #3676) -Allowed algorithms: N/A Multi-Chip Stand Alone "The Technologie Humanware HumanWare Kernel Cryptographic Module v1.0 is a software module providing cryptographic functionality to the HumanWare BrailleNote Touch. The HumanWare Kernel Cryptographic Module provides data encryption for calling applications on the HumanWare BrailleNote Touch." |
| 2984 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco FIPS Object Module (Software Version: 6.2) (When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/03/2017 | 8/2/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 3.10 running on an ARMv8 on a Google Nexus 5x Apple iOS 9 running on an ARMv8 on an Apple iPad Air 2 FreeBSD 10.3 running on an Intel Xeon on a Supermicro Intel Xeon E5 Linux 3.10 running on an Intel Core i5 without PAA on a Lenovo M900 Linux 3.10 running on an Intel Core i5 with PAA on a Lenovo M900 Linux 2.6 running on a Cavium Octeon MIPS64 on a Cisco WLC 5508 Linux 2.6 running on a Cavium Octeon MIPS64 with assembler on a Cisco WLC 5508 Linux 3.10 running on a Cavium Octeon MIPS64 with assembler on a Cisco ASA FPR-2100 Windows 10 running on an Intel Core i5 without PAA on a Lenovo M900 Windows 10 running on an Intel Core i5 with PAA on a Lenovo M900 FreeBSD 10.3 running on an Intel Xeon E5 on a Cisco UCS C220 M4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4233, #4234, #4235, #4236 and #4237); CVL (Certs. #981, #982, #983 and #984); DRBG (Certs. #1316 and #1317); DSA (Certs. #1129 and #1130); ECDSA (Certs. #978 and #979); HMAC (Certs. #2771, #2772, #2773, #2774, #2775 and #2776); KBKDF (Certs. #108 and #109); RSA (Certs. #2285 and #2286); SHS (Certs. #3470, #3471, #3472, #3473, #3474 and #3475); Triple-DES (Certs. #2292, #2293 and #2294) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 132 bits of encryption strength) Multi-Chip Stand Alone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2983 | Ixia 26601 W. Agoura Road Calabasas, CA 91302 USA Tom Casella TEL: 1-877-367-4942 FAX: 1-818-871-1805 Jarrod Tsukada TEL: 1-877-367-4942 FAX: 1-818-871-1805 CST Lab: NVLAP 200996-0 | Net Tool Optimizer (NTO) 7303 (Hardware Versions: NTO 7303 Chassis P/N 991-0082-01, NTO 7300 Series Supervisor Module P/N 992-0059-01 (QTY: 2), NTO 7300 Series Line Card with 16 QSFP+ ports P/N 992-0045-01, NTO 7300 Series Carrier Line Card Hydra P/N 992-0075-01 with NTO 7300 Series Advanced Feature Module Cassette with 16 SFP+ ports P/N 992-0067-01 (QTY: 2), NTO 7300 Series Carrier Line Card Hydra P/N 992-0075-01 with NTO 7300 Series 100G Port Interface Cassette P/N 992-0066-01 (QTY: 2), NTO 7300 Series Smart Blank Line Card P/N 992-0043-01, NTO 7300 Series PCM Line Card with 48 SFP+ ports P/N 992-0051-01, NTO 7300 Series ATIP Line Card with 48 SFP+ ports P/N 992-0050-01, NTO 7300 Series Fan Module Unit P/N 991-2013-01 (QTY: 6); Firmware Version: 4.5.0.16) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/03/2017 | 8/2/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4089); CKG (vendor affirmed); CVL (Cert. #904); DRBG (Cert. #1227); HMAC (Cert. #2669); PBKDF (vendor affirmed); RSA (Cert. #2213); SHS (Cert. #3365) -Allowed algorithms: NDRNG; RSA (key transport; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Designed to sit between a customer’s network and security tools, the NTO 7303 is a solution that controls the flow of network traffic to destination security devices and applications. The module uses a pool of high-speed data interfaces that are intended to forward different classes of traffic based on filters applied to each interface." |
| 2982 | Ixia 26601 W. Agoura Road Calabasas, CA 91302 USA Tom Casella TEL: 1-877-367-4942 FAX: 1-818-871-1805 Jarrod Tsukada TEL: 1-877-367-4942 FAX: 1-818-871-1805 CST Lab: NVLAP 200996-0 | Vision ONE (Hardware Versions: Vision ONE Chassis P/N 991-0114-01, Vision ONE AC Power Supply P/N 991-3023-01 (QTY: 2), Vision ONE Fan Assembly P/N 991-2020-02 (QTY: 2); Firmware Version: 4.5.0.16) (When operated in FIPS mode and with tamper evident seals installed) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/03/2017 | 8/2/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4089); CKG (vendor affirmed); CVL (Cert. #904); DRBG (Cert. #1227); HMAC (Cert. #2669); PBKDF (vendor affirmed); RSA (Cert. #2213); SHS (Cert. #3365) -Allowed algorithms: NDRNG; RSA (key transport; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Designed to sit between a customer’s network and security tools, Vision ONE is a solution that controls the flow of network traffic to destination security devices and applications. The module uses a pool of high-speed data interfaces that are intended to forward different classes of traffic based on filters applied to each interface." |
| 2981 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Version: 2.9) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/01/2017 | 7/31/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 Android 6.0.1 with processor Qualcomm 8992 Snapdragon running on BlackBerry PRIV Android OS API Level 17 with processor NXP ARM Cortex-A9 running on Ricoh MP C3004 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3988, #4299 and #4300); CKG (vendor affirmed); DRBG (Certs. #1180, #1359 and #1360); DSA (Certs. #1084, #1142 and #1143); ECDSA (Certs. #884, #1009 and #1010); HMAC (Certs. #2603, #2835 and #2836); KAS (Certs. #83, #98 and #99); KTS (vendor affirmed); RSA (Certs. #2046, #2320 and #2321); SHS (Certs. #3292, #3537 and #3538); Triple-DES (Certs. #2188, #2320 and #2321) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry products such as the BlackBerry PlayBook Administration Service, and other BlackBerry products." |
| 2980 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder FIPS Java Module (Software Version: 2.9) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/01/2017 | 7/31/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 Android 6.0.1 with processor Qualcomm 8992 Snapdragon running on BlackBerry PRIV Android OS API Level 17 with processor NXP ARM Cortex-A9 running on Ricoh MP C3004 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3988, #4299 and #4300); CKG (vendor affirmed); DRBG (Certs. #1180, #1359 and #1360); DSA (Certs. #1084, #1142 and #1143); ECDSA (Certs. #884, #1009 and #1010); HMAC (Certs. #2603, #2835 and #2836); KAS (Certs. #83, #98 and #99); KTS (vendor affirmed); RSA (Certs. #2046, #2320 and #2321); SHS (Certs. #3292, #3537 and #3538); Triple-DES (Certs. #2188, #2320 and #2321) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
| 2979 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Adaptive Security Appliances Cryptographic Module (Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] or [CISCO-FIPS-KIT=][5]; Firmware Version: 9.6) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco Firepower Cryptographic Module validated to FIPS 140-2 under Cert. #2960 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/01/2017 | 7/31/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301, #4249 and #4266); CVL (Certs. #1002 and #1008); DRBG (Certs. #332, #336, #819, #1328 and #1337); ECDSA (Certs. #989 and #995); HMAC (Certs. #1247, #1514, #2095, #2787 and #2811); RSA (Certs. #2297 and #2298); SHS (Certs. #1794, #2091, #2737, #3486 and #3512); Triple-DES (Certs. #1321, #1513, #1881, #2304 and #2307) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Enterprise-class firewall capabilities for the ASA devices in an array of form factors - standalone appliances tailor-made for small and midsize businesses, midsize appliances for businesses improving security . This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services." |
| 2978 | Canonical Ltd. 5th floor, Blue Fin Building 110 Southwark Street London SE1 0SU United Kingdom Joy Latten Andrew Cloke CST Lab: NVLAP 200658-0 | Ubuntu Strongswan Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode and with module Ubuntu Kernel Crypto API Cryptographic Module validated to FIPS140-2 under Cert. #2962 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/31/2017 | 7/30/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode) -FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374 and #4375); CVL (Cert. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1154, #1155, #1156, #1157, #1158, #1159 and #1160); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900, #2901, #2970, #2971, #2972, #2973, #2974, #2976 and #2977); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598, #3599, #3687, #3688, #3689, #3690, #3691, #3693 and #3694); Triple-DES (Certs. #2355, #2356 and #2357) -Allowed algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG Multi-Chip Stand Alone "Ubuntu Strongswan Cryptographic Module provides cryptographic services for the Internet Key Exchange (IKE) protocol in the Ubuntu Operating System user space." |
| 2977 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Liu Pinping TEL: +86 15850529039 CST Lab: NVLAP 100432-0 | Huawei S7700 Series Switches (Hardware Versions: S7703 P/N 02113959 Version P.3 with [1, 2 and 7], S7706 P/N 02113960 Version N.2 with [1, 3, 5 and 7] and S7712 P/N 02113961 Version P.2 with [1, 4, 6 and 7]; LPU P/N 03030MQP [1], MPU P/N 03030MPV [2], MPU P/N 03030MQS [3], MPU P/N 03031FSL [4], CSS P/N 03030QHL [5], CSS P/N 03030XYD [6] and Tamper Seals P/N 4057-113016 [7]; Firmware Version: V200R010C00SPC900B900) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/31/2017 | 7/30/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The S7700 Smart Routing Switch (S7700 for short) is a high-end smart routing switch designed for next-generation enterprise networks. The S7700 design is based on Huawei's intelligent multi-layer switching technology to provide intelligent service optimization methods, such as MPLS VPN, traffic analysis, comprehensive QoS policies, controllable multicast, load balancing, and security, in addition to high-performance Layer 2 to Layer 3 switching services." |
| 2976 | D'Crypt Private Limited 28 Sin Ming Lane, #06-133 Midview City 573972 Singapore Sales & Marketing TEL: (65)6933 1800 FAX: (65)6684 5142 Quek Gim Chye TEL: (65)6933 1800 FAX: (65)6684 5142 CST Lab: NVLAP 100432-0 | d’Cryptor® SC (Hardware Versions: P/N: DC-SPC-1, HW Version: 1.0; Firmware Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/31/2017 | 7/30/2022 | Overall Level: 4 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: ECDSA (Cert. #859); SHS (Cert. #3230) -Allowed algorithms: N/A Single Chip "The d'cryptor SC is a single-chip (ASIC) hardware security module designed for high security assurance applications. Its bootloader accepts a firmware image after successful authentication, performs a cryptographic verification of the received image and hands control over to the firmware upon successful verification. The SC can be employed as a secure cryptographic coprocessor in security modules where it provides a secure operational environment and high-performance cryptographic support. The SC supports a multitude of interfaces, including several UARTs, SPIs, I²C and numerous GPIOs." |
| 2975 | Western Digital Technologies, Inc. HGST, a Western Digital brand 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar® SS300 TCG Enterprise SSD (Hardware Versions: P/Ns HUSMM3216ASS205 (001) [1, 2, 3, 4, 5], HUSMM3232ASS205 (001) [1, 2, 3, 4, 5], HUSMM3240ASS205 (001) [1, 2, 3, 4, 5], HUSMM3280ASS205 (001) [1, 2, 3, 4, 5], HUSMR3216ASS205 (001) [1, 2, 3, 4, 5], HUSMR3232ASS205 (001) [1, 2, 3, 4, 5], HUSMR3240ASS205 (001) [1, 2, 3, 4, 5] and HUSMR3280ASS205 (001) [1, 2, 3, 4, 5]; Firmware Versions: R098 [1], R100 [2], R110 [3], R116 [4] or R118 [5]) (When operated in FIPS mode, installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/28/2017 | 7/27/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4281 and #4309); CKG (vendor affirmed); DRBG (Cert. #1341); HMAC (Cert. #2817); PBKDF (vendor affirmed); RSA (Cert. #2302); SHS (Certs. #3517 and #3519) -Allowed algorithms: NDRNG Multi-Chip Embedded "HGST Self-Encrypting TCG Enterprise drives meet or exceed the most demanding performance and security requirements. Ultrastar® SS300 solid-state TCG Enterprise 2.5-inch SAS drives support multiple MLC capacities, the 12 Gbps SAS-3 Interface and multiple Drive Write Day rates." |
| 2974 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 Jung Ha Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200002-0 | Samsung Kernel Cryptographic Module (Software Versions: 1.6.1 [1] and 1.8 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2017 | 7/26/2022 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 6.0.1 (Kernel 3.10) running on Samsung Galaxy J3 [1] Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 with PAA [2] Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 without PAA [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #4403, #4424, #4425, #4426 and #4427); HMAC (Certs. #2926, #2936, #2937, #2938 and #2939); SHS (Certs. #3630, #3641, #3642, #3643 and #3644) -Allowed algorithms: NDRNG Multi-Chip Stand Alone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2973 | Bluechip Systems LLC 2350 Mission College Blvd Suite 290 Santa Clara, CA 95054 USA Uri Kreisman TEL: 650-257-8000 FAX: 650-241-1895 CST Lab: NVLAP 100432-0 | MicroCloud X4 (Hardware Versions: P/Ns MCX4-004, MCX4-008; Firmware Versions: X4 Linux 3.4.110.1, MicroCloud Manager 1.9) (No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2017 | 7/26/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4250 and #4251); DRBG (Cert. #1329); ECDSA (Certs. #990, #991 and #992); HMAC (Cert. #2789); KTS (AES Cert. #4251, key wrapping; key agreement methodology provides 256 bits of encryption strength); PBKDF (vendor affirmed); SHS (Certs. #3487, #3488 and #3489) -Allowed algorithms: N/A Multi-Chip Stand Alone "The Module is a Linux computer in a microSD form factor, providing hardware isolated cryptographic services to host devices into which it is inserted. Main functions of the Module are Cryptographic Support, User Data Protection, Security Management and Protection of the Security Functionality. The cryptographic boundary is SD bus interface of the microSD." |
| 2972 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Liu Pinping TEL: +86 15850529039 CST Lab: NVLAP 100432-0 | Huawei S5720-SI & S5720-LI Series Switches (Hardware Versions: S5720-12TP-LI-AC P/N 98010567 Version E.3 with [1 and 2], S5720-12TP-PWR-LI-AC P/N 98010570 Version D.2 with [1 and 2], S5720-28X-LI-24S-AC P/N 98010629 Version D.2 with [1 and 2], S5720-28X-LI-AC P/N 98010581 Version C.2 with [1 and 2], S5720-28X-PWR-LI-AC P/N 98010593 Version C.2 with [1 and 2], S5720-28X-PWR-SI-AC P/N 02350DLW Version E.3 with [1 and 2], S5720-28X-SI-24S-AC P/N 98010625 Version C.22 with [1 and 2], S5720-28X-SI-AC P/N 02350DLT Version E.3 with [1 and 2], S5720-52P-LI-AC P/N 98010600 Version C.2 with [1 and 2], S5720-52P-PWR-LI-AC P/N 98010612 Version C.2 with [1], S5720-52P-SI-AC P/N 02350DLU Version E.3 with [1 and 2], S5720-52X-LI-AC P/N 98010606 Version D.2 with [1 and 2], S5720-52X-PWR-LI-AC P/N 98010619 Version C.2 with [1], S5720-52X-PWR-SI-AC P/N 02350DLX Version E.3 with [1 and 2], S5720-52X-SI-AC P/N 02350DLV Version E.3 with [1 and 2]; Tamper Seals P/N 4057-113016 [1] and External Baffle P/N 99089JEB [2]; Firmware Version: V200R010C00SPC900B900) (When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy (applies to S5720-52X-LI-AC, S5720-28X-PWR-LI-AC, S5720-12TP-LI-AC and S5720-12TP-PWR-LI-AC).) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2017 | 7/26/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The S5720 series Ethernet switches are next-generation energy-saving switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service aggregation. Based on cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the S5720 provides a large switching capacity, high reliability (double power slots and hardware Ethernet OAM), and high-density GE ports to accommodate 10 Gbit/s upstream transmissions. The S5720 is available in a lite (LI) series, a standard (SI) series, an enhanced (EI) series, and a hyper (HI) series." |
| 2971 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Liu Pinping TEL: +86 15850529039 CST Lab: NVLAP 100432-0 | Huawei S5720-EI Series Switches (Hardware Versions: S5720-36C-EI-28S-AC P/N 02359503 Version M.2, S5720-36C-EI-AC P/N 02359562 Version M.2, S5720-56C-EI-AC P/N 02359504 Version K.2, S5720-36C-PWR-EI-AC P/N 02359573 Version L.3 and S5720-56C-PWR-EI-AC P/N 02359576 Version L.2 all with Tamper Seals P/N 4057-113016 and External Baffle P/N 99089JEB; Firmware Version: V200R010C00SPC900B900) (When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2017 | 7/26/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The S5720 series Ethernet switches are next-generation energy-saving switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service aggregation. Based on cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the S5720 provides a large switching capacity, high reliability (double power slots and hardware Ethernet OAM), and high-density GE ports to accommodate 10 Gbit/s upstream transmissions. The S5720 is available in a lite (LI) series, a standard (SI) series, an enhanced (EI) series, and a hyper (HI) series." |
| 2970 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Carlos ROMERO-LICERAS TEL: +33 442365666 FAX: +33 442365545 Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 CST Lab: NVLAP 100432-0 | Prime PIV v2.1 Applet on TOP DL V2.1 platform (Hardware Version: NXP P60D144P VA (MPH149); Firmware Versions: TOPDLV2.1 (Filter04), PIV Applet version 2.1) (When operated in FIPS mode) PIV Certificate #38 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 07/26/2017 | 7/25/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3543); CVL (Certs. #597, #815 and #834); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); KTS (AES Cert. #3543; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984) -Allowed algorithms: NDRNG Single Chip "« Prime PIV v2.1 » is a FIPS201-2 smart card running on TOP DL V2.1 platform, which complies with the latest version of NIST SP800-73-4 and NIST SP800-85A-4. The product can be used over Contact and Contactless interfaces (ISO 7816 & 14443).Algorithms have been optimized to comply with NIST SP800-78-4 (AES CMAC for OPACITY secure messaging)." |
| 2969 | McAfee LLC 2200 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 972.963.7326 CST Lab: NVLAP 201029-0 | McAfee OpenSSL FIPS Object Module (Software Version: 1.0.1) (When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/25/2017 | 7/24/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.10 on VMware ESXi 5.5 running on Intel Xeon (gcc Compiler Version 4.8.5) (single-user mode) -FIPS Approved algorithms: AES (Cert. #4511); CVL (Cert. #1197); DRBG (Cert. #1474); DSA (Cert. #1201); ECDSA (Cert. #1097); HMAC (Cert. #2980); RSA (Cert. #2459); SHS (Cert. #3699); Triple-DES (Cert. #2408) -Allowed algorithms: EC Diffie-Hellman (CVL Cert. #1197, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength) Multi-Chip Stand Alone "The McAfee OpenSSL FIPS module provides cryptographic services for McAfee products." |
| 2968 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Shi Lisha TEL: +86 13451902202 CST Lab: NVLAP 100432-0 | Huawei AR2240, AR3260 and AR169FGVW-L Series Routers (Hardware Versions: AR2240 P/N 03022UFU Version C.2, AR3260 P/N 03022NPN Version I.3 and AR169FGVW-L P/N 50010168 Version L.2; Tamper Evident Seals P/N 4057-113016 and External Baffle P/N 99089JEB; Firmware Version: V200R008C10SPC120) (When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocols IKEv1 and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/25/2017 | 7/24/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4323); CKG (vendor affirmed); CVL (Cert. #1036); DRBG (Cert. #1379); ECDSA (Cert. #1023); HMAC (Cert. #2861); KTS (AES Cert. #4323 and HMAC Cert. #2861; key establishment methodology provides 128 bits of encryption strength); KTS (Triple-DES Cert. #2335 and HMAC Cert. #2861; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #3565); Triple-DES (Cert. #2335) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "ARs are located between an enterprise network and a public network, functioning as the only ingress and egress for data transmitted between the two networks. The deployment of various network services over the ARs reduces operation & maintenance (O&M) costs as well as those associated with establishing an enterprise network." |
| 2967 | CST Lab: NVLAP 200002-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/26/2017 | 7/25/2022 | Overall Level: 3 Multi-Chip Stand Alone |
| 2966 | Allegro Software Development Corporation 1740 Massachusetts Avenue Boxborough, MA 01719 USA Loren Shade TEL: 978-264-6600 CST Lab: NVLAP 200928-0 | Allegro Cryptographic Engine (Software Version: 6.2) (When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/20/2017 | 7/19/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 10 running on a Microsoft Surface Pro 4 with PAA Windows 10 running on a Microsoft Surface Pro 4 without PAA Linux Mint 18 Cinnamon running on an Intel NUC System with PAA Linux Mint 18 Cinnamon running on an Intel NUC System without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4121); CKG (vendor affirmed); CVL (Certs. #927 and #1074); DRBG (Cert. #1241); DSA (Cert. #1116); ECDSA (Cert. #936); HMAC (Cert. #2692); KTS (AES Cert. #4121, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2227); SHS (Cert. #3390); SHA-3 (Cert. #8); Triple-DES (Cert. #2251) -Allowed algorithms: Diffie-Hellman (CVL Cert. #927, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #927, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace." |
| 2965 | Dolby Laboratories, Inc. 1275 Market Street San Francisco, CA 94103 USA Jean-Philippe Viollet TEL: 818-524-2956 FAX: N/A CST Lab: NVLAP 200802-0 | IMS3-SM (Hardware Versions: IMS3-41 [A], IMS3-42 [A] and IMS3-43 [A]; Firmware Versions: (1.2.9-0, 1.2.9-3 and 1.2.4-0) [A]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2017 | 7/18/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4418, #4419 and #4421); CKG (vendor affirmed); DRBG (Cert. #1427); HMAC (Cert. #2934); KTS (AES Cert. #4421); RSA (Cert. #2407); SHS (Cert. #3639) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "The IMS3-SM is the module that contains the Security Manager present in the Dolby Laboratories, Inc. IMS3000 (for hardware models IMS3-41, IMS3-42, IMS3-43) that can be hosted inside D-Cinema DLP projectors. It supports highest JPEG-2000 decoding capabilities and accepts alternative content as well." |
| 2964 | Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 USA Adam Langley CST Lab: NVLAP 201029-0 | BoringCrypto (Software Version: 24e5886c0edfc409c8083d10f9f1120111efd6f5) (When installed, initialized and configured as specified in Section 12.1 of the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/19/2017 | 7/18/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Ubuntu Linux 14.04 LTS running on Intel Xeon E5 without PAA (clang Compiler Version 4.0.0) Ubuntu Linux 16.04 running on Intel Xeon E5 with PAA (clang Compiler Version 4.0.0) Ubuntu Linux 15.04 running on POWER8 without PAA (clang Compiler Version 4.0.0) Ubuntu Linux 17.04 running on POWER8 with PAA (clang Compiler Version 4.0.0) Ubuntu Linux 17.04 running on POWER9 with PAA (clang Compiler Version 4.0.0) (single-user mode) -FIPS Approved algorithms: AES (Cert. #4558); CVL (Cert. #1240); DRBG (Cert. #1507); ECDSA (Cert. #1112); HMAC (Cert. #3011); KTS (AES Cert. #4558; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #2485); SHS (Cert. #3736); Triple-DES (Cert. #2428) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications." |
| 2963 | HGST, a Western Digital company 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar® He¹² TCG Enterprise HDD (Hardware Versions: P/Ns HUH721212AL5205 (0001) [1, 2], and HUH721212AL4205 (0001) [1, 2];; Firmware Version: R39C [1] or R3D0 [2]) (When operated in FIPS mode, installed, initialized and configured asspecified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/18/2017 08/31/2017 | 7/17/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3880 and #3881); DRBG (Cert. #1108); HMAC (Cert. #2522); PBKDF (vendor affirmed); RSA (Cert. #1978); SHS (Certs. #3203 and #3204) -Allowed algorithms: NDRNG Multi-Chip Embedded "HGST self-encrypting Ultrastar® He¹² TCG Enterprise Hard-Disk drives meet or exceed the most demanding performance and security requirements. The Ultrastar He¹² TCG is based on fourth-generation HelioSeal® technology, uses PMR technology and is the industry's first 12TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He¹² TCG provides the highest reliability rating available of all HDDs on the market today by building on the successful design of its 10TB, 8TB and 6TB predecessors." |
| 2962 | Canonical Ltd. 5th floor, Blue Fin Building 110 Southwark Street London SE1 0SU United Kingdom Joy Latten Andrew Cloke CST Lab: NVLAP 200658-0 | Ubuntu Kernel Crypto API Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/18/2017 | 7/17/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode) -FIPS Approved algorithms: AES (Certs. #4478, #4479, #4480, #4481, #4482, #4483, #4484, #4485, #4486, #4487, #4488, #4489, #4490, #4491, #4492, #4493, #4494, #4495, #4496, #4497, #4498, #4500, #4501, #4502, #4503, #4504, #4505, #4506 and #4507); DRBG (Certs. #1457, #1458, #1459, #1460, #1461, #1462, #1463, #1464, #1465, #1466, #1467, #1469 and #1470); HMAC (Certs. #2970, #2971, #2972, #2973, #2974, #2975, #2976 and #2977); KTS (AES Certs. #4478, #4481, #4484, #4489, #4492, #4498 and #4502; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #2447, #2448, #2449, #2450, #2451, #2452, #2453 and #2454); SHS (Certs. #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694 and #3695); Triple-DES (Certs. #2401, #2402, #2403, #2404, #2405, #2406 and #2407) -Allowed algorithms: NDRNG Multi-Chip Stand Alone "Ubuntu Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services." |
| 2961 | 128 Technology 200 Summit Drive Burlington, MA 01803 USA Patrick Melampy TEL: N/A FAX: N/A Prashant Kumar TEL: N/A FAX: N/A CST Lab: NVLAP 201029-0 | 128 Technology Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/18/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The 128T Networking Platform is a software-based, distributed routing and network services solution. The 128T Networking Platform uses Secure Vector Routing to simplify network architectures and provide fine-grained, end-to-end control and visibility. 128T runs on general-purpose computer and allows a wide range of deployment models - from remote branch offices to high-capacity network edges to hyper-scale data centers. The platform enables greater security and agility by distributing intelligence throughout the network - without disrupting your existing network infrastructure. The 128 Tech" |
| 2960 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Firepower Cryptographic Module (Firmware Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2017 | 7/16/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): [Cisco ASA 5506-X, Cisco ASA 5506H-X, Cisco ASA 5506W-X, Cisco ASA 5508-X, Cisco ASA 5516-X, Cisco ASA 5512-X, Cisco ASA 5515-X, Cisco ASA 5525-X, Cisco ASA 5545-X, Cisco ASA 5555-X] with Fire Linux OS 6.1 -FIPS Approved algorithms: AES (Cert. #4266); CVL (Cert. #1008); DRBG (Cert. #1337); ECDSA (Cert. #995); HMAC (Cert. #2811); RSA (Cert. #2297); SHS (Cert. #3512); Triple-DES (Cert. #2307) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The module is designed to help you handle network traffic in a way that complies with your organization's security policy for protecting your network. The system can affect the flow of traffic using access control, which allows you to specify, in a granular fashion, how to handle the traffic entering, exiting, and traversing your network. All the information gathered from it can be used to filter and control that traffic." |
| 2959 | Infineon Technologies AG Am Campeon 1-12 Neubiberg, BY 85579 Germany Roland Ebrecht TEL: +49-821-25851-68 FAX: +49-821-25851-40 Thomas Hoffmann TEL: +49-821-25851-24 FAX: +49-821-25851-40 CST Lab: NVLAP 100432-0 | Trusted Platform Module 2.0 SLB 9660/SLB 9665/SLB 9670 (Hardware Versions: P/Ns SLB 9660 (Package PG-TSSOP-28-2 or PG-VQFN-32-13) [1], SLB 9665 (Package PG-TSSOP-28-2 or PG-VQFN-32-13) [1] and SLB 9670 (Package PG-VQFN-32-13) [2]; Firmware Version: 5.80 [1] or 7.80 [2]) (When operated in FIPS mode as specified in Security Policy Sections 1.1 and 8.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/17/2017 | 7/16/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4318 and #4319); CKG (vendor affirmed); CVL (Certs. #1030, #1032, #1033 and #1035); DRBG (Certs. #1374 and #1375); ECDSA (Certs. #1020 and #1021); HMAC (Certs. #2851 and #2852); KAS (Certs. #105 and #106); KBKDF (Certs. #117 and #118); KTS (AES Certs. #4318 and #4319 and HMAC Certs. #2851 and #2852; key establishment methodology provides 128 bits of encryption strength); KTS (vendor affirmed); RSA (Certs. #2332 and #2333); SHS (Certs. #3554 and #3555) -Allowed algorithms: NDRNG Single Chip "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family "2.0", Level 00, Revision 01.16, October 2014 (ISO/IEC 11889:2015, Parts 1-4). See http://www.trustedcomputinggroup.org/ for further information on TCG and TPM." |
| 2958 | UTC Fire & Security Americas Corporation, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA Michael O'Brien TEL: 585-267-8345 FAX: 585-248-9185 Robert Pethick TEL: 585-267-8046 FAX: 585-248-9185 CST Lab: NVLAP 100432-0 | Lenel OnGuard Access Control Cryptographic Module (Software Version: 7.3.345.54) (When operated in FIPS mode with [(Windows 10 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #2606 operating in FIPS mode), (Windows Server 2012 R2 and Windows 8.1 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #2357 operating in FIPS mode), or (Windows 8 and Windows Server 2012 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode)]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/13/2017 | 7/12/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Intel i7-6700 w/ Microsoft Windows 8.1 64-bit on Vmware ESXi 6.0 Intel i7-6700 w/ Microsoft Windows 8 64-bit on Vmware ESXi 6.0 Intel i7-6700 w/ Microsoft Windows Server 2012 64-bit on Vmware ESXi 6.0 Intel i7-6700 w/ Microsoft Windows Server 2012 R2 64-bit on Vmware ESXi 6.0 Intel i7-6700 w/ Microsoft Windows 10 64-bit on Vmware ESXi 6.0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2197, #2832, #3497 and #4149); DRBG (Certs. #258, #489 and #868); RSA (Certs. #1134, #1493 and #1783); SHS (Certs. #1903, #2373 and #2886) -Allowed algorithms: AES (Cert. #4149, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Stand Alone "The Lenel OnGuard Access Control Cryptographic Module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system which is built on an open architecture platform and offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution." |
| 2957 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Gokul Karthik Balaswamy TEL: 425-706-8583 FAX: 425-708-0107 Christine Ahonen TEL: 425-706-8675 FAX: 425-936-7329 CST Lab: NVLAP 200427-0 | Microsoft Corporation Windows Embedded Compact Enhanced Cryptographic Provider 7.00.2872 and Microsoft Corporation Windows Embedded Compact Enhanced Cryptographic Provider 8.00.6246 (Software Versions: 7.00.2872 [1] and 8.00.6246 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/12/2017 | 7/11/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Embedded Compact 7 (MIPS II) running on a Sigma Designs Vantage 8654 Development Kit [1] Windows Embedded Compact 7 (MIPS II FP) running on a Sigma Designs Vantage 8654 Development Kit [1] Windows Embedded Compact 7 (ARMv7) running on a TI OMAP TMDSEVM3530 [1] Windows Embedded Compact 7 (ARMv6) running on a Samsung SMDK6410 Development Kit [1] Windows Embedded Compact 7 (ARMv5) running on a Freescale i.MX27 Development Kit [1] Windows Embedded Compact 2013 (x86) running on an eBox-330-A [2] Windows Embedded Compact 2013 (ARMv7) running on a TI TMDSEVM3730 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #4433 and #4434); CKG (vendor affirmed); DRBG (Certs. #1432 and #1433); HMAC (Certs. #2945 and #2946); RSA (Certs. #2414 and #2415); SHS (Certs. #3651 and #3652); Triple-DES (Certs. #2383 and #2384) -Allowed algorithms: HMAC-MD5; MD5; NDRNG Multi-Chip Stand Alone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography." |
| 2956 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Gokul Karthik Balaswamy TEL: 425-706-8583 FAX: 425-708-0107 Christine Ahonen TEL: 425-706-8675 FAX: 425-936-7329 CST Lab: NVLAP 200427-0 | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) (Software Versions: 7.00.2872 [1] and 8.00.6246 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/11/2017 | 7/10/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Embedded Compact 7 (MIPS II) running on a Sigma Designs Vantage 8654 Development Kit [1] Windows Embedded Compact 7 (MIPS II FP) running on a Sigma Designs Vantage 8654 Development Kit [1] Windows Embedded Compact 7 (ARMv7) running on a TI OMAP TMDSEVM3530 [1] Windows Embedded Compact 7 (ARMv6) running on a Samsung SMDK6410 Development Kit [1] Windows Embedded Compact 7 (ARMv5) running on a Freescale i.MX27 Development Kit [1] Windows Embedded Compact 2013 (x86) running on an eBox-330-A [2] Windows Embedded Compact 2013 (ARMv7) running on a TI TMDSEVM3730 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #4430 and #4431); CKG (vendor affirmed); CVL (Certs. #1139 and #1140); DRBG (Certs. #1429 and #1430); DSA (Certs. #1187 and #1188); ECDSA (Certs. #1072 and #1073); HMAC (Certs. #2942 and #2943); KAS (Certs. #114 and #115); RSA (Certs. #2411 and #2412); SHS (Certs. #3648 and #3649); Triple-DES (Certs. #2381 and #2382) -Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-Chip Stand Alone "The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (versions 7.00.2872 and 8.00.6246), subject to FIPS 140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 and 2013 components and applications running on Windows Embedded Compact 7 and 2013." |
| 2955 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexNetwork 7500 and HPE FlexFabric 7900 and 12904 Switch Series (Hardware Versions: HPE FlexNetwork 7502 Switch Chassis (JD242C) with (JH208A) [1], HPE FlexNetwork 7503 Switch Chassis (JD240C) with (JH207A) [1], HPE FlexNetwork 7503 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH331A) with (JH209A) [1], HPE FlexNetwork 7506 Switch Chassis (JD239C) with (JH207A) [1], HPE FlexNetwork 7506 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH332A) with (JH209A) [1], HPE FlexNetwork 7510 Switch Chassis (JD238C) with (JH207A) [1], HPE FlexNetwork 7510 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH333A) with (JH209A) [1], HPE FlexFabric 7904 Switch Chassis (JG682A) with (JG683B) [2], HPE FlexFabric 7910 Switch Chassis (JG841A) with (JH001A or JG842A) and (JG683B) [2], HPE FlexFabric 12904E Switch AC Chassis (JH262A) with (JH263A) [3];; Firmware Versions: HPE Comware 7.1.045, Release R7179 [1], HPE Comware 7.1.045, Release R2150 [2], HPE Comware 7.1.045, Release R1150 [3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2017 | 7/10/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4090, #4092, #4095 and #4097); CKG (vendor affirmed); CVL (Certs. #905, #906, #909 and #910); DRBG (Certs. #1228 and #1230); DSA (Certs. #1111 and #1113); ECDSA (Certs. #924 and #926); HMAC (Certs. #2670, #2672, #2675 and #2677); RSA (Certs. #2214 and #2216); SHS (Certs. #3366, #3368, #3371 and #3373) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #905 and #909, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 2954 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexNetwork MSR1000, MSR2000, MSR3000 and MSR4000 Router Series (Hardware Versions: {HPE FlexNetwork MSR1002-4 Router (JG875A) with (JD574B, JD573B, and JD559A) or with (JD573B and JD559A) and opacity shield JG598A, HPE FlexNetwork MSR1003-8S AC Router (JH060A) with (JD560A, JD559A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR2003 AC Router (JG411A) with (JD558A and JD574B) or with (JD559A, JD576A, and JF821A) and opacity shield JG598A, HPE FlexNetwork MSR2003 TAA-compliant AC Router (JG866A) with (JD558A and JD574B) or with (JD559A, JD576A, and JF821A) and opacity shield JG598A, HPE FlexNetwork MSR2004-24 AC Router (JG734A) with (JD560A, JD559A, JF821A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR2004-48 Router (JG735A) with (JD560A, JD559A, JF821A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR3012 AC Router (JG409A) with (JG604A, JF281A, and JG430A) and opacity shield JG599A, HPE FlexNetwork MSR3044 Router (JG405A) with (JD559A, JD560A, JD561A, JG438A, JG442A, JG443A, and JG447A) and opacity shield JG600A, HPE FlexNetwork MSR3064 Router (JG404A) with (JG604A, JF281A, JG211A, JG737A, JG430A, JG447A, JD624A, JG415A, JD613A, JG457A, and JG435A) and opacity shield JG601A, HPE FlexNetwork MSR4060 Router Chassis (JG403A) with JG869A and (JG415A, JF254B, JG435A, and JG447A) and opacity shield JG602A, HPE FlexNetwork MSR4080 Router Chassis (JG402A) with JG869A and (JF841A, JG416A, JF841A, JG415A, JF254B, JC160A, JC159A, and JF837A) and opacity shield JG603A} with tamper evidence labels: JG585A or JG586A; Firmware Version: HPE Comware 7.1.045 Release R0305P08) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2017 | 7/10/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4091, #4094 and #4096); CKG (vendor affirmed); CVL (Certs. #907 and #908); DRBG (Cert. #1229); DSA (Cert. #1112); ECDSA (Cert. #925); HMAC (Certs. #2671, #2674 and #2676); RSA (Cert. #2215); SHS (Certs. #3367, #3370 and #3372) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #907, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 2953 | Attivo Networks Inc. 47697 Westinghouse Drive, Suite 201 Fremont, CA USA Satya Das TEL: 510-623-1000 CST Lab: NVLAP 200968-0 | Attivo Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/07/2017 | 1/29/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Mac OS X El Capitan 10.11.3 running on an Intel Core i5 1.4GHz system with PAA CentOS 6.5 on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA CentOS 6.5 on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA Ubuntu 12.04 LTS on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA Windows Server 2008 SP2 (32 bit) on CentOS 6.5 – KVM running on and Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA Ubuntu 12.04 LTS on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA Windows Server 2008 SP2 32-bit on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz system with PAA Windows 7 Professional 64-bit on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA Windows 7 Professional 64-bit on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3983); CVL (Cert. #812); DRBG (Cert. #1176); DSA (Cert. #1083); ECDSA (Cert. #881); HMAC (Cert. #2599); RSA (Cert. #2044); SHS (Cert. #3288); Triple-DES (Cert. #2186) -Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "Attivo Cryptographic Module is a component of Attivo Networks’ products such as the Attivo Central Manager 200, BOTsink 3200, and BOTsink 5100. These products constitute the Attivo ThreatMatrix Deception and Response Platform which detects stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments by deceiving attackers into revealing themselves. The detections along with comprehensive attack analysis and actionable alerts empower accelerated incident response." |
| 2952 | Singlewire Software Singlewire Software Madison, WI 53717 USA Sales TEL: N/A FAX: N/A N/A TEL: N/A FAX: N/A CST Lab: NVLAP 201029-0 | InformaCast Java Crypto Library (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2804) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/07/2017 | 12/7/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090) -Allowed algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "InformaCast transforms devices on your network into a powerful system for IP paging and emergency alerting. InformaCast contains Java libraries that feature robust FIPS 140-2 validated algorithm support." |
| 2951 | Singlewire Software 1002 Deming Way Madison, WI 53717 USA Sales TEL: N/A FAX: N/A N/A TEL: N/A FAX: N/A CST Lab: NVLAP 201029-0 | InformaCast C Crypto Library (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/07/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "InformaCast transforms devices on your network into a powerful system for IP paging and emergency alerting. InformaCast contains C libraries that feature robust FIPS 140-2 validated algorithm support." |
| 2950 | Hypersecu Information Systems Inc. #200-6191 Westminster Hwy Richmond, BC V7C 4V4 Canada James Li TEL: +1 (604) 279-2000 FAX: +1 (604) 272-1233 Gregory Dunn TEL: +1 (604) 279-2000 FAX: +1 (604) 272-1233 CST Lab: NVLAP 100432-0 | HyperPKI™ HYP2003 (Hardware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/06/2017 | 7/6/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "HyperPKI™ HYP2003 token is a portable two-factor USB token advanced with smart card technology. HYP2003 utilizes digital certificate based technologies to generate and store credentials, such as private keys, passwords and digital certificates inside the secured smart card chip. It is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection." |
| 2949 | Hewlett Packard Enterprise 8000 Foothills Blvd Roseville, CA 95747 USA Susan Scotten TEL: 916-785-8742 CST Lab: NVLAP 200002-0 | Aruba 5400R zl2 Switch Series (Hardware Versions: 5406R zl2 J9821A [1] and 5412R zl2 J9822A [2]; Interface Modules: (J9537A [2], J9546A [2], J9986A [1,2], 9987A [1,2], J9988A [1,2], J9989A [2], J9990A [1,2], J9991A [2], J9992A [2], J9993A [1,2], J9995A [1,2], J9996A [2]); Management Module: J9827A [1,2]; Firmware Version: KB.16.02.0015) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 11) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/06/2017 | 7/5/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4304); CVL (Cert. #1018); DRBG (Cert. #1365); DSA (Cert. #1144); HMAC (Cert. #2840); RSA (Cert. #2325); SHS (Cert. #3543); Triple-DES (Cert. #2325) -Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO." |
| 2948 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Bill Shelton TEL: 408-745-2000 Vann (Vanna) Nguyen TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways with Junos 15.1X49-D75 (Hardware Versions: SRX5400, SRX5600, SRX5800 with components identified in Security Policy Table 1 and JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS-MODE 15.1X49-D75) (When operated in FIPS mode and with tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/06/2017 07/28/2017 | 7/5/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4393, #4394 and #4395); CKG (vendor affirmed); CVL (Certs. #1095 and #1096); DRBG (Certs. #1415 and #1423); DSA (Certs. #1172 and #1173); ECDSA (Certs. #1053 and #1054); HMAC (Certs. #2919, #2920 and #2921); KTS (AES Cert. #4393 and HMAC Cert. #2919; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (AES Cert. #4394 and HMAC Cert. #2920; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2368 and HMAC Cert. #2919; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2369 and HMAC Cert. #2920; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #2377 and #2383); SHS (Certs. #3621, #3622, #3623 and #3624); Triple-DES (Certs. #2368, #2369 and #2370) -Allowed algorithms: Diffie-Hellman (CVL Certs. #1095 and #1096, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1095 and #1096, key agreement; key establishment methodology provides 128 or 192 bit of encryption strength); NDRNG Multi-Chip Stand Alone "Juniper Networks® SRX5400, SRX5600, and SRX5800 Services Gateways are next-gen intelligent security platforms ideally suited for service provider, large enterprise, and public sector networks. Based on a revolutionary architecture offering superior protection, performance, scalability, services integration, and six nines of carrier-grade reliability the SRX5000 series are custom designed to deliver the highest level of protection incorporating advanced services such as application security, Unified Threat Management (UTM), Intrusion Prevention (IPS), and integrated threat intelligence." |
| 2947 | NCoded Communications LLC 17633 Gunn Hwy #188 Odessa, FL 33556 USA Peter Rung TEL: N/A FAX: N/A Shad Epolito TEL: N/A FAX: N/A CST Lab: NVLAP 201029-0 | NCoded Cryptographic Mobile Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #1938.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/05/2017 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Multi-Chip Stand Alone "NCoded Cryptographic Mobile (NCM) Module is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to the mobile devices and features robust algorithm support, including Suite B algorithms. NCM offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2946 | Bull Atos Technologies Rue Jean JaurFs B.P.68 Les Clayes sous Bois 78340 France Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87 CST Lab: NVLAP 200928-0 | CHR Cryptographic Module (Hardware Version: 006/A; Firmware Version: V1.06-00L) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/29/2017 | 6/28/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: RSA (Cert. #1884); SHS (Cert. #3067) -Other algorithms: N/A Multi-Chip Stand Alone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR." |
| 2945 | TCL Communication Ltd. 25 Edelman Suite 200 Irvine, CA 92618 USA Alain Perrier TEL: 214-316-2312 Nikhil Mhatre TEL: 954-914-9952 CST Lab: NVLAP 200658-0 | TCT Crypto Engine (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/23/2017 | 3/21/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4513 and #4514) -Other algorithms: N/A Single Chip "TCT Crypto Engine high throughput storage data encryption and decryption." |
| 2944 | TCL Communication Ltd. 25 Edelman Suite 200 Irvine, CA 92618 USA Alain Perrier TEL: 214-316-2312 Nikhil Mhatre TEL: 954-914-9952 CST Lab: NVLAP 200658-0 | TCT Random Number Generator (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/23/2017 | 4/7/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #1475); SHS (Certs. #3700 and #3702) -Other algorithms: NDRNG Single Chip "TCT Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG" |
| 2943 | TCL Communication Ltd. 25 Edelman Suite 200 Irvine, CA 92618 USA Alain Perrier TEL: 214-316-2312 Nikhil Mhatre TEL: 954-914-9952 CST Lab: NVLAP 200658-0 | TCT Crypto Engine Core (Hardware Version: 5.3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/23/2017 | 4/10/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4512); HMAC (Cert. #2981); SHS (Cert. #3701); Triple-DES (Cert. #2409) -Other algorithms: AEAD; DES Single Chip "TCT Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments" |
| 2942 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 Jung Ha Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200002-0 | Samsung Flash Memory Protector V1.2 (Hardware Version: 3.0.2; Software Version: 1.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 06/23/2017 | 6/22/2022 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4423) -Other algorithms: N/A Multi-Chip Stand Alone "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The hardware module supports AES with CBC mode and XTS-AES cryptographic services." |
| 2941 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield Solo XC F3 [1] and nShield Solo XC F3 for nShield Connect XC [2] (Hardware Versions: NC4035E-000 [1] and NC4335N-000 [2], Build Standard A; Firmware Version: 3.3.21) (When installed, initialized and configured as specified in Section 5.2.3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2017 | 6/22/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3664, #3697 and #3711); CVL (Certs. #669, #682, #696 and #1111); DRBG (Cert. #985); DSA (Certs. #1034 and #1039); ECDSA (Certs. #771, #776, #790 and #805); HMAC (Cert. #2414); KBKDF (Certs. #73 and #75); KTS (AES Cert. #3664 and #3711; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1897, #1903 and #1917); SHS (Certs. #3082 and #3130); Triple-DES (Certs. #2046 and #2073) -Other algorithms: NDRNG Multi-Chip Embedded "The nShield XC F3 PCIe card, sold as nShield XC F3 PCIe server-embedded hardware security modules (HSMs) and also used in the nShield Connect XC network appliance HSMs, are multi-tasking HSMs optimized for symmetric and asymmetric operations on protected keys. The nShield modules are FIPS 140-2 Level 3 embedded devices for applications including but not limited to PKI, SSL/TLS, Secure Manufacturing, Data Protection, Key Management and Provisioning." |
| 2940 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexNetwork 10500 and HPE FlexFabric 12500 and 12900 Switch Series (Hardware Versions: {HPE FlexNetwork 10504 Switch Chassis JC613A with (JG496A or JH198A) and opacity shield JG710A [1], HPE FlexNetwork 10504 Switch TAA-Compliant Chassis JG820A with JH206A and opacity shield JG710A [1], HPE FlexNetwork 10508 Switch Chassis JC612A with (JG496A or JH198A) and opacity shield JG711A [1], HPE FlexNetwork 10508 Switch TAA-Compliant Chassis JG821A with JH206A and opacity shield JG711A [1], HPE FlexNetwork 10508-V Switch Chassis JC611A with (JG496A or JH198A) and opacity shield JG712A [1], HPE FlexNetwork 10508-V Switch TAA-Compliant Chassis JG822A with JH206A and opacity shield JG712A [1], HPE FlexNetwork 10512 Switch Chassis JC748A with (JG496A or JH198A) and opacity shield JG713A [1], HPE FlexNetwork 10512 Switch TAA-Compliant Chassis JG823A with JH206A and opacity shield JG713A [1], HPE FlexFabric 12504 AC Switch Chassis JC654A with (JC072B or JG497A), JG794A and opacity sheild JG721A [2], HPE FlexFabric 12508E AC Switch Chassis JG782A with JG802A and JG794A [2], HPE FlexFabric 12518E AC Switch Chassis JG784A with JG802A and JG794A [2], HPE FlexFabric 12908E Switch Chassis JH255A with JH104A [3], HPE FlexFabric 12910 Switch AC Chassis JG619A with JG621A [3], HPE FlexFabric 12910 TAA Compliant Switch AC Chassis JH113A with JH114A [3], HPE FlexFabric 12916E Switch Chassis JH103A with JH104A [3]} with tamper evidence labels: JG585A or JG586A; Firmware Versions: HPE Comware 7.1.045, Release R7179[1], HPE Comware 7.1.045, Release R7377[2], HPE Comware 7.1.045, Release R1150[3]) (When operated in FIPS mode with tamper evident labels and opacity kits installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/28/2017 | 6/27/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4090, #4092, #4093, #4095, #4097 and #4098); CKG (vendor affirmed); CVL (Certs. #905, #906, #909, #910, #911 and #912); DRBG (Certs. #1228, #1230 and #1231); DSA (Certs. #1111, #1113 and #1114); ECDSA (Certs. #924, #926 and #927); HMAC (Certs. #2670, #2672, #2673, #2675, #2677 and #2678); RSA (Certs. #2214, #2216 and #2217); SHS (Certs. #3366, #3368, #3369, #3371, #3373 and #3374) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #905, #909 and #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant) Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 2939 | NCoded Communications LLC 17633 Gunn Hwy #188 Odessa, FL 33556 USA Peter Rung TEL: N/A FAX: N/A Shad Epolito TEL: N/A FAX: N/A CST Lab: NVLAP 201029-0 | NCoded Cryptographic Server Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/22/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG Multi-Chip Stand Alone "NCoded Cryptographic Server Module is a standards-based "Drop-in Compliance" cryptographic engine for servers and appliances. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. NCoded Cryptographic Server Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2938 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Secure Kernel Code Integrity (skci.dll) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode) -FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347) -Other algorithms: MD5 Multi-Chip Stand Alone "Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed." |
| 2937 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with the modules Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode and Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2936 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) -Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography." |
| 2936 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227) -Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)." |
| 2935 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347) -Other algorithms: AES (non-compliant); MD5 Multi-Chip Stand Alone "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk." |
| 2934 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4061 and #4064) Multi-Chip Stand Alone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
| 2933 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) -Other algorithms: MD5 Multi-Chip Stand Alone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
| 2932 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347) -Other algorithms: NDRNG; MD5 Multi-Chip Stand Alone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
| 2931 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 (Software Version: 10.0.14393) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347) -Other algorithms: MD5; PBKDF (non-compliant); VMK KDF Multi-Chip Stand Alone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
| 2930 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexNetwork 5130EI, 5130HI, 5510HI and FlexFabric 5930 Switch Series (Hardware Versions: HPE FlexNetwork 5130 24G 4SFP+ EI Switch (JG932A) [1], HPE FlexNetwork 5130 24G SFP 4SFP+ EI Switch (JG933A) [1], HPE FlexNetwork 5130 48G 4SFP+ EI Switch (JG934A) [1], HPE FlexNetwork 5130 24G PoE+ 4SFP+ (370W) EI Switch (JG936A) [1], HPE FlexNetwork 5130 48G PoE+ 4SFP+ (370W) EI Switch (JG937A) [1], HPE FlexNetwork 5130 24G 2SFP+ 2XGT EI Switch (JG938A) [1], HPE FlexNetwork 5130 48G 2SFP+ 2XGT EI Switch (JG939A) [1], HPE FlexNetwork 5130 24G POE+ 2SFP+ 2XGT (370W) EI Switch (JG940A) [1], HPE FlexNetwork 5130 48G POE+ 2SFP+ 2XGT (370W) EI Switch (JG941A) [1], HPE 5130 24G 4SFP+ 1-slot HI Switch (JH323A) [2], HPE 5130 48G 4SFP+ 1-slot HI Switch (JH324A) [2], HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch (JH325A) [2], HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch (JH326A) [2], HPE 5510 24G 4SFP+ HI 1-slot Switch (JH145A) [3], HPE 5510 48G 4SFP+ HI 1-slot Switch (JH146A) [3], HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch (JH147A) [3], HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch (JH148A) [3], HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) [3], HPE FlexFabric 5930 32QSFP+ Switch (JG726A) [4], HPE FlexFabric 5930 32QSFP+ Switch TAA version (JG727A) [4], HPE FlexFabric 5930 4-slot Switch (JH179A) [4], HPE FlexFabric 5930 4-slot Switch TAA1 version (JH188A) [4], HPE FlexFabric 5930 2QSFP+ 2-slot Switch (JH178A) [4], HPE FlexFabric 5930 2QSFP+ 2-slot Switch TAA1 version (JH187A) [4]; Firmware Versions: HPE Comware 7.1.045, Release R3113 [1], HPE Comware 7.1.045, Release R1120P05 [2], HPE Comware 7.1.045, Release R1120 [3], HPE Comware 7.1.045, Release R2423 [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2017 | 6/20/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3854, #3855, #4092, #4093, #4097 and #4098); CKG (vendor affirmed); CVL (Certs. #738, #739, #909, #910, #911 and #912); DRBG (Certs. #1094, #1230 and #1231); DSA (Certs. #1055, #1113 and #1114); ECDSA (Certs. #834, #926 and #927);HMAC (Certs. #2499, #2503, #2672, #2673, #2677 and #2678); RSA (Certs. #1969, #2216 and #2217); SHS (Certs. #3173, #3177, #3368, #3369, #3373 and #3374) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #738, #909 and #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant) Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 2929 | DataLocker Inc. 7007 College Blvd., Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 100432-0 | Sentry - Encrypted USB Flash Drive (Hardware Versions: SEMS04, SEMS08, SEMS16, SEMS32, SEMS64, SSC004M, SSC008M, SSC016M, SSC032M, SSC064M, SONE004, SONE008, SONE016, SONE032, SONE064, SONE004M, SONE008M, SONE016M, SONE032M and SONE064M; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2017 | 11/30/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Sentry - Encrypted USB Flash Drive is a Secure USB 3.0 flash drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to sensitive data and critical applications. The Sentry - Encrypted USB Flash Drive allows enterprise class device management features like policy updates, password recovery and remote kill features." |
| 2928 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-435-2604 FAX: 714-438-2765 CST Lab: NVLAP 200983-0 | Kingston DataTraveler 2000 (Hardware Version: DT2000/4GB; DT2000/8GB; DT2000/16GB; DT2000/32GB; DT2000/64GB; Firmware Version: Encryption Controller: V1.01.10; Security Controller: v1.11) (This validation entry is rebranding from Cert. #2688) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/20/2017 07/14/2017 | 7/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); PBKDF (vendor affirmed); SHS (Cert. #3127) -Other algorithms: NDRNG Multi-Chip Stand Alone "Kingston DataTraveler 2000 Secure USB Flash Drive ("Kingston DT2000" or "DT2000") is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an on-board keypad. User data is protected by hardware-based 256-bit AES encryption to secure sensitive information in the event that the drive is lost or stolen." |
| 2927 | Hewlett Packard Enterprise 153 Taylor Street Littleton, MA 01460 USA Rick Stanley TEL: 603-315-7746 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE FlexNetwork MSR3024 Router Series (Hardware Versions: HPE FlexNetwork MSR3024 AC Router (JG406A), HPE FlexNetwork MSR3024 PoE Router (JG408A); Firmware Versions: HPE Comware 7.1.045, Release R0305P08) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/20/2017 | 6/19/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4091, #4094 and #4096); CKG(vendor affirmed); CVL (Certs. #907 and #908); DRBG (Cert. #1229); DSA (Cert. #1112); ECDSA (Cert. #925); HMAC (Certs. #2671, #2674 and #2676); RSA (Cert. #2215); SHS (Certs. #3367, #3370 and #3372) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #907, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2671, #2674 and #2676); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant) Multi-Chip Stand Alone "The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform." |
| 2926 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Jaz Lin TEL: 408-745-2000 Vann (Vanna) Nguyen TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways (Hardware Versions: SRX5400, SRX5600, and SRX5800 with components identified in Security Policy Table 1; Firmware Version: JUNOS-FIPS 12.3X48-D30) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/19/2017 | 6/18/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4054, #4055, #4056, #4070 and #4329); CVL (Certs. #880 and #926); DRBG (Certs. #1216, #1399 and #1401); DSA (Certs. #1096, #1103 and #1104); ECDSA (Certs. #909, #916 and #917); HMAC (Certs. #2646, #2647, #2648, #2657 and #2867); KTS (AES Cert. #4054 and HMAC Cert. #2646); KTS (AES Cert. #4055 and HMAC Cert. #2647); KTS (AES Cert. #4056 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2223 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2646); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2647); RSA (Certs. #2087, #2201 and #2202); SHS (Certs. #3341, #3342, #3343, #3353 and #3571); Triple-DES (Certs. #2221, #2222, #2223 and #2224) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; ARCFOUR; Blowfish; CAST; HMAC-MD5; HMAC-RIPEMD160; UMAC Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2925 | Huawei Technologies Co., Ltd. No.328, Xinghu Street SuZhou, JIANGSU 215000 CHINA Yan Ze (Allen) TEL: +86 15919432118 Ji Xiang TEL: +8615261806635 CST Lab: NVLAP 100432-0 | Huawei AC6605 Wireless Access Controller (Hardware Versions: P/Ns AC6605-26, 99089JEB [Baffles] and 4057-113016 [Tamper-Evident Seals]; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper-evident seals and external baffles installed as indicated in the Security Policy. The protocols IKEv1, SNMP and TLS shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/19/2017 | 6/18/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Other algorithms: Diffe-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2930); NDRNG; AES (non-compliant); Blowfish; DES; HMAC-MD5; IKEv1 KDF (non-compliant); MD5; PBKDF2 (non-compliant); RC4; RSA (non-compliant); SM1; SM3; SM4; SNMP KDF (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The Huawei Access Controller (AC) are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to handle the configuration of wireless access-points. The modules provide network interfaces for data input and output." |
| 2924 | Huawei Technologies Co., Ltd. No.328, Xinghu Street Yuhuatai District SuZhou, JIANGSU 215000 CHINA Yan Ze (Allen) TEL: +86 15919432118 Ji Xiang TEL: +86 15261806635 CST Lab: NVLAP 100432-0 | Huawei AC6005 Wireless Access Controller (Hardware Versions: P/Ns AC6005-8, 99089JEB [Baffles] and 4057-113016 [Tamper-Evident Seals]; Firmware Version: V200R007C10SPC100) (When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocols IKE, SNMP and TLS shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/19/2017 | 6/18/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2930); NDRNG; AES (non-compliant); Blowfish; DES; KDF (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); MD5; PBKDF2 (non-compliant); RC4; RSA (non-compliant); SM1; SM3; SM4; SNMP KDF (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The Huawei Access Controller (AC) are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to handle the configuration of wireless access-points. The modules provide network interfaces for data input and output." |
| 2923 | Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA Diana Robinson TEL: 845.454.6397 FAX: N/A CST Lab: NVLAP 201029-0 | Security Analytics Appliance (Models: SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, and SA-S500-40-FA) (Hardware Versions: P/N 090-03645, P/N 080-03938, P/N 090-03646, P/N 080-03939, P/N 090-03648, P/N 080-03940, P/N 090-03649, and P/N 080-03941 with FIPS Kit: HW-KIT-FIPS-500; Firmware Version: 7.2.3) (When configured as specified in Section 3.1 and tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/19/2017 06/22/2017 | 6/18/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4390); CVL (Certs. #1108 and #1109); DRBG (Cert. #1413); HMAC (Cert. #2917); RSA (Cert. #2373); SHS (Cert. #3619) -Other algorithms: Diffie-Hellman (CVL Cert. #1108 with CVL Cert #1109, key agreement, key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1108 with CVL Cert #1109, key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-Chip Stand Alone "The Security Analytics Appliances (SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, and SA-S500-40-FA) are part of Symantec’s Incident Response and Forensics solutions. The appliances harness the Security Analytics software to capture, enrich and reconstruct all network traffic (including full packets) in real time. The appliances can be deployed anywhere in the network to deliver clear, actionable intelligence for swift incident response and resolution and real-time network forensics." |
| 2922 | STMicroelectronics Green Square Building B Lambroekstraat 5 Diegem/Machelen B-1831 Belgium Olivier COLLART TEL: +32 272 450 77 FAX: +32 272 451 43 Fabien ARRIVE TEL: +33 223 470 633 FAX: +33 223 470 400 CST Lab: NVLAP 200002-0 | Trusted Platform Module ST33TPHF2ESPI (Hardware Versions: ST33HTPH2E28AAF0, ST33HTPH2E32AAF0, ST33HTPH2E28AAF1 and ST33HTPH2E32AAF1; Firmware Version: 49.00) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/16/2017 | 6/15/2022 | Overall Level: 1 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4338); CKG (vendor affirmed); CVL (Certs. #1044 and #1045); DRBG (Cert. #1361); ECDSA (Cert. #1025); HMAC (Certs. #2870 and #2878); KAS (Cert. #110); KBKDF (Cert. #123); KTS (AES Cert. #4338 and HMAC Cert. #2870; key establishment methodology provides 128 bits or 256 bits of encryption strength); RSA (Cert. #2342); SHS (Cert. #3539); Triple-DES (Cert. #2345) -Other algorithms: NDRNG; RSA (CVL Cert. #1045, key wrapping; key establishment methodology provides 112 bits of encryption strength); ECDAA; ECSchnorr; MGF1 Single Chip "ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 and version 2.0 specification." |
| 2921 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Jaz Lin TEL: 408-745-2000 Vann (Vanna) Nguyen TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways (Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.3X48-D30) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2017 | 6/13/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4054, #4056 and #4329); CVL (Certs. #880 and #926); DRBG (Certs. #1216 and #1399); DSA (Certs. #1096 and #1104); ECDSA (Certs. #909 and #917); HMAC (Certs. #2646, #2648 and #2867); KTS (AES Cert. #4054 and HMAC Cert. #2646); KTS (AES Cert. #4056 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2223 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2646); RSA (Certs. #2087 and #2202); SHS (Certs. #3341, #3343 and #3571); Triple-DES (Certs. #2222, #2223 and #2224) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; ARCFOUR; Blowfish; CAST; HMAC-MD5; HMAC-RIPEMD160; UMAC Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2920 | NXP Semiconductors 411 E. Plumeria Dr. San Jose, CA 95134 USA Sylvain Bonfardin TEL: 408-518-5500 CST Lab: NVLAP 100432-0 | NXP JCOP 3 SecID P60 OSA (Hardware Version: P6022y VB; Firmware Version: 0503.8211) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2017 | 6/13/2022 | Overall Level: 3 -Physical Security: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3997); CVL (Cert. #824); DRBG (Cert. #1187); ECDSA (Cert. #890); KBKDF (Cert. #91); KTS (AES Cert. #3997); RSA (Certs. #2053 and #2086); SHS (Cert. #3299); Triple-DES (Cert. #2195); Triple-DES MAC (Triple-DES Cert. #2195, vendor affirmed) -Other algorithms: NDRNG Single Chip "NXP Semiconductors offers JCOP, a secure Java Card Operating System based on several independent 3rd party specifications, such as Java Card 3.0.4 specifications, the GlobalPlatform card specifications 2.2.1 and few International Organization for Standards (like ISO7816), EMV (Europay, MasterCard and VISA) and others. By adhering to these standards JCOP 3 SECID P60 ensures large interoperability with third-party applets providers, card issuers as well as all existing Smart Card infrastructures." |
| 2919 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Firepower 4100 and Cisco Firepower 9300 Series (Hardware Versions: FPR4110[1], FPR4120[1], FRP4140[1], FRP4150[1], FPR9300-SM24[2] and FPR9300-SM36[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]; Firmware Version: 2.0) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco ASA Cryptographic Module validated to FIPS 140-2 under Cert. #2898 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/01/2017 | 5/31/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2034, #2035, #4249 and #4307); CVL (Certs. #1002 and #1023); DRBG (Certs. #197, #1328 and #1368); ECDSA (Cert. #989); HMAC (Certs. #1233, #2787 and #2843); RSA (Certs. #2298 and #2328); SHS (Certs. #1780, #3486 and #3546); Triple-DES (Certs. #1311, #2304 and #2328) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Next generation security services platforms capable of running multiple security services simultaneously. Providing firewall (NGFW), traffic management Cisco Firepower 4100 Series is a family of four threat threat-focused NGFW security platforms. While the Cisco Firepower 9300 is a scalable carrier-grade, modular platform designed for service providers, high-performance computing centers. These are all next generation security services platforms capable of running multiple (firewall (NGFW), traffic management) security services simultaneously." |
| 2918 | Viptela 1730 North First St Suite 500 San Jose, CA 95112 USA Venu Hemige Chandrodaya Prasad CST Lab: NVLAP 201029-0 | Viptela Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/30/2017 06/02/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG Multi-Chip Stand Alone "The Viptela Cryptographic Module is a fundamental component of Viptela's security functionality. It is used for authentication of users and devices as well as to provide high scalability data protection for Software Defined Wide Area Networks (SD-WANs)." |
| 2917 | Futurex 864 Old Boerne Road Bulverde, TX 78163 USA Futurex Security Certifications TEL: +1 830-980-9782 CST Lab: NVLAP 100432-0 | GSP3000 Hardware Security Module (Hardware Version: P/N 9800-2079 Rev7; Firmware Version: 6.2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/30/2017 | 5/29/2022 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4117 and #4118); CVL (Cert. #925); DRBG (Cert. #1240); ECDSA (Cert. #935); HMAC (Cert. #2689); KBKDF (Cert. #104); KTS (AES Cert. #4118); KTS (AES Cert. #4117 and HMAC Cert. #2689); KTS (Triple-Des Cert. #2248 and HMAC Cert. #2689; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2226); SHS (Cert. #3387); Triple-DES (Certs. #2248 and #2254) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #2248, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AKB/TR-31; DES; DUKPT; HMAC MD5; HMAC RIPEMD-160; MD5; RIPEMD-160 Multi-Chip Embedded "The GSP3000 is a general purpose cryptographic module incorporated into multiple Futurex products to ensure data confidentiality, integrity, and authenticity. It is designed to meet and exceed compliance mandates and security best practices in environments requiring enterprise-class protection for sensitive information." |
| 2916 | Kaspersky Lab UK Ltd. 1st Floor, 2 Kingdom Street Paddington, London, W2 6BD United Kingdom Oleg Andrianov TEL: +7 495 797 8700 CST Lab: NVLAP 200968-0 | Kaspersky Cryptographic Module (Pre-Boot) (Software Version: 3.0.1.25) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/30/2017 | 5/29/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Kaspersky Preboot OS with BIOS running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA Kaspersky Preboot OS with BIOS running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA Kaspersky Preboot OS with UEFI running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA Kaspersky Preboot OS with UEFI running on an Intel® Core™ i7-3770S CPU@ 3.10GHz system with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2849, #2959, #2960 and #2980); DRBG (Certs. #502, #561, #890, #891, #896 and #897); HMAC (Certs. #1789 and #1879); PBKDF (vendor affirmed); RSA (Certs. #1490 and #1558); SHA-3 (vendor affirmed); SHS (Certs. #2391 and #2492) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength), RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Kaspersky Cryptographic Module (Pre-Boot) is a set of software libraries that provide cryptographic services for Kaspersky Lab FDE solution in pre-boot environment." |
| 2915 | Hewlett Packard Enterprise 3000 Hanover St Palo Alto, CA 94304 USA Fernie Fuentes CST Lab: NVLAP 201029-0 | Hewlett Packard Enterprise libgcrypt Crypto Module (Software Version: 4.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #2657.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/30/2017 | 6/12/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645 and #3646); DRBG (Certs. #972, #973, #974, #975, #979 and #980); DSA (Certs. #1020 and #1021); HMAC (Certs. #2398 and #2399); RSA (Certs. #1882 and #1883); SHS (Certs. #3065 and #3066); Triple-DES (Certs. #2033 and #2034) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; Blowfish; Camellia; CAST5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; SEED; Serpent; Tiger; Twofish; Whirlpool Multi-Chip Stand Alone "The Hewlett Packard Enterprise libgcrypt Crypto Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for Hewlett Packard Enterprise components." |
| 2914 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Liu Pinping TEL: +86 15850529039 CST Lab: NVLAP 100432-0 | Huawei S6720EI Series Switches (Hardware Versions: P/Ns 02350DMN Version H.3 (S6720-30C-EI-24S-AC) and 02350DMP Version H.3 (S6720-54C-EI-48S-AC) both with P/Ns 4057-113016 (Tamper Evident Seals) and 99089JEB (External Baffle); Firmware Version: V200R010C00SPC900B900) (When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/26/2017 | 5/25/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2924); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES-XCBC-MAC (non-compliant); DES; HMAC-MD5; RC4; SNMP KDF (non-compliant) Multi-Chip Stand Alone "The S6720 has industry-leading performance and provides up to 24 or 48 line-speed 10GE ports. It can be used in a data center to provide 10 Gbit/s access to servers or function as a core switch on a campus network to provide 10 Gbit/s traffic aggregation. In addition, the S6720 provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable, manageable, reliable, and secure data centers." |
| 2913 | Mocana Corporation 20 California Street San Francisco, CA 94111 USA Srinivas Kumar TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Loadable Kernel Module (Software Version: 6.4.1f) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/24/2017 | 5/23/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Wind River Linux 6.0 running on Intel Atom E3800 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4265); DRBG (Cert. #1336); HMAC (Cert. #2810); SHS (Cert. #3511); Triple-DES (Cert. #2306) -Other algorithms: DES; HMAC-MD5; MD2; MD4; MD5; PRNG Multi-Chip Stand Alone "The Mocana Cryptographic Loadable Kernel Module (Software Version 6.4.1f) is a software only, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface." |
| 2912 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Compliance Certification TEL: 508-249-6911 CST Lab: NVLAP 200996-0 | Unity 12 Gb/s SAS I/O Module with Encryption (Hardware Versions: Storage Processor SAS Module with P/N 362-000-332, P/N 363-000-071, P/N 363-000-084 and P/N 364-000-096 and Pluggable I/O SAS Module with P/N 362-000-333, P/N 363-000-071, P/N 363-000-084 and P/N 364-000-063; Firmware Version: 03.90) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/16/2017 | 5/15/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3586 and #3598); KTS (AES Cert. #3598) -Other algorithms: N/A Multi-Chip Embedded "The EMC Unity 12 Gb/s SAS I/O Module with Encryption is a high-density SAS controller chipset executing specialized firmware that provides Data At Rest Encryption (D@RE) for EMC Unity storage arrays. It implements 256-bit AES-XTS encryption/decryption to encrypt and decrypt data as it is being written to or read from a SAS drive. The two variants are the Storage Processor SAS Module variant which is embedded on the printed circuit board (PCB) of the Storage Processor and the Pluggable I/O SAS Module variant which is embedded on the PCB of a pluggable I/O Module." |
| 2911 | F5 Networks 401 Elliott Avenue West Seattle, WA 98119 USA Maryrita Steinhour TEL: 206-272-7351 FAX: n/a John Hughes TEL: 206-272-6038 FAX: n/a CST Lab: NVLAP 200658-0 | Cryptographic Module for BIG-IP® (Software Version: 12.1.2 HF1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/15/2017 | 5/14/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with BIG-IP 12.1.2 HF1 on VMware ESXi™ 5.5 hypervisor running on HP ProLiant BL490c with PAA BIG-IP 12.1.2 HF1 on VMware ESXi™ 5.5 hypervisor running on HP ProLiant BL490c without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4436 and #4437); CVL (Cert. #1144); DRBG (Certs. #1435 and #1436); ECDSA (Cert. #1076); HMAC (Certs. #2948 and #2949); RSA (Cert. #2418); SHS (Certs. #3655 and #3656) -Other algorithms: EC Diffie-Hellman (CVL Cert. #1144, shared secret computation provides 128 or 192 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); IDEA; JPAKE; MD4; MD5; MDC2; PRNG; RC2; RC4; RIPEMD; RSA (encrypt/decrypt); SEED; SRP; Triple-DES (non-compliant); Whirlpool Multi-Chip Stand Alone "Cryptographic library offering various cryptographic mechanisms to BIG-IP® Virtual Edition." |
| 2910 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Liu Pinping TEL: +86 15850529039 CST Lab: NVLAP 100432-0 | Huawei S12700 Series Switches (Hardware Versions: S12704 P/N 02114480 Version E.3, S12708 P/N 02114178 Version Q.3 and S12712 P/N 02114180 Version P.3 all with MPU P/N 03030RPE, SFU P/N 03030RPF, LPU P/N 03030SGN and Tamper Seals P/N 4057-113016; Firmware Version: V200R010C00SPC900B900) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/15/2017 | 5/14/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2924); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES-XCBC-MAC (non-compliant); DES; HMAC-MD5; RC4; SNMP KDF (non-compliant) Multi-Chip Stand Alone "Huawei S12700 series agile switches are core switches designed for next-generation campus networks. Using a fully programmable switching architecture, the S12700 series allows fast, flexible function customization and supports a smooth evolution to software-defined networking (SDN) The S12700 series uses Huawei Ethernet Network Processor (ENP) and provides native wireless access controller (AC) to help build a wired and wireless converged network. Its uniform user management capabilities deliver refined user and service management." |
| 2909 | Arista Networks, Inc. 5453 Great America Parkway Santa Clara, CA 95054 Richard Whitney TEL: 703-627-6092 FAX: 408-538-8920 Ethan Rahn CST Lab: NVLAP 100432-0 | Arista Networks OpenSSL Module (Software Version: openssl-1.0.2h-fips) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/15/2017 | 5/14/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): EOSv4 running on an Arista 7150S with AMD Athlon NEO X2 EOSv4 running on an Arista 7508 with Intel Sandy Bridge EN EOSv4 running on an Arista 7308 with Intel Broadwell-DE EOSv4 running on an Arista 7010T with AMD G Series: eKabini EOSv4 running on an Arista 7060CX with AMD G Series: Steppe Eagle (single-user mode) -FIPS Approved algorithms: AES (Cert. #4280); CVL (Cert. #1012); DRBG (Cert. #1340); DSA (Cert. #1141); ECDSA (Cert. #998); HMAC (Cert. #2816); RSA (Cert. #2301); SHS (Cert. #3516); Triple-DES (Cert. #2309) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key transport; key establishment methodology provides 112 or 128 bits of encryption strength); AES KW (non-compliant); AES-XTS (non-compliant); Blowfish; Camellia; CAST5; DES; DES-X; HMAC-MD5; IDEA; MD4; RC2; RC4; RC5; RIPEMD-160; SEED; Triple-DES KW (non-compliant); Whirlpool Multi-Chip Stand Alone "Arista’s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency." |
| 2908 | Hewlett Packard Enterprise 3000 Hanover St Palo Alto, CA 94304 USA Fernie Fuentes CST Lab: NVLAP 201029-0 | Hewlett Packard Enterprise NSS Crypto Module (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2711.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/13/2017 | 12/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3605, #3606, #3607 and #3609); CVL (Certs. #626 and #627); DRBG (Certs. #936 and #937); DSA (Certs. #1002 and #1003); ECDSA (Certs. #739 and #740); HMAC (Certs. #2300 and #2301); RSA (Certs. #1854, #1855, #2034 and #2035); SHS (Certs. #2966 and #2967); Triple-DES (Certs. #2007 and #2008) -Other algorithms: AES (Certs. #3605, #3606, #3607 and #3609, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Certs.#2007 and #2008, key wrapping; key establishment methodology provides 112 bits of encryption strength); Camellia; DES; JPAKE; MD2; MD5; RC2; RC4; RC5; SEED; Multi-Chip Stand Alone "The Hewlett Packard Enterprise NSS Crypto Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for Hewlett Packard Enterprise components." |
| 2907 | Canonical Ltd. 5th floor, Blue Fin Building 110 Southwark Street London SE1 0SU United Kingdom Joy Latten Andrew Cloke CST Lab: NVLAP 200658-0 | Ubuntu OpenSSH Client Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/10/2017 | 5/9/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode) -FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360 and #4361); CVL (Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1085, #1086, #1087, #1088, #1089, #1090 and #1091); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357) -Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; Ed25519 Multi-Chip Stand Alone "Ubuntu OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2906 | Canonical Ltd. 5th floor, Blue Fin Building 110 Southwark Street London SE1 0SU United Kingdom Joy Latten Andrew Cloke CST Lab: NVLAP 200658-0 | Ubuntu OpenSSH Server Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/10/2017 | 5/9/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode) -FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360 and #4361); CVL (Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1085, #1086, #1087, #1088, #1089, #1090 and #1091); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357) -Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; Ed25519 Multi-Chip Stand Alone "Ubuntu OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2905 | Becrypt Limited Artillery House 11-19 Artillery Row London, England SW1P 1RT United Kingdom Mark Wilce TEL: +44 207 557 6515 FAX: +44 845 838 2060 CST Lab: NVLAP 200416-0 | Becrypt Cryptographic Library (Hardware Version: Intel Core i5-4300Y; Software Version: 3.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 05/10/2017 | 5/9/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): MS-DOS 6.22 (16-bit) running on a Fujitsu LifeBook S7020 laptop Microsoft Windows 7 Ultimate Edition (32-bit) running on a Dell D630 Microsoft Windows 7 Enterprise Edition (64-bit) running on a Dell Vostro 1500 Microsoft Windows 8.1 Professional (64-bit) running on a Dell Venue 11 Pro (7130) with PAA Ubuntu Linux 12.04 LTS (32-bit) running on a Dell D630 Ubuntu Linux 12.04 LTS (64-bit) running on a Dell Vostro 1500 Android v4.2.2 running on a Google Nexus 7 (2012) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2883 and #2885); DRBG (Cert. #520); HMAC (Certs. #1817 and #1819); RSA (Cert. #1516); SHS (Certs. #2423 and #2426) -Other algorithms: AES (Certs. #2883 and #2885, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); AES (non-compliant); PRNG Multi-Chip Stand Alone "The Becrypt Cryptographic Library provides core cryptographic functionality for Becrypt's security products providing a capability to develop complex and flexible security applications that require cryptographic functionality for pre-OS (16-bit), 32-bit and 64-bit operating environments." |
| 2904 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Hamid Sobouti TEL: 408-333-4150 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches (Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01) with RPS9 (80-1003868-01) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024C-4X-RT-DC (80-1007213-01) with RPS9DC (80-1003869-02) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024F-4X-RT-AC (80-1006529-01) with RPS9 (80-1003868-01) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024F-4X-RT-DC (80-1007212-01) with RPS9DC (80-1003869-02) and SW-CER-2024-RTUPG (80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01) with RPS9 (80-1003868-01), BR-CES-2024C-4X-DC (80-1007215-01) with RPS9DC (80-1003869-02), BR-CES-2024F-4X-AC (80-1000037-01) with RPS9 (80-1003868-01), BR-CES-2024F-4X-DC (80-1007214-01) with RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R06.0.00aa) (When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 12 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/10/2017 | 5/9/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2715 and #3143); CVL (Certs. #173, #394 and #403); DRBG (Cert. #452); HMAC (Cert. #1694); RSA (Cert. #1411); SHS (Cert. #2280) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor." |
| 2903 | Toshiba Memory Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type B1 (Hardware Versions: A2 with PX05SVQ040B, A2 with PX05SRQ192B, A2 with PX05SRQ384B; Firmware Version: PX05PD43) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/10/2017 | 5/9/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2902 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Firepower Next-Generation IPS Virtual (NGIPSv) Cryptographic Module (Software Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/09/2017 | 5/8/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): NGIPSv 6.1 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4411); CVL (Cert. #1117); DRBG (Cert. #1425); ECDSA (Cert. #1063); HMAC (Cert. #2932); RSA (Cert. #2397); SHS (Cert. #3637); Triple-DES (Cert. #2377) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities." |
| 2901 | Huawei Technologies Co., Ltd. 101 Software Avenue Yuhuatai District NANJING, JIANGSU 210000 CHINA Yang Ze (Allen) TEL: +86 15919432118 Shi Lisha TEL: +86 13451902202 CST Lab: NVLAP 100432-0 | Huawei AR1200 and AR2200 Series Routers (Hardware Versions: AR1220E P/N 02350DQJ Version E.5 with [1], AR1220EVW P/N 02350DQL Version F.5 with [1] and AR2220E P/N 02350DQM Version E.6 with [1]; Tamper Evident Seals P/N 4057-113016 [1]; Firmware Version: V200R008C10SPC110) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IKEv1 and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/08/2017 | 5/7/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4323, #4324 and #4325); CKG (vendor affirmed); CVL (Cert. #1036); DRBG (Cert. #1379); ECDSA (Cert. #1023); HMAC (Certs. #2861, #2862 and #2863); KTS (AES Cert. #4323 and HMAC Cert. #2861; key establishment methodology provides 128 bits of encryption strength); KTS (Triple-DES Cert. #2335 and HMAC Cert. #2861; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #3565, #3566 and #3567); Triple-DES (Certs. #2335, #2336 and #2337) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2861); NDRNG; Blowfish; DES; HMAC-MD5; IKEv1 KDF (non-compliant); MD5; SM1; SM3; SM4; SNMP KDF (non-compliant) Multi-Chip Stand Alone "ARs are located between an enterprise network and a public network, functioning as the only ingress and egress for data transmitted between the two networks. The deployment of various network services over the ARs reduces operation & maintenance (O&M) costs as well as those associated with establishing an enterprise network." |
| 2900 | SAP SE Dietmar-Hopp-Allee 16 Walldorf 69190 Germany Stephan André TEL: +49-6227-7-47474 FAX: +49-6227-78-55975 Thomas Rothe TEL: +49-6227-7-47474 FAX: +49-6227-78-55989 CST Lab: NVLAP 200636-0 | SAP CommonCryptoLib Crypto Kernel (Software Versions: 8.4.47.0 32-bit [1] and 64-bit [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/05/2017 | 5/4/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): AIX 5.2 64-bit running on a IBM eServer p5 505 without PAA [2] AIX 6.1 64-bit on IBM PowerVM 2.2 running on a IBM Power 750 Express without PAA [1][2] HP-UX 11.11 64-bit running on a HP Server rp3440 [2] HP-UX 11.23 64-bit running on a HP Server rx5670 [2] HP-UX 11.31 64-bit running on a HP Integrity rx6600 [1][2] Linux 2.6.5 64-bit running on a HP ProLiant DL585 without PAA [1][2] Linux 2.6.32 32-bit running on a HP ProLiant DL385-G2 DC [1] Linux 2.6.32 64-bit running on a HP Integrity rx2660 [2] Linux 2.6.32 64-bit on IBM PowerVM 2.2 running on a IBM Power 750 Express without PAA [1][2] Linux 3.0.101 64-bit on IBM PowerVM 2.2 running on a IBM Power System S824 with PAA [2] Linux 3.0.101 64-bit on Vmware ESXi 5.1.0 running on a HP ProLiant DL580 G7 with PAA [1][2] Linux 3.0.101 64-bit on IBM z/VM 6.2.0 running on a IBM zEnterprise 196 (2817 series) [2] SunOS 5.9 64-bit running on a Sun Fire V440 [2] SunOS 5.10 64-bit running on a Fujitsu PrimePower 650 [1][2] SunOS 5.10 64-bit running on a Sun Fire X4150 without PAA [1][2] Windows Server 2008 SP2 64-bit running on a HP ProLiant DL380 G6 without PAA [1][2] Windows Server 2008 R2 SP1 64-bit on Vmware ESXi 5.1.0 running on a HP ProLiant DL580 G7 with PAA [1][2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3665 and #3666); CVL (Certs. # 670, #671, #672, #673, #674, and #675); DRBG (Certs. #986 and #987); DSA (Certs. #1035 and #1036); ECDSA (Certs. #772 and #773); HMAC (Certs. #2415 and #2416); RSA (Certs. #1898 and #1899); SHS (Certs. #3083 and #3084); Triple-DES (Certs. #2047 and #2048) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; ElGamal; IDEA; MD2; MD4; MD5; RC2; RC4; RC5-32; RIPEMD-128; RIPEMD-160 Multi-Chip Stand Alone "SAP CommonCryptoLib Crypto Kernel v8.4.47.0 is a shared library, i.e. it consists of software only. SAP CommonCryptoLib Crypto Kernel provides an API in terms of C++ methods for key management and operation of cryptographic functions." |
| 2899 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Firepower Management Center Virtual (FMCv) Cryptographic Module (Software Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/04/2017 | 5/3/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FMC Virtual 6.1 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4411); CVL (Cert. #1117); DRBG (Cert. #1425); ECDSA (Cert. #1063); HMAC (Cert. #2932); RSA (Cert. #2397); SHS (Cert. #3637); Triple-DES (Cert. #2377) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "The Firepower Management Center Virtual working like the Firepower Management Center appliance aggregates and correlates network traffic information and performance data, assessing the impact of events on particular hosts. You can monitor the information that your device reports, and assess and control the overall activity that occurs on your network. The FMCv also controls the network management features on your devices: switching, routing, NAT and VPN." |
| 2898 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA Cryptographic Module (Hardware Versions: FPR4110-ASA-K9, FPR4120-ASA-K9, FPR4140-ASA-K9, FPR4150-ASA-K9, FPR9K-SM-24 (SM-24) and FPR9K-SM-36 (SM-36); Firmware Version: 9.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/04/2017 05/12/2017 | 5/3/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2034, #2035 and #4249); CVL (Cert. #1002); DRBG (Certs. #197 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1233 and #2787); RSA (Cert. #2298); SHS (Certs. #1780 and #3486); Triple-DES (Certs. #1311 and #2304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Embedded "The market-leading Cisco ASA delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA provides comprehensive security, performance, and reliability for network environments." |
| 2897 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Firepower Management Center Cryptographic Modules (Hardware Versions: FS750-K9, FS1500-K9, FS2000-K9, FS3500-K9 and FS4000-K9; Firmware Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/04/2017 | 5/3/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4266); CVL (Cert. #1008); DRBG (Cert. #1337); ECDSA (Cert. #995); HMAC (Cert. #2811); RSA (Cert. #2297); SHS (Cert. #3512); Triple-DES (Cert. #2307) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Firepower Management Center provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection, easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks. You can monitor the information that your device reports, and assess and control the overall activity that occurs on your network. The FMC also controls the network management features on your devices: switching, routing, NAT and VPN." |
| 2896 | Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 USA Yin Wei TEL: 408-676-8868 Yvonne Sang TEL: 844-807-8573 CST Lab: NVLAP 100432-0 | Pulse Secure Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2017 | 5/2/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): IVE OS 2.0 32-bit with Intel Atom Processor N270 (x86) on Pulse Secure MAG 2600 IVE OS 2.0 64-bit with Intel Pentium Processor E2160 (x86) on Pulse Secure MAG 4610 IVE OS 2.0 64-bit with Intel Pentium Processor E2160 (x86) on Pulse Secure MAG SM160 IVE OS 2.0 64-bit with Intel Core2 Quad Q9400 (x86) on Pulse Secure MAG SM360 IVE OS 2.0 64-bit with Intel Celeron Processor J1900 (x86) on Pulse Secure PSA300 IVE OS 2.0 64-bit with Intel Celeron Processor J1900 (x86) on Pulse Secure PSA3000 IVE OS 2.0 64-bit with Intel Pentium Processor G3420 (x86) on Pulse Secure PSA5000 IVE OS 2.0 64-bit with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000f IVE OS 2.0 64-bit with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000c Pulse One version 2.0 with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000f Pulse One version 2.0 with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000c IVE OS 2.0 64-bit on Vmware ESXi with Intel Xeon E5-2620 v4 on Dell Power Edge R430/R530, Intel Xeon E5-2620 v4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4334 and #4341); CVL (Cert. #1046); DRBG (Cert. #1384); DSA (Cert. #1152); ECDSA (Cert. #1026); HMAC (Cert. #2880); RSA (Cert. #2345); SHS (Cert. #3577); Triple-DES (Certs. #2346 and #2347) -Other algorithms: EC Diffie-Hellman (CVL Cert. #1046, key agreement, key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG Multi-Chip Stand Alone "Pulse Secure's portfolio delivers Secure Access solutions for people, devices, things and services. It includes Pulse Connect Secure - the most reliable and feature rich VPN, Pulse Policy Secure - powerful Network Access Control (NAC) with granular network visibility and access control, Pulse Workspace - simplified enterprise mobility management (EMM), Pulse One - centralized management, and the Pulse Unified Client - a single client to connest them all. Together they provide users with secure remote, campus, mobile, and cloud access based on their role, identity, device and location." |
| 2895 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Aironet 1532e/i, 1552e/i, 1572 EAC, 1602e/i, 1702i, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p, 3702e/i/p and IW3702-2E/4E Wireless LAN Access Points (Hardware Versions: 1532e[5], 1532i[5], 1552e[2], 1552i[2], 1572 EAC[4], 1602e[3], 1602i[3], 1702i[4], 2602e[4], 2602i[4], 2702e[4], 2702i[4], 3502e[2], 3502i[2], 3602e[4], 3602i[4], 3602p[4], 3702e[4], 3702i[4], 3702p[4], 3602e[1,4], 3602i[1,4], 3602p[1,4], 3702e[1,4], 3702i[1,4], 3702p[1,4], IW3702-2E[4] and IW3702-4E[4] with AIR-RM3000M[1], Marvell 88W8364[2], Marvell 88W8763C[3], Marvell 88W8764C[4] and Qualcomm Atheros AES-128w10i[5]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.3) (When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/02/2017 | 5/1/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2334, #2335, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441) -Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant) Multi-Chip Stand Alone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
| 2894 | General Dynamics Mission Systems 150 Rustcraft Road Dedham, MA 02026 USA Ramin Taraz TEL: 978-923-6400 CST Lab: NVLAP 200427-0 | Fortress Mesh Points (Hardware Versions: ES210, ES2440, ES520v1, ES520v2 and ES820; Firmware Version: 5.4.5) (When operated in FIPS mode. The protocols SNMP and TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2017 | 4/27/2022 | Overall Level: 2 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1519, #1520 and #3506); CVL (Certs. #573, #937 and #938); DRBG (Certs. #66 and #874); DSA (Cert. #1053); ECDSA (Certs. #716 and #833); HMAC (Certs. #889, #890 and #2238); KAS (Cert. #95); KBKDF (Cert. #112); RSA (Certs. #1800 and #1967); SHS (Certs. #1357, #1358 and #2891) -Other algorithms: MD5; NDRNG; PRNG; SNMP KDF (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects." |
| 2893 | Panasonic Corporation 4-1-62, Minoshima, Hakata-ku Fukuoka, Fukuoka 812-8531 Japan Masakatsu Matsuo TEL: +81-50-3380-5930 CST Lab: NVLAP 200822-0 | Panasonic Cryptographic Module (Software Version: 1.04) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/27/2017 | 4/26/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 3.13 32 bit on running on HP Elite Desk (Intel Core i7) (gcc Compiler Version 4.8.2) (single-user mode) -FIPS Approved algorithms: AES (Cert. #4366); DRBG (Cert. #1404); HMAC (Cert. #2905); RSA (Cert. #2364); SHS (Cert. #3603); Triple-DES (Cert. #2361) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DES; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Panasonic Cryptographic Module provides high performance cryptographic processing for embedded devices." |
| 2892 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN9000 Series Encryptors (Hardware Version: Senetas Corp. Ltd. CN9000 Series: A9100B (AC); Senetas Corp. Ltd. & SafeNet Inc. CN9000 Series: A9100B (AC); Firmware Version: 3.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/26/2017 | 4/25/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4113 and #4122); CVL (Cert. #928); DRBG (Cert. #1242); ECDSA (Cert. #937); HMAC (Cert. #2693); KAS (Cert. #94); RSA (Cert. #2228); SHS (Cert. #3391); Triple-DES (Cert. #2252) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength) Multi-Chip Stand Alone "The CN9000 Series Encryptors are high-speed hardware encryption platforms that secure data over optical Ethernet networks. The model included is the CN9100 100G Ethernet Encryptor, operating at a line rate of 100Gb/s. Data privacy is provided by FIPS approved AES CTR algorithms." |
| 2891 | Vormetric, Inc. 2860 Junction Ave San Jose, CA 95134 USA Peter Tsai TEL: 669-770-6927 Janice Cheng TEL: 669-770-6823 CST Lab: NVLAP 200002-0 | Vormetric Application Encryption Module (Software Version: 5.2.5) (When installed, initialized and configured as specified in Section 10 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/25/2017 | 4/24/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on an ASUS Desktop PC M51AC-US002S Windows Server 2012 R2 running on an ASUS Desktop PC M51AC-US002S (single-user mode) -FIPS Approved algorithms: AES (Cert. #4088); HMAC (Cert. #2668); SHS (Cert. #3364) -Other algorithms: N/A Multi-Chip Stand Alone "Vormetric Application Encryption is a library to simplify integrating application-level encryption into existing corporate applications. The application encryption library provides a set of documented standard-based APIs used to perform cryptographic and encryption key management operations. The innovative product design enables developers to choose to standard AES encryption or schema maintaining Format Preserving Encryption (FPE). Vormetric Application Encryption removes the complexity and risk of implementing an in-house encryption and key management solution." |
| 2890 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/25/2017 | 4/24/2022 | Overall Level: 1 Multi-Chip Embedded |
| 2889 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Aironet 1562 e/i/d/ps, 2802 e/i and 3802 e/i/p Wireless LAN Access Points (Hardware Versions: 1562e, 1562i, 1562d, 1562ps, 2802e, 2802i, 3802e, 3802i, 3802p with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.3) (When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/25/2017 | 4/24/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4114, #4340, #4367 and #4409); CVL (Certs. #1115 and #1116); DRBG (Cert. #1422); ECDSA (Cert. #1061); HMAC (Certs. #2906 and #2931); KBKDF (Cert. #126); KTS (AES Cert. #4409; key wrapping; key establishment methodology provides 128 and 256 bits of encryption strength); RSA (Certs. #2344 and #2396); SHS (Certs. #3576, #3604, and #3635) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1116, key agreement; key establishment methodology provides 128 and 192 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
| 2888 | Canonical Ltd. 5th floor, Blue Fin Building 110 Southwark Street London SE1 0SU United Kingdom Joy Latten Andrew Cloke CST Lab: NVLAP 200658-0 | Ubuntu OpenSSL Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/24/2017 06/06/2017 | 4/23/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode) -FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374 and #4375); CVL (Certs. #1055, #1058, #1061, #1064, #1066, #1068 and #1070); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); KTS (AES Certs. #4354, #4357, #4358 and #4360; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357) -Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; PRNG; RSA (non-compliant); SHA (non-compliant) Multi-Chip Stand Alone "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C." |
| 2887 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-VM Virtual Appliance (Software Versions: FortiGate-VM64 v5.2.7,build0718,160328) (When operated in FIPS mode. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/21/2017 | 4/20/2022 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): FortiGate-VM on VMware ESXi 5.5 (single-user mode) running on Dell PowerEdge R720 with Intel Xeon E5-2620 processor with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Certs. #4021 and #4022); CVL (Certs. #850 and #851); DRBG (Cert. #1199); HMAC (Certs. #2623 and #2624); RSA (Cert. #2191); SHS (Certs. #3317 and #3318); Triple-DES (Certs. #2201 and #2202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate-VM appliances are software modules designed to execute on a General Purpose Computer (GPC) hardware platform running the VMware hypervisor and FortiOS 5.2. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 2886 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive (Hardware Versions: ST10000NM0176 [1] and ST10000NM0186 [2]; Firmware Versions: SF02 [1] and NF02 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/20/2017 | 4/19/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947, #3759, #3760 and #4279); CKG (vendor affirmed); CVL (Certs. #828 and #852); DRBG (Cert. #1146); HMAC (Certs. #2613 and #2815); PBKDF (vendor affirmed); RSA (Certs. #2056 and #2300); SHS (Certs. #3304 and #3515) -Other algorithms: Diffie-Hellman (CVL Cert. #852, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2885 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWall v11.4 EX6000, EX7000, EX9000, SMA 6200, SMA 7200 (Hardware Versions: P/Ns 101-500210-78 Rev A, 101-500188-79 Rev A, 101-500352-62 Rev A, 101-500399-61 Rev B, 101-500398-61 Rev B; Firmware Version: 11.4.0-512) (When configured as specified in Section 8 and tamper-evident seals installed as indicated in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/19/2017 06/12/2017 | 4/18/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4044, #4045 and #4046); CVL (Certs. #869, #870, #871 and #872); DRBG (Cert. #1211); ECDSA (Certs. #906 and #907); HMAC (Certs. #2639, #2640 and #2641); RSA (Certs. #2076 and #2077); SHS (Certs. #3333, #3334 and #3335); Triple-DES (Certs. #2211, #2212 and #2213) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. 2641); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RC4 Multi-Chip Stand Alone "SonicWall Software SRA EX6000, SMA 6200, SRA EX7000, SMA 7200 and SRA EX9000 are part of the SonicWall Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS, Google Android and Google Chromebook among others." |
| 2884 | Mercury Systems, Inc. 3601 East University Drive Phoenix, AZ 85034 USA Bob Lazaravich TEL: 602-437-1520 Iain Mackie TEL: 602-458-3450 CST Lab: NVLAP 100432-0 | Mercury Systems ASURRE-Stor™ SSD (Hardware Versions: P/Ns ASD256AM2R-0yzIF, 3.0; ASD512AM2R-0yzIF, 3.0; ADR256AM2R-0yzIF, 3.0; ADR512AM2R-0yzIF, 3.0 (as described in Security Policy, Table 4); Firmware Version: 1.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/19/2017 | 4/18/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2802, #3986 and #3987); DRBG (Cert. #1179); ECDSA (Cert. #883); HMAC (Cert. #2602); KTS (AES Cert. #3987); PBKDF (vendor affirmed); SHS (Cert. #3291) -Other algorithms: NDRNG Multi-Chip Embedded "The Mercury Systems ASURRE-Stor™ SSD implements an industry standard 2.5" secure solid state hard drive. Unlike many secure SSDs, the ASURRE-Stor™ SSD does not depend on a TPM device, TCG, or OPAL to implement security. Instead the ASURRE-Stor™ SSD implements security using AES-256 XTS encryption and several key management techniques that are compatible with the ATA specification. These techniques provide superior and flexible solutions for mission critical defense applications and have no requirements for unencrypted shadow MBR sectors or 3rd party OPAL software." |
| 2883 | HGST, a Western Digital company 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C15K600 TCG Enterprise HDDs (Hardware Versions: HUC156060CS4205 (2), HUC156045CS4205 (2), HUC156030CS4205 (2), HUC156060CSS205 (2), HUC156045CSS205 (2), HUC156030CSS205 (2); Firmware Version: RAA2 or RD02) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/18/2017 05/23/2017 | 4/17/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2882 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/25/2017 | 4/24/2022 | Overall Level: 2 Multi-Chip Stand Alone |
| 2881 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYCOS 3.0 microSDHC™ TrustedFlash Module (Hardware Versions: 851-315013F (16GB) and 851-315014F (32GB); Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/13/2017 | 4/12/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3028, #3115 and #4241); CKG (vendor affirmed); CVL (Cert. #419); DRBG (Cert. #658); ECDSA (Cert. #578); HMAC (Cert. #1913); KAS (Cert. #52); KBKDF (Cert. #111); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1611); SHS (Cert. #2529); Triple-DES (Cert. #1772) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "The SPYCOS 3.0 microSDHC™ TrustedFlash Module integrates a FIPS 140-2 Level 3 PKI hardware security module employing efficient elliptic curve cryptography with a hardware-based AES 256-bit encrypted flash for secure user data storage. It provides high assurance hardware encryption services to protect data at rest and the authentication services for strong two-factor authentication for any network or cloud service." |
| 2880 | HGST, a Western Digital company 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C10K1800 TCG Enterprise HDDs (Hardware Versions: HUC101818CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC101818CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CS4205 (2) [1, 4], HUC101812CS4205 (3) [1, 4], HUC101890CS4205 (2) [1, 2, 4, 6, 7, 8], HUC101890CS4205 (3) [1, 2, 4, 6, 7, 8], HUC101860CS4205 (2) [1, 4], HUC101860CS4205 (3) [1, 4], HUC101845CS4205 (2) [1, 4], HUC101845CS4205 (3) [1, 4], HUC101812CSS205 (2) [1, 4], HUC101812CSS205 (3) [1, 4], HUC101890CSS205 (2) [1, 4], HUC101890CSS205 (3) [1, 4], HUC101860CSS205 (2) [1, 4], HUC101860CSS205 (3) [1, 4], HUC101830CSS205 (2) [1, 4], HUC101830CSS205 (3) [1, 4]; Firmware Versions: RAA2 [1], RAG0 [2], RAH0 [3], RD02 [4], FM30 [5], NA01 [6], RD31 [7] or NA02 [8]) (When installed, initialized and configured as specified in Section 7.2 of the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/11/2017 05/23/2017 06/01/2017 08/15/2017 | 4/10/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); KTS (AES Cert. #2365); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C10K1800 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2879 | Barco n.v. Beneluxpark 21 Kortrijk 8500 Belgium Tom Bert TEL: 32 (0) 56 36 89 67 CST Lab: NVLAP 200802-0 | Barco ICMP (Hardware Version: R7681272-02; Firmware Version: 1.3.0.15735B) (When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/11/2017 | 4/10/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: RSA (Cert. #2295); SHS (Cert. #3491) -Other algorithms: AES (non-compliant); DRBG (non-compliant); EC Diffie-Hellman (non-compliant); HMAC (non-compliant); HMAC-MD5; MD5; NDRNG; PRNG; SHS (non-compliant); TLS KDF (non-compliant) Multi-Chip Embedded "DCI compliant Barco integrated Image Media Block." |
| 2878 | Axon Enterprise, Inc 17800 N 85th St. Suite 350 Scottsdale, AZ 85255 USA Gregory Hewes Jenner Holden CST Lab: NVLAP 201029-0 | Axon Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/06/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG Multi-Chip Stand Alone "The Axon Cryptographic Module is a software cryptographic module that provides core cryptographic functions for secure key management, data integrity, and secure communications to Axon cloud based services." |
| 2877 | WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA Peter Eng TEL: 206-613-6600 CST Lab: NVLAP 200556-0 | WatchGuard Firebox T10[1], T10-W[2], T30[3], T30-W[4], T50[5], T50-W[6] (Hardware Version: DS1AE3 [1]; DS3AE3 [2]; BS3AE5 [3]; BS3AE5W [4]; BS5AE7 [5]; BS5AE7W [6]; FIPS Kit P/N: WG8566; Firmware Version: Fireware OS v11.11.2) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/06/2017 | 4/5/2022 | Overall Level: 2 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3673, #3674, #3675, and #3960); CVL (Cert. #793); DRBG (Cert. #1160); HMAC (Certs. #2420, #2421, #2422, and #2580); RSA (Cert. #2023); SHS (Certs. #3088, #3089, #3090, and #3266); Triple-DES (Certs. #2052, #2053, #2054, and #2171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; MD5; PBKDF (non-compliant); TKIP Multi-Chip Stand Alone "WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the FIREBOX appliances are completely configurable - turn on or off components and services to fit different network security deployment requirements." |
| 2876 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0 | KMF/Wave/Traffic CryptR (Hardware Version: P/N CLN8566A; Firmware Version: R02.01.05) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/06/2017 | 4/5/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1901); ECDSA (Cert. #268); SHS (Cert. #1670) -Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; DES; DVI-XL; DVP-XL; KAS (non-compliant) Multi-Chip Stand Alone "The KMF/Wave/Traffic CryptR provides encryption and decryption services for secure key management, Over-the-Air-Rekeying (OTAR), secure data traffics, and secure voice traffics for the Motorola’s Key Management Facility (KMF) and the Motorola's Wave Systems. The KMF and KMF CryptR combine to provide cryptographic services for Motorola’s APCO-25 compliant Astro™ radio systems." |
| 2875 | Forcepoint 10900-A Stonelake Blvd. Quarry Oaks 1 Ste. 350 Austin, TX 78759 USA Matt Sturm TEL: 858-320-9444 Matthew Noland TEL: 512-644-1214 CST Lab: NVLAP 201029-0 | Forcepoint C Cryptographic Module (Software Versions: 2.0.2, 2.0.5 or 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy and operated in FIPS in mode. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64) CentOS 7.2 on a Forcepoint V10000 G4 Appliance (gcc 4.4.7)iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)(single-user mode) -FIPS Approved algorithms: AES (Certs. #2234, #3264 and #4401); CVL (Certs. #36, #472 and #1110); DRBG (Certs. #264, #723 and #1419); DSA (Certs. #693, #933 and #1176); ECDSA (Certs. #347, #620 and #1058); HMAC (Certs. #1363, #2063 and #2925); RSA (Certs. #1145, #1664 and #2381); SHS (Certs. #1923, #2702 and #3628); Triple-DES (Certs. #1398, #1853 and #2373) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG Multi-Chip Stand Alone "Forcepoint produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Forcepoint C Crypto Module provides support for cryptographic and secure communications services for these solutions." |
| 2874 | Barracuda Networks 3175 Winchester Boulevard Campbell, CA 95008 USA Gerhard Schaber TEL: +43-508-100 CST Lab: NVLAP 200423-0 | Barracuda KTINA FIPS Crypto Module (Software Version: 7.1) (When operated with the module "Barracuda Cryptographic Software Module" validated to FIPS 140-2 under Cert. #2458) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2017 | 4/4/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Barracuda NextGen Firewall and Control Center OS 7 on Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 with PAA Barracuda NextGen Firewall and Control Center OS 7 on Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4150); HMAC (Cert. #2720); SHS (Cert. #3416); Triple-DES (Cert. #2267) -Other algorithms: N/A Multi-Chip Stand Alone "The Barracuda KTINA FIPS Crypto Module is a Linux kernel module library that provides fundamental cryptographic functions for applications in Barracuda security products that require FIPS 140-2 approved cryptographic functions." |
| 2873 | Dell EMC 176 South Street Hopkinton, MA 01748 USA Kerry Bellefontaine CST Lab: NVLAP 200556-0 | VMAX 6 Gb/s SAS I/O Module with Encryption (Hardware Version: 303-161-101B-05; Firmware Version: 2.13.46.00) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/04/2017 | 4/3/2022 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3255); HMAC (Cert. #2053); KTS (AES Cert. #3255); SHS (Cert. #2692) -Other algorithms: N/A Multi-Chip Embedded "Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including the Symmetrix VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 6Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt and decrypt data as it is being written to or read from a drive." |
| 2872 | Veeam Software Corporation 8800 Lyra Drive Suite 350 Columbus, OH 43240 USA Michael Miller Scott Lillis CST Lab: NVLAP 201029-0 | Veeam Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/30/2017 | 2/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755, CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG Multi-Chip Stand Alone "The Veeam Cryptographic Module provides cryptographic functions for the Veeam Availability Suite. These functions are used for protecting data in transit and at rest using standards based and trusted algorithms." |
| 2871 | Dell EMC 176 South Street Hopkinton, MA 01748 USA Kerry Bellefontaine CST Lab: NVLAP 200556-0 | VMAX 12 Gb/s SAS I/O Module with Encryption (Hardware Version: 303-305-100A-06; Firmware Version: v3.08.41.00) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/28/2017 | 3/27/2022 | Overall Level: 1 -Physical Security: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3586 and #3598); HMAC (Cert. #2296); KTS (AES Cert. #3598); SHS (Cert. #2961) -Other algorithms: N/A Multi-Chip Embedded "Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 12Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt and decrypt data as it is being written to or read from a drive." |
| 2870 | INTEGRITY Security Services 7585 Irvine Center Drive Suite 250 Irvine, CA 92618 USA Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 David Sequino TEL: 206-310-6795 FAX: 978-383-0560 CST Lab: NVLAP 201029-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Firmware Version: 3.0.3) (When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/28/2017 | 3/27/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Silicon Labs EM3581 with ARM Cortex-M3 -FIPS Approved algorithms: AES (Cert. #4239); DRBG (Cert. #1319); ECDSA (Cert. #981); HMAC (Cert. #2778); SHS (Cert. #3477) -Other algorithms: EC Diffie-Hellman (shared secret computation provides 128 bits of encryption strength) Multi-Chip Embedded "Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
| 2869 | Aviat Networks, Inc. 860 N. McCarthy Blvd., Suite 200 Milpitas, CA 95035 USA Ruth French TEL: +44 7771 978599 FAX: +44 1698 717204 Martin Howard TEL: +64 4 577 8735 FAX: +64 4 577 8822 CST Lab: NVLAP 100432-0 | Aviat Networks Eclipse Cryptographic Module (Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004 with FPGA_NCCV2_E1_DS1_004.bit and FPGA_NCCV2_STM1_006.bit), FIPS Installation Kit (P/N 179-530153-001 or 179-530153-002), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), RAC 6XE (P/N EXR-600-002 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), RAC 60 (P/N EXR-660-001 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), or RAC 60E (P/N EXR-660-002 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit)] and all remaining slots filled by excluded components as specified in the Security Policy.; Firmware Version: 08.02.91 with Bootloader version 1.0.36) (When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/27/2017 | 3/26/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2260 and #2418); CVL (Certs. #73, #860 and #970); DRBG (Cert. #323); ECDSA (Cert. #902); HMAC (Cert. #2634); RSA (Certs. #2071 and #2239); SHS (Certs. #3328 and #3397) -Other algorithms: EC Diffie-Hellman (CVL Cert. #860, key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; DES; Diffie-Hellman (non-compliant) Multi-Chip Stand Alone "This cryptographic module performs encryption of data carried over a microwave radio link." |
| 2868 | Tavve Software Company 1 Copley Pkwy Ste 480 Morrisville, NC 27560 USA Louie Yilling TEL: 919-654-1250 Jeff Olson TEL: 919-654-1226 CST Lab: NVLAP 100432-0 | Tavve Cryptographic Module (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/24/2017 03/30/2017 | 12/7/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "The Tavve Cryptographic Module provides cryptographic functions for Tavve's ZoneRanger and Ranger Gateway applications." |
| 2867 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Laura Loredo TEL: 44 117 3162462 Dave Tuckett TEL: 44 117 316 2692 CST Lab: NVLAP 100432-0 | HPE LTO-6 Tape Drive (Hardware Versions: P/Ns AQ278A #912 [1], AQ288D #103 [2] and AQ298C #103 [3]; Firmware Versions: J5SW [1], 35PW [2] and 25MW [3]) (When operated in FIPS mode and initialized to Overall Level 1 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/23/2017 | 3/22/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1442, #2189, #3534 and #3535); CVL (Cert. #588); DRBG (Cert. #889); HMAC (Cert. #2258); KTS (AES Cert. #3535); RSA (Certs. #1128 and #1821); SHS (Certs. #1897 and #2913) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption." |
| 2866 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 1-650-427-1902 CST Lab: NVLAP 200928-0 | VMware Java JCE (Java Cryptographic Extension) Module (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/22/2017 | 3/21/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment 1.7.0 on NSX Controller 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 Java SE Runtime Environment 1.7.0 on NSX Edge 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 Java SE Runtime Environment 1.7.0 on NSX Manager 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4153); CVL (Certs. #955, #956 and #957); DRBG (Cert. #1261); DSA (Cert. #1127); ECDSA (Cert. #955); HMAC (Cert. #2721); KAS (Cert. #96); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #107); KTS (vendor affirmed); KTS (AES Cert. #4153; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2269; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2261); SHA-3 (Cert. #10); SHS (Cert. #3417); Triple-DES (Cert. #2269) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "The VMware Java JCE (Java Cryptographic Extension) Module is a software cryptographic module based on the Legion of the Bouncy Castle Inc. FIPS Java API (BC-FJA) Module (SW Version 1.0.0). The module is a software library that provides cryptographic functions to various VMware applications via a well-defined Java-language application program interface (API)." |
| 2865 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 and 6520 FC Switches, and 7800 Extension Switch (Hardware Versions: {6510 FC Switch (P/N 80-1005272-03) with FRU (P/N 80-1001304-02) with Software License (P/N 80-1005356-02), 6520 FC Switch (P/N 80-1007257-03) with FRUs (P/Ns 80-1007263-01 and 80-1004580-02) with Software License (P/N 80-1007272-01), 7800 Extension Switch (P/N 80-1006977-02) with Software License (P/N 80-1002820-02); [DCX Backbone (P/N 80-1006752-01), DCX-4S Backbone (P/N 80-1006772-01), DCX 8510-4 Backbone (P/N 80-1006964-01), DCX 8510-8 Backbone (P/N 80-1007025-01)] with Blades (P/Ns 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1006771-01, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1006936-01, 80-1006779-01, 80-1006823-01, 80-1007000-01, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01)) (When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/21/2017 | 3/20/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2876 and #2893); CVL (Certs. #311, #312, #320 and #321); DRBG (Certs. #670 and #671); ECDSA (Certs. #942 and #943); HMAC (Certs. #1814 and #1829); RSA (Certs. #2234 and #2235); SHS (Certs. #2417 and #2436); Triple-DES (Certs. #1719 and #1724) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #311 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; DES; DES3; DESX; HMAC-MD5-96; HMAC-SHA1-96 (non-compliant); HMAC-RIPEMD160; MD2; MD4; RC2; RC4; RIPEMD160; SNMPv3 KDF (non-compliant); UMAC-64 Multi-Chip Stand Alone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2864 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Hamid Sobouti TEL: 408-333-4150 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe® Series Ethernet Routers, Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches (Hardware Versions: {[BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-32-MR2-M-AC (80-1007253-04), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-32-MR2-X-AC (80-1007255-04), with Components (80-1005643-01, 80-1005644-03, 80-1005641-02, 80-1005642-03, 80-1007878-02, 80-1007911-02, 80-1008426-01, 80-1008427-02, 80-1007879-02, 80-1003891-02, 80-1002983-01, 80-1008686-01, 80-1003971-01, 80-1003969-02, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004469-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01)], [BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), with Components (80-1003868-01, 80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024F-4X-AC (80-1000037-01), with Component (80-1003868-01)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.9.00aa) (When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 14 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/21/2017 | 3/20/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1648, #2154, #2715, #2717, #2946, #3143, #3144 and #3478); CVL (Certs. #173, #175, #393, #394, #403, #404, #712, #713 and #1029); DRBG (Certs. #452, #454 and #684); ECDSA (Certs. #761 and #809); HMAC (Certs. #1694, #1696 and #2848); KBKDF (Cert. #35); KTS (AES Cert. #2946); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1411 and #1413); SHS (Certs. #934, #2280 and #2282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #712; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #713, key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high performance Ethernet edge routing and MPLS applications.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. Brocade MLXe Series routers feature industry-leading Gigabit Ethernet ports with wire-speed density; advanced Layer 2 switching; rich IPv4, IPv6, Multi-VRF, MPLS, L2/L3 Virtual Private Networks (VPN),IKEv2/IPsec and PHY based MACsec capabilities without compromising performance." |
| 2863 | WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA Peter Eng TEL: 206-613-6600 CST Lab: NVLAP 200556-0 | WatchGuard Firebox M200[1], M300[2], M400[3], M500[4], M440[5], M4600[6], M5600[7] (Hardware Versions: ML3AE8 [1,2]; SL1AE24 [5]; KL5AE8 [3,4]; CL4AE24 [6] with WG8583, WG8584 and WG8597; CL5AE32 [7] with WG8583, WG8584, WG8585, WG8022, and WG8598; FIPS Kit P/N: WG8566; Firmware Version: Fireware OS v11.11.2) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/16/2017 | 3/15/2022 | Overall Level: 2 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3670, #3671, #3672, #3676, #3677, and #3960); CVL (Cert. #793); DRBG (Cert. #1160); HMAC (Certs. #2417, #2418, #2419, #2423, #2424, and #2580); RSA (Cert. #2023); SHS (Certs. #3085, #3086, #3087, #3091, #3092, and #3266); Triple-DES (Certs. #2049, #2050, #2051, #2055, #2056, and #2171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; MD5; PBKDF (non-compliant); TKIP Multi-Chip Stand Alone "WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the FIREBOX appliances are completely configurable - turn on or off components and services to fit different network security deployment requirements." |
| 2862 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Harjit Dhillon TEL: 916-501-1426 CST Lab: NVLAP 200427-0 | HPE Enterprise Secure Key Manager (Hardware Versions: P/N M6H81AA , Version 5.0; Firmware Version: 7.0.1; Software Version: N/A) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/10/2017 | 3/9/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3995); CVL (Certs. #820, #821, #822, #823 and #842); DRBG (Certs. #1185 and #1186); ECDSA (Cert. #889); HMAC (Cert. #2609); KTS (AES Cert #3995; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (AES Cert #3995 and HMAC Cert. #2609; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert #2194 and HMAC Cert. #2609; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2051); SHS (Cert. #3297); Triple-DES (Cert. #2194) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #842; key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover." |
| 2861 | Dell, Inc. One Dell Way Round Rock, Texas 78682 USA Kylie Gallagher TEL: +1 512 723 7550 Gang Liu TEL: +1 512 728 5545 CST Lab: NVLAP 200002-0 | Dell Crypto Library for Dell iDRAC and Dell CMC (Software Version: 2.4) (When operated in FIPS mode. This validation entry is rebranding from Cert. #2496) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/15/2017 | 3/14/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.2.18 running on a PowerEdge M1000e Blade Server w/ Dell CMC Linux 3.4.11 running on a PowerEdge R730 Rack Server w/ Dell iDRAC8 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4248); DRBG (Cert. #1327); DSA (Cert. #1138); HMAC (Cert. #2786); RSA (Cert. #2293); SHS (Cert. #3485); Triple-DES (Cert. #2303) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant); ANSI X9.31 RNG (non-compliant); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Triple-DES CMAC (non-compliant) Multi-Chip Stand Alone "Dell Cryptographic Module v2.4 is used within various Dell products including the Dell iDRAC8 and Dell CMC. The Integrated Dell Remote Access Controller 8 (Dell iDRAC8) is designed to improve the overall manageability and availability of Dell PowerEdge Servers. The Dell Chassis Management Controller (Dell CMC) is a systems management component designed to manage one or more Dell PowerEdge Systems containing Blade Servers." |
| 2860 | DocuSign, Inc. 221 Main St. Suite 1000 San Francisco, CA 94105 USA Ezer Farhi TEL: 972-39279529 FAX: 972-39230864 Moshe Harel TEL: 972-3-9279578 FAX: 972-3-9230864 CST Lab: NVLAP 200002-0 | DocuSign HSM Appliance (Hardware Version: 5.0; Firmware Version: 5.0.0) (When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/08/2017 | 3/7/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4029 and #4031); CVL (Certs. #857 and #1039); DRBG (Certs. #98 and #1205); ECDSA (Cert. #900); HMAC (Certs. #2630 and #2632); KTS (AES Cert. #4029 and HMAC Cert. #2630); RSA (Cert. #2069); SHS (Certs. #1465, #3325 and #3326); Triple-DES (Cert. #2207); Triple-DES MAC (Triple-DES Cert. #2207, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES GCM (AES Cert. #4031; non-compliant); ARDFP; DES; DES MAC; DES Stream; FF3 (non-compliant); MD5 Multi-Chip Stand Alone "DocuSign HSM Appliance is a high-performance cryptographic service provider. It performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities." |
| 2859 | Mocana Corporation 20 California Street San Francisco, CA 94111 USA Srinivas Kumar TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 6.4.1f) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/08/2017 06/14/2017 | 3/7/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Mentor Graphics Linux 4.0 running on Avaya VSP4450GSX Wind River Linux 6.0 running on Intel Atom E3800 (single-user mode) -FIPS Approved algorithms: AES (Certs. #4100 and #4265); CVL (Certs. #971 and #1007); DRBG (Certs. #1232 and #1336); DSA (Certs. #1115 and 1140); ECDSA (Certs. #928 and #994); HMAC (Certs. #2679 and #2810); RSA (Certs. #2219 and #2296); SHS (Certs. #3375 and #3511); Triple-DES (Certs. #2243 and #2306) -Other algorithms: Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES GCM (AES Certs. #4100 and #4265; non-compliant); AES XTS (AES Certs. #4100 and #4265; non-compliant); DES; HMAC-MD5; MD2; MD4; MD5; PRNG; RSA (encrypt/decrypt) Multi-Chip Stand Alone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 2858 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola GGM 8000 Gateway (Hardware Versions: Base Unit P/N CLN1841F Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849C Rev AA (DC); Firmware Version: KS 16.9.0.48) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/08/2017 | 3/7/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #962 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #1487, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #933 and #3295); Triple-DES (Certs. #757 and #2192) -Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG Multi-Chip Stand Alone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2857 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit P/N CLN1780L Rev FB with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.9.0.48) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/08/2017 | 3/7/2022 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #173 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #39, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #258 and #3295); Triple-DES (Certs. #275 and #2192) -Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG Multi-Chip Stand Alone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2856 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Jaz Lin TEL: 408-745-2000 Van Nguyen TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways (Hardware Versions: P/Ns {SRX100H2, SRX110H2-VA, SRX110H2-VB, SRX210HE2, SRX220H2, SRX240H2, SRX550, SRX650} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.3X48-D30) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/07/2017 | 3/6/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4055, #4056, #4066, #4067, #4068 and #4069); CVL (Certs. #880 and #926); DRBG (Cert. #1216); DSA (Certs. #1096, #1099, #1100, #1101 and #1102); ECDSA (Certs. #909, #912, #913, #914 and #915); HMAC (Certs. #2647, #2648, #2653, #2654, #2655 and #2656); RSA (Certs. #2087, #2197, #2198, #2199 and #2200); SHS (Certs. #3342, #3343, #3349, #3350, #3351 and #3352); Triple-DES (Certs. #2217, #2218, #2219, #2220, #2223 and #2224) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2647, #2648, #2653, #2654, #2655 and #2656); NDRNG; ARCFOUR; Blowfish; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2855 | Automation Solutions, Inc (AUTOSOL) 16055 Space Center Blvd. Houston, TX 77062 USA Ken Brucker TEL: 281-286-6017 FAX: 281-286-6902 Edgar Cantu CST Lab: NVLAP 201029-0 | CryptoMod (Hardware Version: CM5705-D9; Firmware Version: 1.0.51.FIPS) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/03/2017 | 3/2/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4140); CVL (Cert. #946); DRBG (Cert. #1255); HMAC (Cert. #2713); PBKDF (vendor affirmed); RSA (Cert. #2257); SHS (Cert. #3410) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant) Multi-Chip Stand Alone "AutoSol’s CryptoMod is an end-point security device that protects data exchanged between remote industrial field devices and a centralized SCADA host. Installed in front of equipment, the CryptoMod encrypts traffic for the entire length of an industrial network. It provides authentication for controlling network access, integrity when data is in motion, and confidentiality. It is a CSA Class 1 Div. 2 Gr. ABCD device and a terminal server, so it can fit any existing industrial network. It has a hardware watchdog timer and the capability for remote configuration, management, and updates." |
| 2854 | EFJohnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA John Tooker TEL: 402-479-8447 FAX: 402-479-8472 Marshall Schiring TEL: 402-479-8375 FAX: 402-479-8472 CST Lab: NVLAP 100432-0 | Communication Cryptographic Library (CCL) (Software Version: Product Number 039-5804-200 Rev 3.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2017 | 3/1/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 6.0 running on a Nexus 5X (single-user mode) -FIPS Approved algorithms: AES (Cert. #3985); DRBG (Cert. #1178); ECDSA (Cert. #882); HMAC (Cert. #2601); KTS (AES Cert. #3985; key establishment methodology provides between 128 and 256 bits of encryption strength); SHS (Cert. #3290) -Other algorithms: DES Multi-Chip Stand Alone "The CCL is a dynamically linked library implemented using the C programming language with an external Java interface. Application developers wishing to use the CCL can use the CCL's Application Programming Interface (API) to perform AES, ECDSA, HMAC, DRBG, SHA256 and SHA512 security related functions. It also includes non-validated legacy services to support DES encryption while operating in the Non-Approved mode of operation." |
| 2853 | Kaspersky Lab UK Ltd. 1st Floor, 2 Kingdom Street Paddington, London, W2 6BD United Kingdom Oleg Andrianov TEL: +7 495 797 8700 CST Lab: NVLAP 200968-0 | Kaspersky Cryptographic Module (User Mode) (Software Version: 3.0.1.25) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2017 | 3/1/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-4770 CPU @ 3.40GHz system with PAA Windows 10 Enterprise 64 bit running on an Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz system with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2849, #2959, #2960 and #2980); DRBG (Certs. #502, #561, #890, #891, #896 and #897); HMAC (Certs. #1789 and #1879); PBKDF (vendor affirmed); RSA (Certs. #1490 and #1558); SHA-3 (vendor affirmed); SHS (Certs. #2391 and #2492) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength), RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Kaspersky Cryptographic Module (User Mode) is a software library that provides cryptographic services for various Kaspersky Lab applications. The module is provided as a user-mode DLL." |
| 2852 | CTERA Networks Ltd. CTERA Networks NA HQ 205 E. 42nd Street New York, NY 10017 USA Aron Brand Zohar Kaufman CST Lab: NVLAP 100432-0 | CTERA Crypto Module™ (Java) (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/01/2017 | 12/7/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "CTERA Crypto Module™ (Java) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure." |
| 2851 | United States Special Operations Command (USSOCOM) 7701 Tampa Point Boulevard MacDill Air Force Base, FL 33621-5323 USA William W. Burnham TEL: (813) 826-2282 FAX: N/A CST Lab: NVLAP 200416-0 | Suite B Cryptographic Module (Software Version: v3.0.0.0) (When operated in FIPS mode with module Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2357 operating in FIPS mode or BlackBerry OS Cryptographic Library validated to FIPS 140-2 under Cert. #1578 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/27/2017 | 2/26/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): BlackBerry OS 10.3 running on Qualcomm Snapdragon 801 BlackBerry OS 10.3 running on Qualcomm Snapdragon S4 Microsoft Windows Server 2012 R2 (64-bit) running on Intel Xeon E5530 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3328 and #4312); CVL (Cert. #484); ECDSA (Cert. #657); HMAC (Cert. #2119); KAS (Cert. #55); KBKDF (Cert. #116); KTS (AES Cert. #3328); PBKDF (vendor affirmed); SHS (Cert. #2761) -Other algorithms: N/A Multi-Chip Stand Alone "KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys." |
| 2850 | Cavium Inc. 2315 N 1st Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 Tejinder Singh TEL: 408-943-7403 CST Lab: NVLAP 100432-0 | NITROXIII CNN35XX-NFBE HSM Family (Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Versions: CNN35XX-NFBE-FW-2.0.3 build 10 and CNN35XX-NFBE-FW-2.0.3 build 13) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/27/2017 02/28/2017 04/04/2017 08/04/2017 08/31/2017 | 2/26/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205, #3206 and #4104); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); KTS (AES Certs. #3206 and #4104); KTS (Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1634 and #2218); SHS (Certs. #1780 and #2652); Triple-DES (Certs. #1311 and #2242) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PBE; RC4 Multi-Chip Embedded "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers." |
| 2849 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA CST Lab: NVLAP 200556-0 | Symantec Messaging Gateway Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/27/2017 | 2/26/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 6 running on a Dell PowerEdge R430 with Intel Xeon E5-2600 -FIPS Approved algorithms: AES (Cert. #4124); CVL (Cert. #931); DRBG (Cert. #1244); DSA (Cert. #1117); ECDSA (Cert. #939); HMAC (Cert. #2695); RSA (Cert. #2238); SHS (Cert. #3393); Triple-DES (Cert. #2255) -Other algorithms: EC Diffie-Hellman (CVL Cert. #931, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES XTS (AES Cert. #4124; non-compliant); PRNG Multi-Chip Stand Alone "The Symantec Messaging Gateway Cryptographic Module provides cryptographic functions for the Messaging Gateway platforms software.The module's logical cryptographic boundary is the shared library files and their integrity check HMAC files. The module is a multi-chip standalone embodiment installed on a General Purpose Device.All operations of the module occur via calls from host applications and their respective internal daemons/processes. As such there are no untrusted services calling the services of the module." |
| 2848 | Micron Technology, Inc. 570 Alder Drive Milpitas, CA 95035 USA Dale McNamara TEL: 408-834-1729 Jimmy Ruane TEL: 408-834-1894 CST Lab: NVLAP 100432-0 | MICRON 1100 SSD (Hardware Versions: MTFDDAK256TBN-1AR15FCHA [1], MTFDDAK512TBN-1AR15FCHA [1], MTFDDAK256TBN-1AR15FCYY [2], MTFDDAK512TBN-1AR15FCYY [2], MTFDDAV256TBN-1AR15FCHA [1], MTFDDAV512TBN-1AR15FCHA [1], MTFDDAV256TBN-1AR15FCYY [2] and MTFDDAV512TBN-1AR15FCYY [2]; Firmware Versions: HPC0F10 [1] and M0MF000 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/23/2017 03/07/2017 04/27/2017 | 2/22/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4111, #4051 and #4052); DRBG (Cert. #1236); HMAC (Cert. #2685); KTS (AES Cert. #4111); PBKDF (vendor affirmed); RSA (Cert. #2224); SHS (Cert. #3383) -Other algorithms: NDRNG Multi-Chip Embedded "The MICRON 1100 SSD is a multi-chip embedded device which provides hardware AES 256 encryption/decryption of user data that is stored in the NAND flash. The cryptographic module (CM) supports the SATA interface and is compliant with the Trusted Computing Group (TCG) SSC specification Opal." |
| 2847 | Digital Guardian, Inc. 860 Winter Street Suite 3 Waltham, MA 02451 USA Craig Hansen TEL: 201-572-3784 CST Lab: NVLAP 200427-0 | Verdasys Secure Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. This validation entry is a non-security-relevant modification to Cert. #1607) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/22/2017 | 2/22/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows XP 32-bit Windows XP 64-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1384); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677); SHS (Cert. #1261) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Verdasys Secure Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's DG Agent for Windows endpoint products. The Verdasys Secure Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption." |
| 2846 | Prometheus Security Group Global, Inc. 3019 Alvin Devane Blvd. Building 4, Suite #450 Austin, TX 78741 USA Jeremy Freeze-Skret TEL: 512-247-3700 FAX: 512-519-4054 Mark Thomas TEL: 503-647-7762 FAX: 512-519-4054 CST Lab: NVLAP 100432-0 | Talon™ Multi-Function Security Appliance (Hardware Versions: P/Ns: TAL-SD (FIPS) v1.0 and TAL-HD (FIPS) v1.0; Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2017 | 2/21/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3924 and #3926); CVL (Cert. #780); DRBG (Certs. #1134 and #1135); HMAC (Certs. #2549 and #2550); KTS (AES Cert. #3924 and HMAC Cert. #2549); KTS (Triple-DES Cert. #2153 and HMAC Cert. #2549; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2004); SHS (Certs. #3234 and #3235); Triple-DES (Cert. #2153) -Other algorithms: AES (Cert. #3924, key wrapping; key establishment methodology provides 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Stand Alone "The Talon provides ultra-high securtiy standards compliant approach to delivery of high definition real time video, control signaling and physical security data over an IP network. Meeting stringent government encryption and data validation standards, the end user can rest assured that their sensitive data is reliably transported and securely delivered. The device offers an unrivaled level of security and is not susceptible to spoofing or snooping. The product delivers all these features at a price point lower than existing solutions which would require multiple technology combinations." |
| 2845 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Jongseong Kim TEL: 82-10-4535-0110 FAX: 82-2-6950-2080 CST Lab: NVLAP 200997-0 | LG Kernel Loadable Cryptographic Module (Hardware Version: Qualcomm Snapdragon 617; Qualcomm Snapdragon 808; Qualcomm Snapdragon 820; Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/22/2017 | 2/21/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 6.0.1 (Linux kernel 3.18) running on an LG G5 (A64 with CE PAA) Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with CE PAA) Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with NEON PAA) Android 6.0.1 (Linux kernel 3.10) running on an LG V10 (ARMv8 with CE PAA) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3973, #3974 and #3975); DRBG (Certs. #1166, #1167 and #1168); HMAC (Certs. #2591, #2592 and #2593); SHA (Certs. #3278, #3279 and #3280); Triple-DES (Certs. #2178, #2179 and #2180) -Other algorithms: NDRNG Multi-Chip Stand Alone "The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality." |
| 2844 | Centrify Corporation 3300 Tannery Way Santa Clara, CA 95054 USA Kitty Shih CST Lab: NVLAP 200556-0 | Centrify Cryptographic Module (Software Version: 2.0) (When installed, initialized, and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/21/2017 | 2/20/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Mac OS 10.11.5 running on a MacBook Pro Intel Core i7 Red Hat Enterprise Linux 7.2 running on a Intel Xeon E5620 x86_64 AIX 7.2 (32-bit) running on a PowerPC Power7 Processor AIX 7.2 (64-bit) running on a PowerPC Power7 Processor -FIPS Approved algorithms: AES (Cert. #4087); CVL (Cert. #903); DRBG (Cert. #1226); DSA (Cert. #1110); ECDSA (Cert. #923); HMAC (Cert. #2667); RSA (Cert. #2212); SHS (Cert. #3363); Triple-DES (Cert. #2232) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products." |
| 2843 | Ciena® Corporation 7035 Ridge Road Hanover, MD 21076 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module (Hardware Version: 2.0 with PCB P/N NTK539QS-220; Firmware Version: 2.01) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/20/2017 | 2/19/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4231 and #4232); CVL (Cert. #980); DRBG (Cert. #1315); ECDSA (Certs. #976 and #977); HMAC (Cert. #2770); SHS (Certs. #3468 and #3469); Triple-DES (Cert. #2291) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Embedded "The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service." |
| 2842 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-7100, NS-7200 and NS-7300 (Hardware Versions: P/Ns IPS-NS7100 Version 1.10, IPS-NS7200 Version 1.10 and IPS-NS7300 Version 1.10; FIPS Kit P/N IAC-FIPS-KT2; Firmware Version: 8.1.17.16) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/17/2017 | 2/16/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: AES (Cert. #3156, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #1989); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; HMAC (non-compliant); MD5; RC4; RSA (non-compliant); SHS (non-compliant); SNMP KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2841 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Adaptive Security Appliance (ASA) Virtual (Software Version: 9.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/15/2017 | 2/14/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): ASA Virtual 9.6 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4344); CVL (Cert. #1048); DRBG (Cert. #1386); ECDSA (Cert. #1027); HMAC (Cert. #2882); RSA (Cert. #2346); SHS (Cert. #3579); Triple-DES (Cert. #2348) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2840 | Arxan Technologies 650 California St San Francisco, CA 94108 USA Sam Kerr TEL: 301-968-4290 FAX: 415-247-0910 Andrei Alexandru TEL: 301-968-4290 FAX: 415-247-0910 CST Lab: NVLAP 100432-0 | Arxan Cryptographic Key & Data Protection (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/14/2017 | 2/13/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android KitKat 4.4.1 running on a Samsung Galaxy Tablet 4 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4123); CVL (Cert. #930); ECDSA (Cert. #938); HMAC (Cert. #2694); SHS (Cert. #3392); Triple-DES (Cert. #2253) -Other algorithms: N/A Multi-Chip Stand Alone "Arxan Cryptographic Key & Data Protection solution implements state-of-the-art Whitebox Cryptography to protect Crypto Keys and Data (at-rest, in-transit & in-use). It transforms crypto keys and data so neither can be discovered statically in the application or in runtime memory. Arxan Cryptographic Key & Data Protection offers strongest security, broader platform support, with better performance, smaller footprint and easier integration. It provides all the major crypto algorithms and features required to protect sensitive keys and data in hostile or untrusted operational environments." |
| 2839 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 1-650-427-1902 CST Lab: NVLAP 200928-0 | VMware OpenSSL FIPS Object Module (Software Version: 2.0.9) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/14/2017 02/22/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Intel Core I without PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Core I without PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Core I with PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Core I without PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Core I with PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Core I with PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Xeon with PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Xeon without PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Xeon with PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Xeon without PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1) Intel Xeon without PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon with PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon without PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon with PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon with PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon without PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3) Intel Xeon with PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0) Intel Xeon without PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0) Intel Xeon without PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0) Intel Xeon with PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0) -FIPS Approved algorithms: AES (Cert. #4137); CVL (Cert. #943); DRBG (Cert. #1254); DSA (Cert. #1123); ECDSA (Cert. #949); HMAC (Cert. #2710); RSA (Cert. #2251); SHS (Cert. #3407); Triple-DES (Cert. #2261) -Other algorithms: EC Diffie-Hellman (CVL Cert. #943, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); Dual EC DRBG; PRNG Multi-Chip Stand Alone "The VMware OpenSSL FIPS Object Module provides cryptographic functions to various VMware applications." |
| 2838 | Mitsubishi Space Software Co., Ltd. Tsukuba Mitsui Bldg., 1-6-1, Takezono Tsukuba-shi, Ibaraki-ken 305-0032 Japan Ikuo Shionoya TEL: +81-29-856-0155 FAX: +81-29-858-0848 Ken Nakajima TEL: +81-29-856-0155 FAX: +81-29-858-0848 CST Lab: NVLAP 200928-0 | Command Encryption Module (Firmware Version: 3.0) (When installed, initialized and Windows Firewall Advanced Security Version 6.1 configured as specified in Section 11 of the Security Policy with tamper evident seals (part number: MSS-FIPS-16-500) installed as indicated in Section 5 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 02/13/2017 | 2/12/2022 | Overall Level: 2 -Operational Environment: N/A -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Professional SP1 running on a HP ProDesk 600 G2 -FIPS Approved algorithms: Triple-DES (Cert. #2191) -Other algorithms: N/A Multi-Chip Stand Alone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions." |
| 2837 | IBM Corporation 11400 Burnet Road Austin, TX 78758 USA Tom Benjamin TEL: 512-286-5319 FAX: 512-973-4763 Karthik Ramamoorthy TEL: 512-286-8135 FAX: 512-973-4763 CST Lab: NVLAP 200658-0 | IBM Java JCE FIPS 140-2 Cryptographic Module with CPACF (Hardware Version: COP chips integrated within processor unit; Firmware Version: 3863 (aka FC3863) with System Driver Level 22H; Software Version: 1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/13/2017 | 2/12/2022 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with z/OS version 2 release 2 running on IBM z13 model N63 Red Hat Enterprise Linux Server release 7.2 running on IBM z13 model N63 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3909 and #3910); CVL (Certs. #768, #769, #770 and #771); DRBG (Certs. #1124 and #1125); DSA (Certs. #1067 and #1068); ECDSA (Certs. #852 and #853); HMAC (Certs. #2538 and #2539); KTS (vendor affirmed); RSA (Certs. #1993 and #1994); SHS (Certs. #3221 and #3222); Triple-DES (Certs. #2145 and #2146) -Other algorithms: Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; Triple-DES (non-compliant) Multi-Chip Stand Alone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework." |
| 2836 | Chunghwa Telecom Co., Ltd. and NXP Semiconductors No. 99, Dianyan Road Yangmei Dist. Taoyuan City 32661 Taiwan (R.O.C.) Char-Shin Miou TEL: 03-4244381 Yeou-Fuh Kuan TEL: 03-4244333 CST Lab: NVLAP 100432-0 | HiCOS PKI Applet and Taiwan TWNID Applet on NXP JCOP 3 SecID P60 (OSA) (Hardware Version: P6022y VB; Firmware Versions: JCOP 3 SECID P60 (OSA) version 0x0503.8211; Applets: HiCOS PKI Applet V1.0, TWNID Applet V1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/13/2017 | 2/12/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3997); CVL (Cert. #824); DRBG (Cert. #1187); ECDSA (Cert. #890); KBKDF (Cert. #91); KTS (AES Cert. #3997; key establishment methodology provides 128 and 256 bits of encryption strength); RSA (Certs. #2053 and #2086); SHS (Cert. #3299); Triple-DES (Cert. #2195) -Other algorithms: EC Diffie-Hellman (CVL Cert. #824, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG Single Chip "The Taiwan TID Applet is a Javacard applet that stores personal information related to the user. It allows governmental organizations to retrieve pieces of data. The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services (i.e., for strong authentication, encryption and digital signatures)." |
| 2835 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-4404 CST Lab: NVLAP 200802-0 | Apricorn FIPS Module 140-2 (Hardware Versions: REV. D with CAN 1A [A, B]; Firmware Versions: 7.0 [A], 7.6 [B]) (When installed, initialized and configured as specified in Section 11.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/08/2017 03/10/2017 | 2/7/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911); -Other algorithms: NDRNG Multi-Chip Embedded "The FIPS 140-2 Module is a complete encryption system that provides USB 3.1 interface to any SATA media. The boundary includes all CSPs including seed generation, RNG, code storage & all encryption functions. No CSPs leave the boundary for improved security. Its software free design allows interface to any host that supports USB & mass storage. The module supports 1 Admin & 4 users, brute force, recovery PINs, 7-16 digit PINs, auto lock, read only, etc. & is compatible with Apricorn’s Aegis Configurator. The FIPS 140-2 Module is used in Aegis Fortress, Padlock DT FIPS & Padlock SSD." |
| 2834 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-4404 CST Lab: NVLAP 200802-0 | Aegis Secure Key 3.0 Cryptographic Module (Hardware Versions: RevD {ASK3-8GB (8GB) [A, B, C], ASK3-16GB (16GB) [A, B, C], ASK3-30GB (30GB) [A, B, C], ASK3-60GB (60GB) [A, B, C], ASK3-120GB (120GB) [A, B, C], ASK3-240GB (240GB) [A, B, C], ASK3-480GB (480GB) [A, B, C]}; Firmware Versions: 7.1 [A], 7.7 [B], 7.8 [C]) (When installed, initialized and configured as specified in Section 11.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/07/2017 03/10/2017 03/27/2017 05/09/2017 | 2/6/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-Chip Stand Alone "The Apricorn Aegis Secure Key 3.0 is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator" |
| 2833 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba VMC-TACT Series Virtual Controllers with ArubaOS FIPS Firmware (Firmware Version: ArubaOS VMC 6.4.2.0-1.3-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 02/03/2017 | 2/2/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): PacStar 451 SSV Small Server with Processor Intel i7 running on VMWare ESXI 5.5 -FIPS Approved algorithms: AES (Certs. #3778 and #3845); CVL (Certs. #718 and #734); DRBG (Cert. #1044); ECDSA (Certs. #813 and #830); HMAC (Certs. #2474 and #2494); KBKDF (Cert. #80); RSA (Certs. #1945, #1964 and #2082); SHS (Certs. #3145, #3167 and #3338); Triple-DES (Certs. #2099 and #2118) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Aruba Networks Virtual Mobility Controller (VMC) is a virtualized network device that serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependent wireless network." |
| 2832 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: 669-227-3579 FAX: 866-315-1954 CST Lab: NVLAP 200658-0 | Apple macOS CoreCrypto Module, v7.0 (Software Version: 7.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/02/2017 | 2/1/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): macOS Sierra v10.12.2 running on Mac mini with i5 CPU with PAA macOS Sierra v10.12.2 running on Mac mini with i5 CPU without PAA macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU with PAA macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU without PAA macOS Sierra v10.12.2 running on MacPro with Xeon CPU with PAA macOS Sierra v10.12.2 running on MacPro with Xeon CPU without PAA macOS Sierra v10.12.2 running on MacBook with Core M CPU with PAA macOS Sierra v10.12.2 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4191, #4192, #4193, #4194, #4195, #4196, #4197, #4198, #4207, #4208, #4209, #4210, #4211, #4212, #4213, #4214, #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277); CVL (Certs. #972, #973, #974, #975, #976, #977, #978 and #979); DRBG (Certs. #1291, #1292, #1293, #1294, #1295, #1296, #1297, #1298, #1299, #1300, #1301, #1302, #1303, #1304, #1305, #1306, #1307, #1308, #1309, #1310, #1311, #1312, #1313 and #1314); ECDSA (Certs. #968, #969, #970, #971, #972, #973, #974 and #975); HMAC (Certs. #2746, #2747, #2748, #2749, #2750, #2751, #2752, #2753, #2754, #2755, #2756, #2757, #2758, #2759, #2760, #2761, #2762, #2763, #2764, #2765, #2766, #2767, #2768, #2769, #2796, #2797, #2798, #2799, #2800, #2801 and #2809); KTS (AES Certs. #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2275, #2276, #2277, #2278, #2279, #2280, #2281 and #2282); SHS (Certs. #3444, #3445, #3446, #3447, #3448, #3449, #3450, #3451, #3452, #3453, #3454, #3455, #3456, #3457, #3458, #3459, #3460, #3461, #3462, #3463, #3464, #3465, #3466, #3467, #3497, #3498, #3499, #3500, #3501, #3502 and #3510); Triple-DES (Certs. #2283, #2284, #2285, #2286, #2287, #2288, #2289 and #2290) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple macOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2831 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | Oracle StorageTek T10000D Tape Drive (Hardware Versions: P/N: 7042136 and P/N: 7314405; Firmware Version: RB411111) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2017 | 2/1/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2760, #4039, #4040 and #4047); CVL (Certs. #866 and #867); DRBG (Cert. #1209); ECDSA (Cert. #905); HMAC (Certs. #2636, #2637 and #2642); KTS (AES Cert. #4047); RSA (Cert. #2074); SHS (Certs. #3330 and #3331) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution." |
| 2830 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: 669-227-3579 FAX: 866-315-1954 CST Lab: NVLAP 200658-0 | Apple macOS CoreCrypto Kernel Module, v7.0 (Software Version: 7.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/01/2017 | 1/31/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292); DRBG (Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352); ECDSA (Certs. #999, #1000, #1001 and #1002); HMAC (Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828); KTS (AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2310, #2311, #2312 and #2313); SHS (Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530); Triple-DES (Certs. #2310, #2311, #2312 and #2313) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2829 | IBM Corporation 2455 South Road Poughkeepsie, NY 12601-5400 USA John Monti TEL: 845-435-4164 Alyson Comer TEL: 607-429-4309 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 2 Release 1 System SSL Cryptographic Module (Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: HCPT410/JCPT411 with APAR OA50589) (When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode and IBM(R) z/OS(R) Version 2 Release 1 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #2763 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/01/2017 | 1/31/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3958, #4083 and #4084); CVL (Certs. #901, #902, #934 and #935); DSA (Certs. #1108, #1109, #1119 and #1120); HMAC (Certs. #2665, #2666, #2697 and #2698); RSA (Certs. #2210, #2211, #2231, #2232, #2240, #2241, #2242, #2243, #2244, #2245, #2246 and #2247); SHS (Certs. #3196, #3361 and #3362); Triple-DES (Certs. #2214, #2230 and #2231) -Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens." |
| 2828 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: 669-227-3579 FAX: 866-315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module v7.0 (Software Version: 7.0) (When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/01/2017 | 1/31/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU iOS 10.2 running on iPad Air 2 with Apple A8X CPU iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298); DRBG (Certs. #1353, #1354, #1355, #1356, #1357 and #1358); ECDSA (Certs. #1003, #1004, #1005, #1006, #1007 and #1008); HMAC (Certs. #2829, #2830, #2831, #2832, #2833, #2834, #2854, #2855, #2856, #2857, #2858 and #2859); KTS (AES Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2314, #2315, #2316, #2317, #2318 and #2319); SHS (Certs. #3531, #3532, #3533, #3534, #3535, #3536, #3557, #3558, #3559, #3560, #3561 and #3562); Triple-DES (Certs. #2314, #2315, #2316, #2317, #2318 and #2319) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2827 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: 669-227-3579 FAX: 866-315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module v7.0 (Software Version: 7.0) (When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/01/2017 | 1/31/2022 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU iOS 10.2 running on iPad Air 2 with Apple A8X CPU iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4165, #4166, #4167, #4168, #4169, #4170, #4171, #4172, #4173, #4174, #4175, #4176, #4177, #4178, #4179, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269); CVL (Certs. #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969 and #1010); DRBG (Certs. #1264, #1265, #1266, #1267, #1268, #1269, #1270, #1271, #1272, #1273, #1274, #1275, #1276, #1277, #1278, #1279, #1280, #1281, #1282, #1283, #1284, #1285, #1286 and #1339); ECDSA (Certs. #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967 and #997); HMAC (Certs. #2723, #2724, #2725, #2726, #2727, #2728, #2729, #2730, #2731, #2732, #2733, #2734, #2735, #2736, #2737, #2738, #2739, #2740, #2741, #2742, #2743, #2744, #2745 and #2813); KTS (AES Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4166, #4169, #4170, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2264, #2265, #2266, #2267, #2268, #2269, #2270, #2271, #2272, #2273, #2274 and #2299); SHS (Certs. #3421, #3422, #3423, #3424, #3425, #3426, #3427, #3428, #3429, #3430, #3431, #3432, #3433, #3434, #3435, #3436, #3437, #3438, #3439, #3440, #3441, #3442, #3443 and #3514); Triple-DES (Certs. #2272, #2273, #2274, #2275, #2276, #2277, #2278, #2279, #2280, #2281, #2282 and #2308) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2826 | DataLocker Inc. 7007 College Blvd Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 100432-0 | DataLocker H350 (Hardware Versions: P/Ns MXKB1B500G5001FIPS, MXKB1B001T5001FIPS, MXKB1B002T5001FIPS, DL-H350-0250SSD, DL-H350-0500SSD, DL-H350-1000SSD; Firmware Version: 1.1.0) (Files distributed with the module mounted within the Read-Only drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/31/2017 | 1/30/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1412 and #4139); DRBG (Cert. #1257); HMAC (Certs. #2712 and #2715); PBKDF (vendor affirmed); RSA (Certs. #2255 and #2256); SHS (Certs. #1282 and #3409) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "DataLocker H350 is a secure USB hard disk drive with 256-bit AES encryption and PKI operations combined with advanced authentication and policy management capabilities to help organizations control user access to sensitive data. DataLocker H350 allows enterprise management features like password recovery and remote kill." |
| 2825 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 17305 France Chanan Lavy TEL: 972-3-9781254 FAX: 972-3-9781010 Frederic Garnier TEL: +33 442364368 FAX: +33 442366953 CST Lab: NVLAP 100432-0 | eToken 5110 (Hardware Versions: P/Ns STM32F042K6U6TR [1] and SLE78CFX3000PH [2]; Firmware Versions: 5110 FIPS FW ver-15.0 [1] and IDCore30-revB- Build 06, eToken Applet version 1.8, eTPnP Applet V1.0 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/30/2017 | 1/29/2022 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Certs. #719, #803 and #804); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946, #1947 and #2037); SHS (Certs. #3146 and #3276); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed) -Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; Triple-DES (Cert. #2100, key wrapping; key establishment methodology provides 112 bits of strength) Multi-Chip Stand Alone "SafeNet eToken 5110 FIPS is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business." |
| 2824 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-4404 CST Lab: NVLAP 200802-0 | Aegis Secure Key 3Z Cryptographic Module (Hardware Versions: RevA {P/Ns ASK3Z-8GB (8GB) [A, B, C, D], ASK3Z-16GB (16GB) [A, B, C, D], ASK3Z-32GB (32GB) [A, B, C, D], ASK3Z-64GB (64GB) [A, B, C, D] and ASK3Z-128GB (128GB) [A, B, C, D]}; Firmware Versions: 7.1 [A], 7.5 [B], 7.7 [C], 7.8 [D]) (When installed, initialized and configured as specified in Section 11.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/30/2017 03/10/2017 03/27/2017 05/02/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-Chip Stand Alone "The Apricorn Aegis Secure Key 3z is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator" |
| 2823 | UnaliWear, Inc. 3410 Cherry Lane Austin, TX 78746 USA Jean Anne Booth TEL: 512-917-3088 Brian Kircher TEL: 512-773-7854 CST Lab: NVLAP 100432-0 | Kanega Watch (Software Version: 3.9.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2017 | 1/25/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): OpenRTOS v9.0.0 running on Atmel Sam4L8 Xplained Pro (single-user mode) -FIPS Approved algorithms: AES (Cert. #4012); HMAC (Cert. #2617); SHS (Cert. #3310) -Other algorithms: N/A Multi-Chip Stand Alone "The Kanega Watch is a cryptography software library." |
| 2822 | Toshiba Memory Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type B (Hardware Versions: A1 with PX05SVQ160B[1], A1 with PX05SVQ320B[2], A0 with PX05SRQ384B[3], A2 with PX05SVQ040B[4], A2 with PX05SRQ192B[5], A1 with PX05SVQ048B[6], A1 with PX05SVQ096B[7], A1 with PX05SVQ192B[8], A1 with PX05SVQ384B[9], A1 with PX05SRQ384B[10]; Firmware Versions: PX05MS00[1][2], PX056901[3], PX05MD42[4][5], PX050502[6][7][8][9][10]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2017 02/22/2017 05/02/2017 | 1/24/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2821 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA Diana Robinson TEL: 845-454-6397 Ian Hall TEL: 703-598-6876 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV3800 [1], SV3800B [2] and SV3800B-20 [3]; 090-03064 [1], 080-03563 [1], 080-03679 [1], 090-03550 [2], 080-03782 [2], 080-03787 [2], 090-03551 [3], 080-03783 [3], and 080-03788 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2017 | 1/24/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2820 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances (Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.6) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/23/2017 | 1/22/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #4249); CVL (Cert. #1002); DRBG (Certs. #332, #336, #819 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247, #1514, #2095 and #2787); RSA (Cert. #2298); SHS (Certs. #1794, #2091, #2737 and #3486); Triple-DES (Certs. #1321, #1513, #1881 and #2304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2819 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type A (Hardware Versions: A1 with PX05SVQ080B, A1 with PX05SVQ160B or A1 with PX05SRQ384B; Firmware Version: PX05NA00) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/19/2017 | 1/18/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2818 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA Service Module (SM) (Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/18/2017 | 1/17/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444 and #4249); CVL (Cert. #1002); DRBG (Certs. #332 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247 and #2787); RSA (Cert. #2298); SHS (Certs. #1794 and #3486); Triple-DES (Certs. #1321 and #2304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Embedded "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes." |
| 2817 | Hypori, Inc. 9211 Waterford Centre Blvd Suite 100 Austin, TX 78758 USA Evan Watkins TEL: 512-646-1040 CST Lab: NVLAP 200427-0 | Hypori FIPS Object Module for OpenSSL (Software Version: 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/13/2017 | 1/12/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 2.2 running on Qualcomm QSD8250 (ARMv7) without PAA (gcc Compiler Version 4.4.0)Android 2.2 running on Qualcomm QSD8250 (ARMv7) with PAA (gcc Compiler Version 4.4.0)Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)Android 2.2 running on OMAP 3530 (ARMv7) with PAA (gcc Compiler Version 4.1.0)VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2)Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6)Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)Android 4.0 running on TI OMAP 3 (ARMv7) with PAA (gcc Compiler Version 4.4.3)NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Android 4.1 running on TI DM3730 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.1 running on TI DM3730 (ARMv7) with PAA (gcc Complier Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) with PAA (gcc Compiler Version 4.6)Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with PAA (gcc compiler Version 4.4.3)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with PAA (gcc Compiler Version 4.2.1)OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without PAA (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with PAA (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without PAA (gcc Compiler Version 4.2.1)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with PAA (gcc Compiler Version 4.2.1)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 5.1)TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)iOS 8.1 64-bit running on Apple A7 (ARMv8) without PAA and Crypto Extensions (clang Compilerv Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with PAA and Crypto Extensions (clang Compiler Version 600.0.56)VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)iOS 8.1 32-bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without PAA (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with PAA (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without PAA and Crypto Extensions (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with PAA and Crypto Extensions (gcc Compiler Version 4.9) Android 4.4 (ARMv7 with Houdini) running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5)Android 4.4 running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090, #3264 and #4154); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372, #472 and #958); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607, #723 and #1262); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896, #933 and #1128); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558, #620 and #956); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937, #2063 and #2722); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581, #1664 and #2262); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553, #2702 and #3419); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780, #1853 and #2270) -Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Re-brand of OpenSSL Version 2.0.10 running in Hypori Virtual Device" |
| 2816 | Microwave Networks Inc. 4000 Greenbriar Dr., #100A Stafford, TX 77477 USA Ben Lee TEL: 281-263-6569 FAX: 281-263-6400 Angelos Liveris TEL: 281-263-6701 FAX: n/a CST Lab: NVLAP 100432-0 | Proteus MX Licensed Band Radio Cryptographic Module (Hardware Versions: P/Ns 8209361-10 Rev A03 [1], 8209361-12 Rev A03 [1], 8209361-14 Rev A03 [1], 8209363-10 Rev A03 [2], 8209363-12 Rev A03 [2] and 8209363-14 Rev A03 [2]; Firmware Version: 8746006-02 Rev A02 [1] or 8746007-02 Rev A02 [2]) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/12/2017 | 1/11/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4080, 4081 and #4082); CVL (Cert. #900); DSA (Cert. #1107); HMAC (Cert. #2664); SHS (Cert. #3360) -Other algorithms: HMAC-SHA-1-96 (HMAC Cert. #2664); DES; Diffie-Hellman; HMAC (non-compliant); HMAC-MD5; MD5; PRNG; RC4; SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Embedded "The module is a cryptographic device enclosed in a plug-in chassis that provides mux/demux and mod/dmod functions along with optional payload encryption for a line of license band point-to-point radios." |
| 2815 | CTERA Networks Ltd. CTERA Networks NA HQ 205 E. 42nd Street New York, NY 10017 USA Aron Brand Zohar Kaufman CST Lab: NVLAP 201029-0 | CTERA Crypto Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/12/2017 01/17/2017 | 1/16/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755, CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG Multi-Chip Stand Alone "CTERA Crypto Module™ (Server) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure." |
| 2814 | Utimaco IS GmbH Germanusstr. 4 52080 Aachen Germany Dr. Gesa Ott TEL: +49 241-1696-245 FAX: +49 241-1696-199 CST Lab: NVLAP 200983-0 | CryptoServer Se-Series Gen2 (Hardware Versions: 5.01.2.0 and 5.01.4.0; Firmware Version: 5.0.10.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/11/2017 01/25/2017 | 1/24/2022 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4028); CVL (Certs. #855 and #856); DRBG (Cert. #1202); DSA (Cert. #1091); ECDSA (Certs. #897 and #898); HMAC (Cert. #2628); KBKDF (Cert. #97); RSA (Certs. #2066 and #2067); SHS (Cert. #3321, #3322, and #3323); Triple-DES (Cert. #2205); Triple-DES MAC (Triple-DES Cert. #2205, Vendor Affirmed) -Other algorithms: AES (Cert. #4028, key wrapping; key establishment method provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #2205, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (Cert. #4028; non-compliant); DES; ECIES; KDF per PKCS #11 (non-compliant); MD5; MDC-2; RIPEMD-160; RSA (non-compliant); Triple-DES ANSI Retail MAC Multi-Chip Embedded "The CryptoServer Se-Series Gen2 Version 5.01.2.0 and 5.01.4.0 is an encapsulated protected security module which is realized as a multi-chip embedded cryptographic module as defined in FIPS 140-2. It's realization meets the overall FIPS 140-2 Level 3 requirements. The primary purpose of this module is to provide secure cryptographic services such as encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment." |
| 2813 | Gemalto SA Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Carlos ROMERO-LICERAS TEL: +33 442365666 FAX: +33 442365545 Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 CST Lab: NVLAP 100432-0 | TOPDLv2.1 Platform (Hardware Version: NXP P60D144P VA (MPH149); Firmware Versions: TOPDLV2.1 (Filter04), Demonstration Applet version V1.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/11/2017 | 1/10/2022 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3543); CVL (Certs. #597, #815 and #834); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); KTS (AES Cert, #3543; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #1984; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed) -Other algorithms: NDRNG Single Chip "TOPDLv2.1 is a part of Gemalto's TOPDL family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. TOPDLv2.1 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1/2.2 Amdt D specifications with both contact and contactless interfaces. TOPDLv2.1 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control" |
| 2812 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA Diana Robinson TEL: 845-454-6397 Ian Hall TEL: 703-598-6876 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV1800-C [1], SV1800B-C [2], SV1800-F [3], SV1800B-F [4], SV2800 [5] and SV2800B [6]; 090-03061 [1], 080-03560 [1], 080-03676 [1], 090-03547 [2], 080-03779 [2], 080-03784 [2], 090-03062 [3], 080-03561 [3], 080-03677 [3], 090-03548 [4], 080-03780 [4], 080-03785 [4], 090-03063 [5], 080-03562 [5], 080-03678 [5], 090-03549 [6], 080-03781 [6], 080-03786 [6] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/11/2017 | 1/10/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2811 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series (Hardware Versions: MZILS7T6HMLS-000H9 and MZILS15THMLS-000H9; Firmware Version: 3P00) (When installed, initialized and configured as specified in the Security Rules Section of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2017 | 1/4/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #617 and #3213); DRBG (Cert. #121); ECDSA (Cert. #932); SHS (Cert. #3382) -Other algorithms: NDRNG Multi-Chip Stand Alone "Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series are a high-performance Self-Encrypting SSDs supporting SAS 12G Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and CTR_DRBG for key generation." |
| 2810 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-745-2000 Seyed Safakish TEL: 408-745-2000 CST Lab: NVLAP 100432-0 | EX4300 Ethernet Switches (Hardware Versions: P/N EX4300-24P, EX4300-24T, EX4300-48P, EX4300-48T, EX4300-32F with 520-052564 (Tamper Seal); Firmware Version: JUNOS 14.1X53-D30.3) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/21/2016 | 12/20/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3655); CVL (Cert. #668); DRBG (Cert. #984); ECDSA (Cert. #763); HMAC (Certs. #2404 and #2405); SHS (Certs. #3072 and #3073); Triple-DES (Cert. #2045) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; arcfour; blowfish; cast128; Diffie-Hellman (non-compliant); DSA; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; ripemd160; RSA (non-compliant); umac-64; umac-128 Multi-Chip Stand Alone "Juniper Networks EX4300 Ethernet Switches combine the carrier-class reliability of modular systems with the economics of stackable platforms, delivering a high-performance, scalable solution for data center and campus office environments. Offering a full suite of Layer 2 and Layer 3 switching capabilities, EX4300 switches offer 24 or 48-port 10/100/1000BASE-T configurations with redundant, hot-swappable internal power supplies and field-replaceable fans to ensure maximum uptime. In addition, Power over Ethernet (PoE)-enabled EX4300 switch models offer standards-based 802.3at PoE+." |
| 2809 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 100432-0 | Protiva™ PIV v1.55 on TOP DL v2 (Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55) (When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1690.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/20/2016 | 12/19/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1363); CVL (Certs. #217 and #224); ECDSA (Cert. #172); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
| 2808 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Jongseong Kim TEL: 82-10-4535-0110 FAX: 82-2-6950-2080 Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 CST Lab: NVLAP 100432-0 | LG OpenSSL Cryptographic Module (Software Version: 2.0.8) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985) Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3291); CVL (Cert. #468); DRBG (Cert. #749); DSA (Cert. #944); ECDSA (Cert. #638); HMAC (Cert. #2089); RSA (Cert. #1684); SHS (Cert. #2730); Triple-DES (Cert. #1876) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of strength); PRNG Multi-Chip Stand Alone "The LG OpenSSL Cryptographic Module is a software library that provides cryptographic functionality." |
| 2807 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Kazuhisa Kanazawa TEL: +81-45-890-2743 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (THNSB8 model) (Hardware Versions: A0 with THNSB8480PCSE, A0 with THNSB8800PCSE, A0 with THNSB8960PCSE, A0 with THNSB81Q60CSE, or A0 with THNSB81Q92CSE; Firmware Version: 8EEF7101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2016 | 12/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3899 and #3900); DRBG (Cert. #1127); HMAC (Certs. #2543 and #2625); RSA (Cert. #1998); SHS (Certs. #3213 and #3308) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2806 | KACST / Parsec An Nakhil Housing King Abdulaziz City for Science and Technology Riyadh, Riyadh 12371 Soudi Arabia Dr. Hatim M. Behairy TEL: +966-1-481-3549 FAX: +966-1-481-4572 Tobie van Loggerenberg TEL: +27-12-6789740 FAX: +27-12-6789741 CST Lab: NVLAP 100432-0 | HSID5000A (Hardware Version: HSID5000A; Firmware Version: v1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/13/2016 | 12/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3768 and #3961); DRBG (Cert. #1038); DSA (Cert. #1048); ECDSA (Cert. #811); HMAC (Cert. #2468); PBKDF (vendor affirmed); SHS (Cert. #3138); Triple-DES (Cert. #2096) -Other algorithms: Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RSA (non-compliant) Multi-Chip Stand Alone "The HSID5000A is a portable USB device that provides high security cryptographic functionality with secure storage for any personal computer. These cryptographic functions and storage allow the HSID5000A to be used in PKI environments with third party applications to securely login to domains, sign and verify emails and encrypt and decrypt files. The module supports a single user with access to the cryptographic functions and a cryptographic officer to enforce policy on the user. The module provides software interfaces as defined by the PKCS#11 standard and Microsoft CSP/KSP." |
| 2805 | Hospira, Inc. 275 North Field Drive Lake Forest, IL 60045 USA Chaitanya Srinivasamurthy TEL: 224-212-5715 FAX: 224-212-7910 Slawomir Ciapala TEL: 224-212-5545 FAX: 224-212-7910 CST Lab: NVLAP 100432-0 | Hospira CE3.0 OpenSSL Cryptographic Module (Software Version: 2.0.9) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/13/2016 | 12/12/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 2.3.7 running on Hospira Plum360 Infusion System with an i.MX53 Arm Cortex-A8 (single user mode) -FIPS Approved algorithms: AES (Cert. #3930); CVL (Cert. #781); DRBG (Cert. #1139); DSA (Cert. #1073); ECDSA (Cert. #860); HMAC (Cert. #2553); RSA (Cert. #2007); SHS (Cert. #3240); Triple-DES (Cert. #2157) -Other algorithms: EC Diffie-Hellman (CVL Cert. #781, key agreement, key establishment methodology provides between 112 and 256 bit of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG Multi-Chip Stand Alone "Hospira OpenSSL FIPS Object Module 2.0.9 is used within various Hospira Infusion Pumps for providing secure communication between Infusion pumps and external server." |
| 2804 | SafeLogic Inc. 530 Lytton Ave Suite 200 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 100432-0 | CryptoComply™ | Java (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/08/2016 | 12/7/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "CryptoComply™ | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2803 | Acronis International GmbH Rheinweg 9 8200 Schaffhausen Switzerland Oleg Mikhalsky TEL: +7 (495) 648-14-27 FAX: +7 (495) 708-44-89 Anton Enakiev TEL: +7 (495) 648-14-27 FAX: +7 (495) 708-44-89 CST Lab: NVLAP 200968-0 | Acronis AnyData Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/06/2016 | 12/5/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on an Intel Core i5-5300U system with PAA Red Hat Enterprise Linux 7.1 running on an Intel Core i5-5300U system with PAA Windows 2008 R2 64bit running on an Intel Core i5-5300U system with PAA Windows 2012 R2 64bit running on an Intel Core i5-5300U system with PAA Acronis Virtual Appliance Linux 11.5 on vSphere 5.5 running on an Intel Core i5-5300U system with PAA Windows 7 Ultimate 64bit running on an Intel Core i5-5300U system with PAA Windows 8.1 Pro 64bit running on an Intel Core i5-5300U system with PAA Red Hat Enterprise Linux 6.6 running on an Intel Core i3-3217U system without PAA Red Hat Enterprise Linux 7.1 running on an Intel Core i3-3217U system without PAA Windows 2008 R2 64bit running on an Intel Core i3-3217U system without PAA Windows 7 Ultimate 32bit running on an Intel Core i3-3217U system without PAA Windows 2012 R2 64bit running on an Intel Core i3-3217U system without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3520 and #3521); CVL (Cert. #746); DRBG (Certs. #879 and #880); DSA (Cert. #1056); ECDSA (Cert. #838); HMAC (Cert. #2249); RSA (Cert. #1807); SHS (Cert. #2903); Triple-DES (Cert. #1977) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Acronis AnyData Cryptographic Library (AACL) is a cryptographic software module used in various Acronis products." |
| 2802 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Amir Shahhosseini TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | WildFire WF-500 (Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2016 | 12/4/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks" |
| 2801 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 100432-0 | Protiva™ PIV v2.0 using TOP DL v2 and TOP IL v2 (Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10) (When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1843.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/30/2016 | 11/29/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1973); CVL (Certs. #18, #217 and #224); ECDSA (Cert. #284); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
| 2800 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Palo Alto Networks VM-Series (Software Version: 7.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/30/2016 | 11/29/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): VMware ESXi 5.5 running on a Dell PowerEdge R730 CentOS 6.5 - KVM running on a Dell Power Edge R620 Citrix XenServer 6.1.0 running on a Citrix NetScaler SDX 11500 (single-user mode) -FIPS Approved algorithms: AES (Cert. #4019); CVL (Certs. #843, #844, #845 and #846); DRBG (Cert. #1197); ECDSA (Cert. #895); HMAC (Cert. #2621); KAS (SP 800-56Arev2 with CVL Certs. #843 and #844, vendor affirmed); RSA (Cert. #2062); SHS (Cert. #3315) -Other algorithms: AES (Cert. #4019, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features." |
| 2799 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B, 910-000117-00A, 910-000137-00A, 910-000136-00A [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/28/2016 | 11/27/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
| 2798 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Jaroslav Reznik TEL: +420-532-294-645 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 with CPACF (Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: 4.0) (When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 11/23/2016 | 11/22/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3570, #3591, #3861, #3862 and #3863); DRBG (Certs. #916, #925, #1095, #1096 and #1097); HMAC (Certs. #2276 and #2508); RSA (Certs. #1838 and #1971); SHS (Certs. #2938 and #3183); Triple-DES (Certs. #1990, #2129 and #2130) -Other algorithms: DES; GHASH; PRNG; SHS (non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
| 2797 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-3060 and PA-7080 Firewalls (Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B, 910-000117-00A, 910-000136-00A, or 910-000137-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/22/2016 | 11/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures." |
| 2796 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive (Hardware Versions: ST4000NM0131 [1], ST4000NM0121 [2], ST900MP0126 [3,4,5,6,7,8], ST600MP0026 [9,10,11,12,13,14], ST900MP0166 [15,16,17,18], ST600MP0156 [19,20,21,22], ST10000NM0246 [23,24], ST10000NM0236 [25], ST1200MM0069 [26], ST2400MM0149 [27], ST1800MM0149 [27], ST1200MM0149 [27]; Firmware Versions: BE53[1], BE52[2], NF02[3,9], KSC4[4,10], KSC5[5,11], NF03[6,12], KSC6[7,13], KPC4[8,14], CF02[15,19], CFA2[16,20], CF03[17,21], KMT4[18,22], KF01[23], TF14[24], EF01[25], NF01[26] and CF01[27]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/22/2016 03/07/2017 06/22/2017 | 11/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947, #3759, #3760 and #3940); CVL (Certs. #828 and #852); DRBG (Cert. #1146); HMAC (Certs. #2565 and #2613); PBKDF (vendor affirmed); RSA (Certs. #2013 and #2056); SHS (Certs. #3250 and #3304) -Other algorithms: Diffie-Hellman (CVL Cert. #852, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided throug" |
| 2795 | STMicroelectronics Green Square Building B Lambroekstraat 5 Diegem/Machelen B-1831 Belgium Olivier COLLART TEL: +32 272 450 77 FAX: +32 272 451 43 Xavier BOUSSIN TEL: +33 223 470 695 FAX: +33 223 470 400 CST Lab: NVLAP 200002-0 | Trusted Platform Module ST33TPHF2ESPI (Hardware Versions: ST33HTPH2E28AHA5, ST33HTPH2E32AHA5, ST33HTPH2E28AAE5 and ST33HTPH2E32AAE5; Firmware Version: 47.08) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2016 | 11/14/2021 | Overall Level: 1 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4001); CVL (Cert. #829); DRBG (Cert. #1191); HMAC (Cert. #2614); KBKDF (Cert. #93); KTS (AES Cert. #4001 and HMAC Cert. #2614; key establishment methodology provides 128 bits of encryption strength); RSA (Cert. #2057); SHS (Certs. #3305 and #3306) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MGF1 Single Chip "ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification." |
| 2794 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2016 06/02/2017 | 11/14/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3977, #4003, #4004 and #4005); CVL (Cert. #807); DRBG (Cert. #1170); ECDSA (Cert. #876); HMAC (Cert. #2595); KAS (Cert. #81); RSA (Cert. #2039); SHS (Cert. #3282); Triple-DES (Cert. #2182) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN4010, CN4020 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is also equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms and GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC (Traffic Flow Security) which can be used to remove patterns in network traffic and prevent traffic analysis." |
| 2793 | Ultra Electronics AEP Knaves Beech Business Centre Loud Water High Wycombe Buckinghamshire HP10 9UT United Kingdom Rob Stubbs CST Lab: NVLAP 200556-0 | Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module (Hardware Version: 2870-G1; Firmware Versions: 2r3, 2r4, 3r2, 3r3, and 3r4) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2016 01/30/2017 07/11/2017 | 1/29/2022 | Overall Level: 4 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2684); DRBG (Certs. #434, #786, #1237, #1387, and #1501); DSA (Cert. #813); ECDSA (Cert. #470); HMAC (Certs. #1671, #2138, #2686, #2884, and #3004); RSA (Cert. #1384); SHS (Certs. #2255, #2782, #3384, #3581, and #3728); Triple-DES (Cert. #1610); Triple-DES MAC (Triple-DES Cert. #1610, vendor affirmed); -Other algorithms: AES (Cert. #2684, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); RIPEMD-160; RSA (non-compliant); SEED; SPKM KDF (non-compliant); XOR_BASE_AND_DATA (key derivation) Multi-Chip Embedded "The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications." |
| 2792 | Legion of the Bouncy Castle Inc. 85 The Crescent Ascot Vale, Victoria 3032 Australia David Hook TEL: +61438170390 Jon Eaves TEL: +61417502969 CST Lab: NVLAP 200928-0 | BC-FNA (Bouncy Castle FIPS .NET API) (Software Version: 1.0.1) (When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/14/2016 | 11/13/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Windows 7.0 SP1 on .NET framework 4.5.2 running on HP Zbook 14 G2 Windows 8.1 Pro on .NET framework 4.5.2 running on a HP Zbook 14 G2 Windows 10 Enterprise on .NET framework 4.6.1 running on a Lenovo Flex 3 Windows 10 Pro on .NET framework 4.6.1 running on an Asus T100HA (single-user mode) -FIPS Approved algorithms: AES (Cert. #4015); CVL (Certs. #837, #838, #839 and #875); DRBG (Cert. #1194); DSA (Cert. #1087); ECDSA (Cert. #894); HMAC (Cert. #2618); KAS (Cert. #89); KAS (SP 800-56Arev2 with CVL Cert. #875, vendor affirmed); KTS (AES Cert. #4015; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2199; key establishment methodology provides 112 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #2059); SHA-3 (Cert. #5); SHS (Cert. #3312); Triple-DES (Cert. #2199) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256. Multi-Chip Stand Alone "The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well." |
| 2791 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) and ID Quantique SA 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN8000 Multi-slot Encryptor (Hardware Versions: A8003-01, A8003-02, A8003-03, A8003-04, A8003-05, A8003-06, A8003-07, A8003-08, A8003-09 and A8003-10; Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2016 06/02/2017 | 11/13/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3976, #4008, #4009 and #4010); CVL (Cert. #806); DRBG (Cert. #1169); ECDSA (Cert. #875); HMAC (Cert. #2594); KAS (Cert. #80); RSA (Cert. #2038); SHS (Cert. #3281); Triple-DES (Cert. #2181) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN8000 is a high-speed multi-slot hardware encryption platform that secures data over Ethernet and Fibre Channel networks. The CN8000 supports up to 10 high speed encryption slots. Each slot can be configured by the user to support 1-10Gb/s Ethernet or 1-4Gb/s Fibre Channel. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication." |
| 2790 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-5140B Chassis with FortiGate-5001D Blade (Hardware Version: Chassis: P09297-01; Blade: P1AB76; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build8892, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/08/2016 | 11/7/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2789 | Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/08/2016 06/02/2017 | 11/7/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3347, #3978, #4006 and #4007); CVL (Cert. #808); DRBG (Cert. #1171); ECDSA (Cert. #877); HMAC (Cert. #2596); KAS (Cert. #82); RSA (Cert. #2040); SHS (Cert. #3283); Triple-DES (Cert. #2183) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The CN6000 Series are high-speed hardware encryption platforms that secure data over optical and twisted-pair Ethernet and Fibre Channel networks. Models included are the CN6100 10G Ethernet; operating at a line rate of 10Gb/s and the CN6040 Ethernet and FC selectable model, operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication. TRANSEC (aka Traffic Flow Security or TFS) can be used to remove patterns in network traffic and prevent traffic analysis." |
| 2788 | Check Point Software Technologies Ltd. 2101 Gaither Road Suite 350 Rockville, MD 20850 USA Malcom Levy TEL: +972-37534561 FAX: 732-416-1370 CST Lab: NVLAP 200427-0 | Check Point CryptoCore (Software Version: 4.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2016 | 11/6/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (User Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (User Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (Kernel Space) Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (Kernel Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (User Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (User Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (Kernel Space) macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (Kernel Space) (single-user mode) -FIPS Approved algorithms: AES (Cert. #4112); DRBG (Cert. #1238); HMAC (Cert. #2687); KTS (AES Cert. #4112; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2225); SHA-3 (Cert. #7); SHS (Cert. #3385); Triple-DES (Cert. #2247); Triple-DES MAC (Triple-DES Cert. #2247, vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5 Multi-Chip Stand Alone "Check Point CryptoCore is a 140-2 Level 1 cryptographic module for Windows 10 and macOS Sierra. The module provides cryptographic services accessible in kernel mode and user mode on the respective platforms through implementation of platform specific binaries." |
| 2787 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Amir Shahhosseini TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Panorama M-100 and M-500 (Hardware Versions: P/Ns 910-000030 Version 00D [1], 910-000092 Version 00D [1] and 910-000073 Version 00D [2]; FIPS Kit P/N 920-000140 Version 00A [1] and FIPS Kit P/N 920-000145 Version 00A [2]; Firmware Version: 7.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2016 11/14/2016 | 11/13/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316) -Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "Panorama on the M-100 and M-500 provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. The M-500 provides an additional service, the PAN-DB private cloud, which is an on-premise solution suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service." |
| 2786 | Nokia Corporation 600 March Road Ottawa, ON K2K 2E6 Canada Carl Rajsic CST Lab: NVLAP 200556-0 | SR-OS Cryptographic Module (Firmware Version: 14.0R4) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 11/07/2016 | 11/6/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SR-OS on CPM-7950 XRS-20 CPM SR-OS on CPM-7950 XRS-16 CPM SR-OS on CPM-7750 SR CPM5 SR-OS on CFP-7750 SR-c12 CFM-XP-B SR-OS on CPM-7750 SR-a SR-OS on CPM-7750 SR-e -FIPS Approved algorithms: AES (Cert. #4011); CVL (Cert. #835); DRBG (Cert. #1193); DSA (Cert. #1086); ECDSA (Cert. #893); HMAC (Cert. #2616); RSA (Cert. #2058); SHS (Cert. #3309); Triple-DES (Cert. #2198) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it." |
| 2785 | Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 CST Lab: NVLAP 100432-0 | Protiva PIV Applet v1.55 on Protiva TOP DM Card (Hardware Versions: GCX4-M2569420 [1, 2], GXP4-M2569430 [3, 4], GCX4-M2569422 [1, 2], GCX4-A1004155 [1, 2] and GCX4-A1026517 [1, 2]; Firmware Versions: GCX4-FIPS EI07 (MPH051) [1], GCX4-FIPS EI08 [2], GXP4-FIPS EI07 (MPH052) [3] and GXP4-FIPS EI08 [4]; Applet Version: Protiva PIV Applet v1.55) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #691.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2016 | 11/6/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #355); CVL (Cert. #205); RSA (Cert. #119); SHS (Cert. #427); Triple-DES (Cert. #412); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, N" |
| 2784 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-30D/60D/92D, FortiWiFi-60D and FortiGateRugged-60D (Hardware Versions: C1AA93, C1AB28, C1AC34, C1AB32, and C1AB57 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718,160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3965); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2583); RSA (Certs. #2024 and #2025); SHS (Certs. #3267, #3268 and #3269); Triple-DES (Certs. #2172, #2173 and 2174) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CCM (non-compliant); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2783 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1000D/1500D (Hardware Versions: C1AB95 and C1AA64 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2782 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-3700D/3815D (Hardware Versions: C1AA92 and C1AE66 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2781 | Fortinet, Inc. 899 Kifer Road Sunnyvale, CA 94086 USA Alan Kaye TEL: 613-225-9381 x87416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-100D/200D/300D/500D (Hardware Versions: C4LL40, C4KV72, C1AB49 and C1AB51 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/31/2016 | 10/30/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2780 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Jaroslav Reznik TEL: +420-532-294-645 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux GnuTLS Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/31/2016 | 10/30/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM z13 Red Hat Enterprise Linux 7.1 running on IBM Power System S814 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3613, #3614, #3615, #3616, #3617, #3618 and #3619); CVL (Certs. #632, #633, #634, #635, #636, #637, #638, #639, #640 and #641); DRBG (Certs. #943, #944, #945, #946, #947, #948 and #949); DSA (Certs. #1008, #1009, #1010, #1011 and #1012); ECDSA (Certs. #745, #746, #747, #748 and #749); HMAC (Certs. #2320, #2321, #2322, #2323 and #2324); RSA (Certs. #1860, #1861, #1862, #1863 and #1864); SHS (Certs. #2986, #2987, #2988, #2989 and #2990); Triple-DES (Certs. #2013, #2014, #2015, #2016 and #2017) -Other algorithms: Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST128; DES; GOST Hash; MD2; MD4; MD5; PBKDFv2 (RFC2898); PRNG; RC2; RC4; RIPEMD160; Salsa20; Serpent; SHA-3 (non-compliant); Twofish; UMAC Multi-Chip Stand Alone "GnuTLS is a secure communications library implementing the SSH, TLS, and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PCKS#12, and other required structures which is shipped with Red Hat Enterprise Linux 7.1." |
| 2779 | DocuSign, Inc. 221 Main St. Suite 1000 San Francisco, CA 94105 USA Ezer Farhi TEL: 972-3-9279529 FAX: 972-3-9230864 CST Lab: NVLAP 200002-0 | DocuSign Signature Appliance (Hardware Version: 8.0; Firmware Version: 8.1) (When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2016 | 10/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #787); DRBG (Certs. #98 and #1203); HMAC (Certs. #2564 and #2629); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2068); SHS (Certs. #1465, #3249 and #3324); Triple-DES (Certs. #2161 and #2206); Triple-DES MAC (Triple-DES Cert. #2206, vendor affirmed) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data." |
| 2778 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder FIPS Java Module (Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/24/2016 | 10/23/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1] Solaris 10 64-bit [1] Red Hat Linux AS 5.5 32-bit [1] Red Hat Linux AS 5.5 64-bit [1] Windows Vista 32-bit [1] Windows Vista 64-bit [1] Windows 2008 Server 64-bit [1] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG Multi-Chip Stand Alone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
| 2777 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/21/2016 | 10/20/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1] Solaris 10 64-bit [1] Red Hat Linux AS 5.5 32-bit [1] Red Hat Linux AS 5.5 64-bit [1] Windows Vista 32-bit [1] Windows Vista 64-bit [1] Windows 2008 Server 64-bit [1] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG Multi-Chip Stand Alone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry products such as the BlackBerry PlayBook Administration Service, and other BlackBerry products." |
| 2776 | Fuji Xerox Co., Ltd. 6-1, Minatomirai, Nishi-ku Yokohama-Shi, Kanagawa 220-8668 Japan Yoshinori Ando TEL: +81-45-755-5504 CST Lab: NVLAP 100432-0 | FX Cryptographic Kernel Module (Software Version: 1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/21/2016 | 10/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): WindRiver® Linux 6 running on Raspberry Pi 1 Model B (single-user mode) -FIPS Approved algorithms: AES (Cert. #3952); DRBG (Cert. #1190); HMAC (Cert. #2574); SHS (Cert. #3260); Triple-DES (Cert. #2165) -Other algorithms: N/A Multi-Chip Stand Alone "The FX Cryptographic Kernel Module is a kernel module which operates as callback functions of WindRiver® Linux CryptoAPI." |
| 2775 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Cloud Services Router 1000 Virtual (Software Version: 3.16) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/20/2016 | 10/19/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120S M2 IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120E 208 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3989); CVL (Cert. #830); DRBG (Cert. #1181); ECDSA (Cert. #885); HMAC (Cert. #2604); KBKDF (Cert. #94); RSA (Cert. #2047); SHS (Cert. #3293); Triple-DES (Cert. #2189) -Other algorithms: Diffie-Hellman (CVL Cert. #830, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The Cisco® Cloud Services Router 1000V (CSR 1000V) is a virtual form-factor router that delivers comprehensive WAN gateway and network services functions into virtual and cloud environments. Using familiar, industry-leading Cisco IOS® XE Software networking capabilities, the CSR 1000V enables enterprises to transparently extend their WANs into provider-hosted clouds" |
| 2774 | Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101 CST Lab: NVLAP 100432-0 | SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1085.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2016 | 10/18/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2" |
| 2773 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 CST Lab: NVLAP 100432-0 | Protiva PIV Applet v1.55 on Protiva TOP DL Card (Hardware Versions: A1005291- CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 -CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Version: Protiva PIV Applet v1.55) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1044.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2016 | 10/18/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: PRNG Single Chip "This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255." |
| 2772 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | Rosetta microSDHC™ (Hardware Versions: 851314011F, 851314012F and 851314013F; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/18/2016 | 10/17/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3028); CVL (Cert. #419); DRBG (Cert. #658); ECDSA (Cert. #578); HMAC (Cert. #1913); KAS (Cert. #52); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1611); SHS (Cert. #2529); Triple-DES (Cert. #1772) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "The Rosetta microSDHC™ is a hardware encryption engine available in a microSD embodiment supporting Suite B functionality that is ideal for embedded, Internet of Things, and secure flash storage applications." |
| 2771 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 4506-E with Supervisor Card (WS-X45-SUP8-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP8-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/17/2016 | 10/16/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2057 and #4018); CVL (Cert. #841); DRBG (Cert. #1196); HMAC (Cert. #2620); KBKDF (Cert. #96); RSA (Cert. #2061); SHS (Cert. #3314); Triple-DES (Cert. #2200) -Other algorithms: AES (Cert. #4018, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev." |
| 2770 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade VDX 6740, VDX 6740T, VDX 6940 and VDX 8770 Switches (Hardware Versions: {[BR-VDX6740-24-F (80-1007295-01), BR-VDX6740-24-R (80-1007294-01), BR-VDX6740-48-F (80-1007483-01), BR-VDX6740-48-R (80-1007481-01), BR-VDX6740-64-F (80-1007520-01) and BR-VDX6740-64-R (80-1007521-01)], [BR-VDX6740T-24-F (80-1007273-01), BR-VDX6740T-24-R (80-1007274-01), BR-VDX6740T-48-F (80-1007485-01), BR-VDX6740T-48-R (80-1007487-01), BR-VDX6740T-64-F (80-1007522-01), BR-VDX6740T-64-R (80-1007523-01), BR-VDX6740T-56-1G-R (80-1007863-03) and BR-VDX6740T-56-1G-F (80-1007864-03)], [BR-VDX6940-24Q-AC-F (80-1008854-01), BR-VDX6940-24Q-AC-R (80-1008855-01), BR-VDX6940-36Q-AC-F (80-1008851-01), BR-VDX6940-36Q-AC-R (80-1008850-01), BR-VDX6940-64S-AC-F (80-1008529-01), BR-VDX6940-64S-AC-R (80-1008526-01), BR-VDX6940-96S-AC-F (80-1008530-01), BR-VDX6940-96S-AC-R (80-1008527-01), BR-VDX6940-144S-AC-F (80-1008531-01), BR-VDX6940-144S-AC-R (80-1008528-01)], [BR-VDX8770-4-BND-AC (80-1005850-02), BR-VDX8770-4-BND-DC (80-1006532-03), BR-VDX8770-8-BND-AC (80-1005905-02) and BR-VDX8770-8-BND-DC (80-1006533-03)] with FRUs (80-1006430-01, 80-1006295-01, 80-1006294-02, 80-1006293-02, 80-1006048-02, 80-1006431-01, 80-1006429-01)} with FIPS Kit P/N Brocade XBR-000195 (80-1002006-02); Firmware Version: Network OS (NOS) v6.0.2 P/N: 63-1001691-01) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 2, 3, 4 and 5 as defined in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/17/2016 | 10/16/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3544); CVL (Certs. #600 and #601); DRBG (Cert. #901); ECDSA (Cert. #722); HMAC (Cert. #2264); RSA (Cert. #1826); SHS (Cert. #2924); Triple-DES (Cert. #1985) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #600, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; CAST5; DES; DES3; DESX; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); MD2; MD4; RC2; RC4; RMD160; SNMPv3 KDF (non-compliant); UMAC-64 Multi-Chip Stand Alone "The Brocade VDX 6740 and VDX 6740T are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for Top of the Rack (TOR) fabric deployments. The Brocade VDX 6940 switches are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for high density 10GbE switch for the TOR or Middle of the Row (MOR) or for End of the Row (EOR) configurations. The Brocade VDX 8770 Switch is designed to scale out Brocade VCS Fabrics (VCS) and support complex environments with dense virtualization and dynamic automation requirements." |
| 2769 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type C (Hardware Version: A0 with PX04SMQ080B or PX04SMQ160B; Firmware Version: AR02) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/13/2016 | 10/12/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2768 | Legion of the Bouncy Castle Inc. 85 The Crescent Ascot Vale, Victoria 3032 Australia David Hook TEL: +61438170390 FAX: n/a Jon Eaves TEL: +61417502969 FAX: n/a CST Lab: NVLAP 100432-0 | BC-FJA (Bouncy Castle FIPS Java API) (Software Version: 1.0.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/12/2016 | 10/11/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode) -FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHS (Cert. #3126); SHA-3 (Cert. #3); Triple-DES (Cert. #2090) -Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL Multi-Chip Stand Alone "The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well." |
| 2767 | Kaspersky Lab UK Ltd. 1st Floor, 2 Kingdom Street Paddington, London, W2 6BD United Kingdom Oleg Andrianov TEL: +7 495 797 8700 CST Lab: NVLAP 200968-0 | Kaspersky Cryptographic Module (Kernel Mode) (Software Version: 3.0.1.25) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2016 | 10/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA Windows 10 Enterprise 64 bit running on an Intel® Core™ i7-4600U CPU @ 2.10GHz system with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2956 and #2957); DRBG (Certs. #557, #558 and #892); HMAC (Certs. #1875 and #1876); PBKDF (vendor affirmed); RSA (Certs. #1555 and #1556); SHA-3 (vendor affirmed); SHS (Certs. #2488 and #2489) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Kaspersky Cryptographic Module (Kernel Mode) is a Windows kernel driver that provides cryptographic services for various Kaspersky Lab applications." |
| 2766 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Version: MZILS3T8HCJM-000G6; Firmware Versions: NA02 and NA04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2016 03/07/2017 | 10/10/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3213); DRBG (Cert. #121); ECDSA (Cert. #595); SHS (Cert. #2660) -Other algorithms: NDRNG Multi-Chip Stand Alone "Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase." |
| 2765 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiOS 5.2 (Firmware Versions: 5.2.7, build0718,160328) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 10/07/2016 | 10/6/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): FortiGate-300D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Certs. #3963 and #3964); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581 and #2582); RSA (Cert. #2024); SHS (Certs. #3267 and #3268); Triple-DES (Certs. #2172 and #2173) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5 Multi-Chip Stand Alone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 2764 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA CST Lab: NVLAP 100432-0 | nShield Remote Administration Token (Hardware Version: NXP P60D144; Firmware Version: Athena IDProtect 0501.5175.0001 with Authentication Token Applet 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/06/2016 | 10/5/2021 | Overall Level: 3 -Physical Security: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3780); CVL (Cert. #721); DRBG (Cert. #1046); ECDSA (Cert. #815); KBKDF (Cert. #82); KTS (AES Cert. #3780; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1948); SHS (Cert. #3147) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); NDRNG Single Chip "The nShield Remote Administration Token is a single chip smart card micro-controller implementing the Global Platform operational environment, with Card Manager and the Authentication Token Applet. It implements the Remote Administration Card which enables the remote administration of Thales nShield Hardware Security Modules." |
| 2763 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA John Monti TEL: 845-435-4164 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 2 Release 1 ICSF PKCS #11 Cryptographic Module (Hardware Versions: COP chips integrated within processor unit [1] and P/N 00LV487 [2]; Firmware Versions: Feature 3863 (aka FC3863) with System Driver Level 22H [1] and CCA 5.2.27z RC30 [2]; Software Version: OA50113) (When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 10/06/2016 | 10/5/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3958 and #4036); CVL (Certs. #882 and #883); DRBG (Certs. #1206 and #1212); DSA (Certs. #1092 and #1097); ECDSA (Cert. #901); HMAC (Cert. #2633); RSA (Certs. #2070 and #2088); SHS (Certs. #3196 and #3327); Triple-DES (Cert. #2214) -Other algorithms: AES (Cert. #3958, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #2214, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (encrypt/decrypt) Multi-Chip Stand Alone "ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services." |
| 2762 | VT iDirect, Inc. 13861 Sunrise Valley Drive, Suite 300 Herndon, VA 20171 USA Chris Gormont TEL: 703.880.6257 CST Lab: NVLAP 200556-0 | Evolution e8350-FIPSL2 Satellite Router Board [1], iConnex e800-FIPSL2 Satellite Router Board [2], iConnex e850MP-FIPSL2 Satellite Router Board [3], Evolution eM1D1-FIPSL2 Line Card [4], and Evolution eM0DM-FIPSL2 Line Card [5] (Hardware Versions: E0000051-0005 [1], E0001340-0001 [2], E0000731-0004 [3], E0001306-0001 [4], and E0001306-0002 [5]; Firmware Version: iDX 3.3.2.5; iDX 3.4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/03/2016 06/17/2017 | 10/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3548, #3549, #3603 and #3623); CVL (Cert. #606); DRBG (Cert. #904); HMAC (Cert. #2267); RSA (Cert. #1828); SHS (Cert. #2927) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryptionstrength); PBKDF (non-compliant); NDRNG Multi-Chip Embedded "iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical." |
| 2761 | Ionic Security Inc. 1170 Peachtree Street NE Suite 400 Atlanta, GA 30309 USA Ionic Support TEL: 404-736-6000 Nicholas Smith TEL: 404-736-6000 CST Lab: NVLAP 200928-0 | FIPS Crypto Module (Software Version: 1.1) (When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/27/2016 | 9/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 SP1 running on a Hewlett-Packard (HP) Z230 desktop CentOS 7.1 running on an Intel Server System R1304GZ4GC (single-user mode) -FIPS Approved algorithms: AES (Cert. #3772); DRBG (Cert. #1042); HMAC (Certs. #2472 and #2520); PBKDF (vendor affirmed); RSA (Cert. #1942); SHS (Certs. #3142 and #3200) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Ionic Security’s Fusion Platform implements the FIPS Crypto Module for all cryptographic functions such as key pair generation, digital signature generation/ and verification, encryption and decryption, hashing functions, and message authentication." |
| 2760 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Mondher Razouane TEL: +1(916)785-1894 FAX: +1(916)209-9495 Kris Meert TEL: +34-960-022029 FAX: +1(916)209-9495 CST Lab: NVLAP 200835-0 | HPE XP7 Encryption Ready Disk Adapter (eDKA) (Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/27/2016 08/01/2017 | 9/26/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775); KTS (AES Cert. #3341) -Other algorithms: N/A Multi-Chip Embedded "The HPE XP7 Encryption Ready Disk Adapter (eDKA) provides high speed data at rest encryption for HPE storage." |
| 2759 | Utimaco IS GmbH Germanusstraße 4 52080 Aachen Germany Dr. Gesa Ott TEL: ++49 241-1696-200 FAX: ++49 241-1696-190 CST Lab: NVLAP 100432-0 | CryptoServer CSe (Hardware Version: P/N CryptoServer CSe Version 4.00.4.2; Firmware Version: Firmware Package Version 4.0.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/26/2016 10/03/2016 | 10/2/2021 | Overall Level: 3 -Physical Security: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3589); CVL (Cert. #613); DRBG (Cert. #1089); DSA (Cert. #997); ECDSA (Cert. #730); HMAC (Cert. #2289); RSA (Cert. #1845); SHS (Certs. #2951, #2954 and #3168); Triple-DES (Cert. #1998); Triple-DES MAC (Triple-DES Cert. #1998, vendor affirmed) -Other algorithms: AES (Cert. #3589, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #613, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Triple-DES (Cert. #1998, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (AES Cert. #3589; non-compliant); DES; ECIES; KDF (non-compliant); Retail-Triple-DES MAC; RIPEMD-160; RSA (encrypt/decrypt); MD5; MDC-2 Multi-Chip Embedded "CryptoServer CSe is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions." |
| 2758 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiKey PKI Token (Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.1) (With tamper evident seals as indicated in the Security Policy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #833); DRBG (Cert. #1172); ECDSA (Cert. #878); KTS (Triple-DES Cert. #2184); RSA (Cert. #2041); SHS (Cert. #3284); Triple-DES (Cert. #2184) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards." |
| 2757 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Navtanay Sinha TEL: 408-986-4112 Mayank Vasa TEL: 408-980-4978 CST Lab: NVLAP 200427-0 | EMC Data Domain Crypto-C Micro Edition (Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; Dual EC DRBG; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD4; MD5; NDRNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); PRNG; RC2; RC4; RC5 Multi-Chip Stand Alone "Data encryption module used for encrypting and decrypting all stored user data." |
| 2756 | iboss, Inc. 4110 Campus Point San Diego, CA 92121 USA Chris Park TEL: 858-568-7051 ext 7806 FAX: 858-225-6158 Peter Martini TEL: 858-568-7051 FAX: 858-225-6158 CST Lab: NVLAP 100432-0 | FireSphere 7960 (Hardware Version: FireSphere 7960_FIPS; Firmware Version: 8.2.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time." |
| 2755 | iboss, Inc. 4110 Campus Point San Diego, CA 92121 USA Chris Park TEL: 858-568-7051 ext 7806 FAX: 858-225-6158 Peter Martini TEL: 858-568-7051 FAX: 858-225-6158 CST Lab: NVLAP 100432-0 | FireSphere 14600 (Hardware Version: FireSphere 14600_FIPS; Firmware Version: 8.2.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2016 | 9/25/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time." |
| 2754 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 Canada Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie IMB-S2 4K Integrated Media Block (IMB) (Hardware Version: 000-102675-03; Firmware Versions: 1.7.0-4209 and 2.0.0-4398) (When operated in FIPS mode. The protocol TLS KDF shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2016 | 9/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: RSA (Cert. #1062); SHS (Cert. #1788) -Other algorithms: AES (non-compliant); HMAC (non-compliant); MD5; NDRNG; PRNG; TI ECDH; TLS KDF (non-compliant) Multi-Chip Embedded "The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material." |
| 2753 | DataLocker Inc. 7007 College Blvd., Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 100432-0 | Sentry 3 FIPS Series USB Flash Drive (Hardware Versions: SENTRY04F, SENTRY08F, SENTRY16F, SENTRY32F and SENTRY64F; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/21/2016 12/01/2016 | 11/30/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Sentry 3 FIPS is a Secure USB 3.0 flash drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to sensitive data and critical applications. The Sentry 3 FIPS allows enterprise class device management features like policy updates, password recovery and remote kill features." |
| 2752 | Cambium Networks, Ltd. Unit B2, Linhay Business Park, Eastern Road Ashburton TQ13 7UP UK Allen Yu TEL: 847-640-3650 FAX: 847-439-6343 CST Lab: NVLAP 201029-0 | PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G and PTP 820GX. (Hardware Versions: PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G, PTP 820GX, PTP820 TCC-B-MC: N000082H001, PTP820 TCC-B2: N000082H002, PTP820 TCC-B2-XG-MC: N000082H003, PTP820 RMC-B: N000082H004; Firmware Version: PTP820 Release 8.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/21/2016 | 9/20/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #4014 and #4017); CVL (Cert. #840); DRBG (Cert. #1195); HMAC (Cert. #2619); KTS (AES Cert. #4017 and HMAC Cert. #2619; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #2060); SHS (Certs. #3313) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 128 and 256-bits bits of encryption strength); NDRNG; CRC7; CRC16; CRC32; DES; DSA (non-compliant); ECDSA (non-compliant); MD5; RC5 Multi-Chip Stand Alone "PTP 820 is a Point-to-Point wireless broadband solution for mission-critical communications in government, industrial and public safety spaces. Integrated with leading networking functionality with the industry most advanced microwave technologies, the platform creates a superior transport solution." |
| 2751 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series 2600, 3600, 4600, 5600 (Hardware Versions: P/Ns 101-500362-63 Rev. A (NSA 2600), 101-500338-64 Rev. A (NSA 3600), 101-500365-64 Rev. A (NSA 4600), 101-500360-65 Rev. A (NSA 5600); Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Enterprise-class security and performance made afordable for small- to medium-sized business. The NSA Series offers industry leading next-generation firewall protection, performance, and scalability. A suite of tools, including intrusion prevention, gateway anti-virus, and anti-spyware plus application intelligence and control, offer granular control through application blocking, bandwidth management and more." |
| 2750 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600 (Hardware Versions: P/Ns 101-500380-71 Rev. A (SM 9600), 101-500361-70 Rev. A (SM 9400), 101-500363-70 Rev. A (SM 9200), 101-500364-66 Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance." |
| 2749 | SonicWall, Inc. 5455 Great America Pkwy Santa Clara, CA 95054 USA Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL TZ Series TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W and TZ 600 (Hardware Versions: P/Ns 101-500403-56 Rev. A, 101-500404-55 Rev. A, 101-500405-56 Rev. A, 101-500406-55 Rev. A, 101-500411-57 Rev. A, 101-500412-56 Rev. A and 101-500413-57 Rev. A; Firmware Version: SonicOS v6.2.5) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2016 06/12/2017 | 9/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Deliver full-featured security that combines intrusion prevention, gateway anti-virus, anti-spyware, content filtering and anti-spam services, with intuitive, easy-to-use SonicWall TZ Series firewalls." |
| 2748 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 4506-E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP7-E or WS-X45-SUP7L-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/16/2016 | 9/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2057 and #2624); CVL (Cert. #877); DRBG (Cert. #403); HMAC (Cert. #1622); KBKDF (Cert. #98); RSA (Certs. #1339, #1341 and #2083); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575) -Other algorithms: AES (Cert. #2624, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4 Multi-Chip Stand Alone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev." |
| 2747 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 Arnaud LOTIGIER TEL: +33 442366074 FAX: +33 442365545 CST Lab: NVLAP 100432-0 | IDPrime MD 830-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet version V4.3.5.D and MSPNP Applet V1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/16/2016 | 9/15/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100) -Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; non-compliant less than 112 bits of encryption strength) Single Chip "IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
| 2746 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 JungHa Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200997-0 | Samsung BoringSSL Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/16/2016 09/29/2016 | 9/28/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4 Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4 Android 6.0.1 with processor EXYNOS5433 running on Samsung Galaxy Note 4, Android 6.0.1 with processor EXYNOS3475 running on Samsung Galaxy J3 Android 6.0.1 with processor Qualcomm MSM8916 running on Samsung Galaxy J3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3917); CVL (Certs. #777, #784 and #802); DRBG (Cert. #1132); DSA (Cert. #1071); ECDSA (Cert. #857); HMAC (Cert. #2545); KTS (AES Cert. #3917); RSA (Cert. #2000); SHS (Cert. #3227) -Other algorithms: Diffie-Hellman (CVL Cert. #802, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #777, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data." |
| 2745 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Aironet 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points (Hardware Versions: 1532e[5], 1532i[5], 1552e[2], 1552i[2], 1572[4], 1602e[3], 1602i[3], 1702[4], 2602e[4], 2602i[4], 2702e[4], 2702i[4], 3502e[2], 3502i[2], 3602e[4], 3602i[4], 3602p[4], 3702e[4], 3702i[4], 3702p[4], 3602e[1,4], 3602i[1,4], 3602p[1,4], 3702e[1,4], 3702i[1,4] and 3702p[1,4] with AIR-RM3000M[1], Marvell 88W8364[2], Marvell 88W8763C[3], Marvell 88W8764C[4] and Qualcomm Atheros AES-128w10i[5]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 MR3 with IC2M v2.0) (The tamper evident seals installed as indicated in the Security Policy. This validation entry is a non-security relevant modification to Cert. #2421) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/15/2016 03/09/2017 03/22/2017 | 9/14/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2334, #2335, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441) -Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant) Multi-Chip Stand Alone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
| 2744 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Abraham Joseph Kang TEL: 408-324-3678 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200968-0 | Samsung SCrypto (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2016 | 9/12/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): QSEE 2.0 running on Qualcomm MSM8974 QSEE 4.0 running on Qualcomm MSM8996 MOBICORE Tbase 300 running on Samsung Electronics Exynos 5422 MOBICORE Tbase 302A running on Samsung Electronics Exynos 7420 MOBICORE Tbase 310B running on Samsung Electronics Exynos 8890 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3163, #3174, #3175, #3339, #3887 and #3888); CVL (Certs. #411, #433, #492, #752 and #753); DRBG (Certs. #656, #659, #781, #1111 and #1112); DSA (Certs. #912, #913, #947, #1057 and #1058); ECDSA (Certs. #577, #579, #662, #842 and #843); HMAC (Certs. #1991, #2002, #2129, #2525 and #2526); RSA (Certs. #1610, #1612, #1714, #1981 and #1982); SHS (Certs. #2616, #2627, #2773, #3207 and #3208); Triple-DES (Certs. #1801, #1811, #1908, #2135 and #2136) -Other algorithms: EC Diffie-Hellman; NDRNG; RNG; RSA (encrypt/decrypt) Multi-Chip Stand Alone "SCrypto is secure library which is used to provide a standardized common cryptographic API to trusted applications for the secure world/TEE environment." |
| 2743 | Chunghwa Telecom Co., Ltd. and Oberthur Technologies No. 99, Dianyan Road Yang-Mei District Taoyuan City 326 Taiwan Yeou-Fuh Kuan TEL: +886 3 424 4333 FAX: +886 3 424 4129 Jean-Michel Esteban TEL: +33 1 78 14 72 90 CST Lab: NVLAP 100432-0 | HiCOS PKI Applet and Taiwan eID Applet on Oberthur Technologies ID-One Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371') Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/13/2016 | 9/12/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2910 and 2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KBKDF (Cert. #33); KTS (AES Cert. #2910 and AES Cert. #2911; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG Single Chip "The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services. Taiwan eID Applet is a Javacard applet that stores personal information related to the card holder and supports the authentication mechanisms described in ICAO and EAC specifications with a fully configurable access control management over the Data Groups (DG)." |
| 2742 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 (Software Version: 4.0) (When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/12/2016 | 9/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A (single-user mode) -FIPS Approved algorithms: AES (Certs. #3567, #3568, #3569, #3571, #3572, #3573, #3574, #3575, #3590 and #3592); DRBG (Certs. #911, #912, #913, #914, #915, #917, #924 and #926); HMAC (Certs. #2273, #2274, #2275 and #2277); RSA (Certs. #1835, #1836, #1837 and #1839); SHS (Certs. #2935, #2936, #2937 and #2939); Triple-DES (Certs. #1988 and #1989) -Other algorithms: DES; PRNG; SHS (non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
| 2741 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security Modular Extensible Security Architecture (Software Versions: 5.3.1 and 5.3.3) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/08/2016 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): RHEL 6.3 Linux on VMware ESXi 5.5 (single-user mode) running on IBM X3550 M2 with Intel Xeon E5530 (2x) processor -FIPS Approved algorithms: AES (Certs. #3578 and #3579); CVL (Cert. #748); DRBG (Certs. #918 and #919); ECDSA (Certs. #726 and #727); HMAC (Certs. #2278 and #2279); RSA (Certs. #1840 and #1841); SHS (Certs. #2940 and #2941); Triple-DES (Certs. #1991 and #1992) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #748, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "IBM MESA (Modular Extensible Security Architecture) is an appliance framework hosting applications in a secure environment and providing all cryptographic or other security-relevant functions to the application. For example: IBM XGS-virtual is a specific application instance hosted in this fashion." |
| 2740 | Rajant Corporation 400 East King Street Malvern, PA 19355 USA Marty Lamb TEL: (484) 595-0233 FAX: (484) 595-0244 CST Lab: NVLAP 200416-0 | Rajant BreadCrumb ME4-2409 (Hardware Version: ME4-2409 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2016 | 9/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3445); CVL (Certs. #531 and #539); DRBG (Cert. #842); HMAC (Cert. #2194); KBKDF (Cert. #64); RSA (Cert. #1765); SHS (Cert. #2845) -Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-Chip Stand Alone "The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices." |
| 2739 | Rajant Corporation 400 East King Street Malvern, PA 19355 USA Marty Lamb TEL: (484) 595-0233 FAX: (484) 595-0244 CST Lab: NVLAP 200416-0 | Rajant BreadCrumb LX4-2495 and LX4-2954 (Hardware Versions: LX4-2495, LX4-2954 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2016 | 9/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3444); CVL (Certs. #529 and #538); DRBG (Cert. #841); HMAC (Cert. #2193); KBKDF (Cert. #61); RSA (Cert. #1764); SHS (Cert. #2844) -Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-Chip Stand Alone "The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices." |
| 2738 | APCON, Inc. 9255 SW Pioneer Court Wilsonville, OR 97070 USA Gerry Murphy TEL: 503-682-4050 FAX: 503-682-4059 CST Lab: NVLAP 100432-0 | ACI-3002-S Controller (Hardware Versions: P/N ACI-3002-S, Version 1.0; Firmware Version: 5.07.1 build 106) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/07/2016 | 9/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3866); CVL (Cert. #743); DRBG (Cert. #1100); HMAC (Cert. #2510); KTS (AES Cert. #3866 and HMAC Cert. #2510; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1974); SHS (Cert. #3186) -Other algorithms: ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Embedded "The ACI-3002-S is a Linux based control module designed to manage and control APCON's XR series product family while operating in FIPS-140-2 compliant mode." |
| 2737 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Sandra Hernandez TEL: 512-286-5624 Marie Fraser TEL: +353 21 7306043 CST Lab: NVLAP 200416-0 | IBM® Security QRadar® SIEM (Hardware Versions: 7.2 with FIPS Replacement Labels (Part Number: 00FK877) and FIPS Replacement Baffles (Part Number: 5YKKK); Firmware Version: 7.2) (When installed, initialized and configured as specified in the Security Policy Section 3. The tamper evident seals and baffles installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/02/2016 | 9/1/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3509); CVL (Cert. #577); DRBG (Cert. #876); HMAC (Cert. #2242); RSA (Cert. #1804); SHS (Cert. #2894); Triple-DES (Cert. #1973) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "IBM® Security QRadar® FIPS Appliance consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. The IBM Security QRadar FIPS Appliance provides a secure platform that meets FIPS 140-2 Level 2 requirements while allowing organizations to meet current and emerging compliance mandates." |
| 2736 | Tanium, Inc. 2200 Powell Street 6th Floor Emeryville, CA 94608 USA Jason Mealins TEL: 415-644-8134 CST Lab: NVLAP 200556-0 | Tanium Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy. When operating with the BCRYPTPRIMITIVES.DLL module validated to FIPS 140-2 under Certificates #1329, #1336, and #1892 operating in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/02/2016 | 9/1/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 (32-bit) running on a Dell PowerEdge R430 Microsoft Windows 7 (64-bit) running on a Dell PowerEdge R430 Microsoft Windows Server 2008 R2 (64-bit) running on a Dell PowerEdge R430 Microsoft Windows Server 2012 (64-bit) running on a Dell PowerEdge R430 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3876); CVL (Certs. #744 and #745); DRBG (Cert. #1105); ECDSA (Cert. #836); HMAC (Cert. #2519); SHS (Cert. #3197) -Other algorithms: NDRNG Multi-Chip Stand Alone "The Tanium Cryptographic Module underpins Tanium's security management platform. Tanium's platform is a security and configuration management solution that provides instant visibility and allows enterprises to collect data and update machines in any-sized network, in seconds. Tanium's platform is able to query information from hundreds of thousands of machines in seconds because of its intelligent peer-to-peer communication model. This speed means that information is current and accurate when assessing a security threat or vulnerability." |
| 2735 | Vormetric, Inc. 2860 Junction Ave San Jose, CA 95134 USA Peter Tsai TEL: (669) 770-6927 FAX: (408) 844-8638 Steve He TEL: (669) 770-6852 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Data Security Manager Virtual Appliance Module (Software Version: 5.3.0) (When operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/02/2016 | 9/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Centos 5.11 (64-bit) on VMware ESXi 5.5.0 running on a Supermicro X9DAX (single-user mode) -FIPS Approved algorithms: AES (Certs. #3588 and #3621); CVL (Certs. #612 and #643); DRBG (Cert. #951); ECDSA (Cert. #751); HMAC (Certs. #2287, #2288 and #2375); KTS (AES Cert. #3621 and HMAC Cert. #2375; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1866); SHS (Certs. #2949, #2950 and #3041) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Aria; SSH KDF (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Vormetric Data Security Virtual Appliance Module is a multi-chip standalone cryptographic module. The Vormetric Data Security Virtual Appliance Module is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module." |
| 2734 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-936-2247 Lakshman Garikapaty TEL: 978-589-0370 CST Lab: NVLAP 100432-0 | Juniper Networks LN1000 Mobile Secure Router (Hardware Versions: P/Ns LN1000-V, JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/02/2016 | 9/1/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3660); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1030); ECDSA (Certs. #758 and #767); HMAC (Certs. #2400, #2406 and #2410); RSA (Certs. #1885 and #1893); SHS (Certs. #3068, #3074 and #3078); Triple-DES (Certs. #2035, #2036 and #2042) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2410); NDRNG; ARCFOUR; BLOWFISH; CAST128; DES; DSA (Non-Compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC Multi-Chip Embedded "The Juniper Networks LN1000 Mobile Secure Router is a secure router that provides essential capabilities to connect, secure, and manage work force locations sized from handfuls to hundreds of users. The LN1000 provides high-performance network routing, next-generation firewall and intrusion prevention system (IPS) capabilities, and unified threat management in a standard VPX form factor." |
| 2733 | Cavium Inc. 2315 N 1st Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 FAX: n/a Tejinder Singh TEL: 408=943-7403 FAX: n/a CST Lab: NVLAP 100432-0 | NITROXIII CNN35XX-NFBE HSM Family (Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Version: CNN35XX-NFBE-FW-1.1 build 01) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/01/2016 | 8/31/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE Multi-Chip Embedded "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers." |
| 2732 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-7689 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar He10 TCG Enterprise HDD (Hardware Versions: P/Ns HUH721010AL5205 (0001), HUH721010AL4205 (0001), HUH721008AL5205 (0001) and HUH721008AL4205 (0001); Firmware Versions: R308, R328, R32A, R32G, R384, NA00, NA01, NE00 or LM10) (When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/01/2016 09/07/2016 11/17/2016 12/09/2016 02/14/2017 02/22/2017 06/02/2017 | 12/8/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3880 and #3881); RSA (Cert. #1978); SHS (Certs. #3203 and #3204); HMAC (Cert. #2522); DRBG (Cert. #1108); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-Chip Embedded "HGST's self-encrypting Ultrastar He10 TCG Enterprise Hard-Disk Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar He10, which is based on third generation HelioSeal ® technology, uses PMR technology and is the industry's first 10TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He10 provides the highest reliability rating available of all HDDs on the market today by building on the successful design of its 8TB and 6TB predecessors." |
| 2731 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey D300 Series USB Flash Drive (Hardware Versions: IKD300 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Kingston's IronKey D300 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen." |
| 2730 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways (Hardware Versions: P/Ns {SRX5400 (SRX5400B2-AC, SRX5400B2-DC, SRX5400BB-AC, or SRX5400BB-DC), SRX5600 (SRX5600BASE-AC or SRX5600BASE-DC), and SRX5800 (SRX5800BASE-AC or SRX5800BASE-DC)} with Service Processing Cards (SRX5K-SPC-2-10-40 or SRX5K-SPC-4-15-320) and Tamper Seals (JNPR-FIPS-TAMPER-LBLS); Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656, #3662 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022, #1032 and #1033); ECDSA (Certs. #758, #769 and #770); HMAC (Certs. #2400, #2406, #2412 and #2413); RSA (Certs. #1885, #1895 and #1896); SHS (Certs. #3068, #3074, #3080 and #3081); Triple-DES (Certs. #2035, #2036, #2037 and #2038) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-64; UMAC-128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2729 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX 6450, ICX 7750, ICX 7250 and SX 800/1600 Series (Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX6450-24 (80-1005997-03), ICX6450-24P (80-1005996-04), ICX6450-48 (80-1005999-04), ICX6450-48P (80-1005998-04), ICX6450-C12-PD (80-1007578-01)], [ICX7250-24P (80-1008381-02), ICX7250-24G (80-1008379-02), ICX7250-24 (80-1008380-02), ICX7250-48P (80-1008386-02), ICX7250-48 (80-1008384-02)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), with Components (80-1002957-03; 80-1006607-01; 80-1006486-02; 80-1003883-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 5, 13 and 14 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/31/2016 | 8/30/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2687, #2688, #2690, #2697, #2981, #3133, #3139, #3140, #3141, and #3142); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); Triple-DES (Certs. #1613, #1614, #1615, #1617, #1764) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; RC4 Multi-Chip Stand Alone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX7250 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments." |
| 2728 | BlackBerry Limited BlackBerry B 2200 University Ave. E Waterloo, Ontario N2K 0A7 Canada Security Certifications Team TEL: (519) 888-7465 x 72921 FAX: (519) 888-9852 CST Lab: NVLAP 200928-0 | BlackBerry Linux Kernel Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix C) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with AES-NI CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without AES-NI Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953) -Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG Multi-Chip Stand Alone "The BlackBerry Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel. The BlackBerry Linux Kernel Cryptographic Module expands the secure capabilities and features BlackBerry is known for, to devices running operating systems other than the BlackBerry OS." |
| 2727 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Adapter (Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/29/2016 10/04/2016 03/13/2017 08/01/2017 | 10/3/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748 and #1889); SHS (Certs. #2344 and #2504); KTS (AES Cert. #2787) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Adapter provides high speed data at rest encryption for Hitachi storage." |
| 2726 | Sony Mobile Communications, Inc. 1-8-15 Kohnan Minato-ku, Tokyo 108-0075 USA Takuya Nishibayashi TEL: +81-3-5782-5285 FAX: +81-3-5782-5258 CST Lab: NVLAP 100432-0 | Xperia Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 5.0 running on Xperia Z4 tablet with ARMv8 Cryptographic Instruction Android 5.0 running on Xperia Z4 tablet without ARMv8 Cryptographic Instruction (single-user mode) -FIPS Approved algorithms: AES (Cert. #3329); CVL (Cert. #485); DRBG (Cert. #774); DSA (Cert. #946); ECDSA (Cert. #658); HMAC (Cert. #2120); RSA (Cert. #1709); SHS (Cert. #2762); Triple-DES (Cert. #1900) -Other algorithms: EC Diffie-Hellman (CVL Cert. #485, key agreement methodology provides between 112 and 256 bits of security strength; non-compliant less than 112 bits of encryption strength); DUAL EC DRBG; RSA (key wrapping methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-Chip Stand Alone "The Xperia Cryptographic Module provides a functionality/service, intended to protect data in transit and at rest." |
| 2725 | FinalCode, Inc. 3031 Tisch Way Suite 115 San Jose, CA 95128 USA Inquiries TEL: 855-201-8822 CST Lab: NVLAP 201029-0 | FinalCode FIPS Crypto Module (Software Version: 1.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "FinalCode FIPS Crypto Module is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform." |
| 2724 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 3560-CX Switch (Hardware Version: WS-3560CX-8TC-S; Firmware Version: 15.2(3)E1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/29/2016 | 8/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3984 and #4016); CVL (Cert. #813); DRBG (Cert. #1177); HMAC (Cert. #2600); RSA (Cert. #2045); SHS (Cert. #3289); Triple-DES (Cert. #2187) -Other algorithms: AES (Cert. #3984, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); AES (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules." |
| 2723 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Coitat 13705 France Arnaud LOTIGER TEL: +33 442366074 FAX: +33 442365545 Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 CST Lab: NVLAP 100432-0 | IDCore 30-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore 30 rev B - Build 06, Demonstration Applet version V1.1) (When operated in FIPS mode with module IDPrime MD 830-revB validated to FIPS 140-2 under Cert. #2714 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2016 | 8/25/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG Single Chip "IDCore 30-revB is a highly secured smartcard platform compliant with Javacard 2.2.2, Global Platform 2.1.1 & 2.2 Amendment D standards, designed to operate with Infineon SLE78 chip family. The library implements TDEA, AES, AES-CMAC, SHA1-224-256-384-512, RSA, RSA CRT, ECDSA, ECC CDH and SP800-90A RNG algorithms." |
| 2722 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 Jack Young TEL: 408-392-4334 FAX: 408-392-0319 CST Lab: NVLAP 100432-0 | SPYRUS MDTU-P384 Encryption Module (Hardware Versions: P/N 880074014F, Version 2.00.02; Firmware Version: 03.00.0D) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2016 | 8/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3877 and #3878); DRBG (Cert. #1106); ECDSA (Cert. #837); KAS (Cert. #75); SHS (Certs. #3198 and #3199) -Other algorithms: NDRNG Multi-Chip Stand Alone "The MDTU P-384 module is a Suite B cryptographic storage device featuring XTS-AES 256-bit full disk encryption and P-384 based digital signature services. The device is fully adapted for the storage and protection of sensitive data assets and provides an automated secure data exchange service with external devices by way of a high strength authentication mechanism. The physical security and capabilities of this module make it ideal for secure transfer of essential assets in mission-critical applications." |
| 2721 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 (Software Version: 4.0) (With module Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/29/2016 12/20/2016 | 12/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: CVL (Certs. #679, #680 and #681) -Other algorithms: N/A Multi-Chip Stand Alone "Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec." |
| 2720 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054 USA Steve F. Taylor TEL: 202-361-7778 Kevin Fiftal TEL: 860-326-6293 CST Lab: NVLAP 200658-0 | Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset (Hardware Version: 3.0; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Tested Configuration(s): Intel Sunrise Point PCH chipset with ME device firmware version 11.6.0.1102 CORPORATE SKU -FIPS Approved algorithms: AES (Cert. #3923); CVL (Certs. #779, #798 and #799); DRBG (Cert. #1156); ECDSA (Certs. #871 and #872); HMAC (Certs. #2547 and #2548); KAS (SP 800-56B, vendor affirmed); Triple-DES (Cert. #2152); PBKDF (vendor affirmed); RSA (Certs. #2003 and #2022); SHS (Certs. #3232 and #3233) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5; RC4 Multi-Chip Stand Alone "The Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset is a hybrid cryptographic module present on recent Intel® vPro™ platforms. The Security Engine Chipset consists of both hardware and firmware that are utilized by the Management Engine (ME) of vProTM platforms. The hardware and firmware combine to perform cryptographic functions within the Intel® vPro™ ME for applications executing in the ME." |
| 2719 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways (Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX1400BASE-XGE-AC with [1] or [2], SRX1400BASE-XGE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/24/2016 | 8/23/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1033); ECDSA (Certs. #758 and #770); HMAC (Certs. #2400, #2406 and #2413); RSA (Certs. #1885 and #1896); SHS (Certs. #3068, #3074 and #3081); Triple-DES (Certs. #2035, #2036 and #2038) -Other algorithms: ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; UMAC-64; UMAC-128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2718 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 CANADA Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie F-IMB 4K Integrated Media Block (IMB) (Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4363) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2016 | 8/21/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: SHS (Cert. #1788); RSA (Cert. #1062) -Other algorithms: TI ECDH; RNG; NDRNG; MD5; AES (non-compliant); HMAC (non-compliant); TLS v1.0 KDF (non-compliant) Multi-Chip Embedded "The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material." |
| 2717 | FinalCode, Inc. 3031 Tisch Way Suite 115 San Jose, CA 95128 USA Inquiries TEL: 855-201-8822 CST Lab: NVLAP 201029-0 | FinalCode FIPS Crypto Module for Mobile (Software Version: 1.1) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/22/2016 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "FinalCode FIPS Crypto Module for Mobile is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode mobile components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform." |
| 2716 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-6289 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar® SSD800MH.B, SSD1600MM and SSD1600MR TCG Enterprise SSD (Hardware Versions: P/Ns HUSMH8080BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8040BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8020BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8010BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1620ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1619ASS235 (0003) [11], HUSMR1619ASS205 (0003) [12, 13, 17, 18], HUSMR1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1610ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1650ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14] and HUSMR1625ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14]; Firmware Versions: D326 [1], D327 [2], D370 [3], K326 [4], K370 [5], P326 [6], P33G [7], P344 [8], P370 [9], Q4CB [10], R1C0 [11], G192 [12], R192 [13], D371 [14], P382 [15], K382 [16], R1D2 [17], or M1D2 [18])) (When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2016 08/25/2016 09/16/2016 11/08/2016 | 11/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST's self-encrypting Ultrastar SSD800/1600 TCG Enterprise SSDs Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1600 family combines enterprise-grade MLC NAND Flash memory and advanced endurance management firmware. The power loss data management techniques extend reliability, endurance, and sustained performance over the life of the SSD." |
| 2715 | IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA Tom Benjamin TEL: 512-286-5319 FAX: 512-973-4763 Karthik Ramamoorthy TEL: 512-286-8135 FAX: 512-973-4763 CST Lab: NVLAP 200658-0 | IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/22/2016 04/10/2017 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 release 2 running on ThinkCentre M92P Tower Desktop with PAA Red Hat Enterprise Linux Server release 7.1 running on ThinkCentre M93P with PAA AIX 7 running on IBM 9119-MHE with PAA Red Hat Enterprise Linux Server release 7.1 running on IBM 9119-MHE with PAA Windows 7 64-bit running on ThinkCentre M93P without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3904, #3905, #3906, #3907 and #3908); CVL (Certs. #758, #759, #760, #761, #762, #763, #764, #765, #766 and #767); DRBG (Certs. #1119, #1120, #1121, #1122 and #1123); DSA (Certs. #1062, #1063, #1064, #1065 and #1066); ECDSA (Certs. #847, #848, #849, #850 and #851); HMAC (Certs. #2533, #2534, #2535, #2536 and #2537); KTS (vendor affirmed); RSA (Certs. #1988, #1989, #1990, #1991 and #1992); SHS (Certs. #3216, #3217, #3218, #3219 and #3220); Triple-DES (Certs. #2140, #2141, #2142, #2143 and #2144) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework." |
| 2714 | Gemalto 20 Colonade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Frederic GARNIER TEL: +33 442364368 FAX: +33 442366953 Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830-revB (Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet V4.3.5.D and MSPNP Applet V1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2016 | 8/18/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100) -Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single Chip "IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
| 2713 | INTEGRITY Security Services 7585 Irvine Center Drive Suite 250 Irvine, CA 92618 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 201029-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Firmware Version: 3.0.1) (When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/18/2016 | 8/17/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): ATSAM4CMS32 with ARM Cortex-M4 -FIPS Approved algorithms: AES (Cert. #3943); DRBG (Cert. #1147); ECDSA (Cert. #864); HMAC (Cert. #2567); SHS (Cert. #3252) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Embedded "Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
| 2712 | Imprivata 10 Maguire Road Building 4 Lexington, MA 02421 USA Troy Kuehl TEL: 781-674-2716 FAX: 781-674-2760 Joel Lemieux TEL: 781-674-2418 FAX: 781-674-2760 CST Lab: NVLAP 100432-0 | Imprivata FIPS 140-2 Cryptographic Module (Software Versions: 3.6.0 and 3.6.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/16/2016 | 8/15/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSign Linux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630 Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3417); DRBG (Cert. #821); HMAC (Cert. #2175); RSA (Cert. #1749); SHS (Cert. #2823); Triple-DES (Cert. #1928) -Other algorithms: RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; AES (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Stand Alone "Imprivata delivers best in class solutions that optimize clinical workflow efficiency and enhance care delivery. OneSign® offers single sign-on, authentication management, and virtual desktop roaming enabling fast, secure No Click Access® to clinical applications and patient information, anytime, anywhere and from any device. Cortext® enables clinicians to securely collaborate across care teams and organizations. Confirm ID™ is the comprehensive identity and two-factor authentication platform for remote access, EPCS and medical device access." |
| 2711 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux NSS Cryptographic Module v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/15/2016 12/19/2016 | 12/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610); CVL (Certs. #625, #626, #627, #628 and #629); DRBG (Certs. #935, #936, #937, #938 and #940); DSA (Certs. #1001, #1002, #1003, #1004 and #1005); ECDSA (Certs. #738, #739, #740, #741 and #742); HMAC (Certs. #2299, #2300, #2301, #2303 and #2305); RSA (Certs. #1853, #1854, #1855, #1856, #1857, #2031, #2032, #2033, #2034 and #2035); SHS (Certs. #2965, #2966, #2967, #2969 and #2971); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010) -Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE Multi-Chip Stand Alone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/" |
| 2710 | GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA Pranay Kumar TEL: (852) 2507 9565 FAX: (852) 2579 1131 Chern Yue Kwok TEL: (852) 2507 9552 FAX: (852) 2579 1131 CST Lab: NVLAP 100432-0 | Standalone IMB (Hardware Versions: GDC-IMB-v3, R12; Firmware Version: 2.5 with Security Manager Firmware Version 1.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/12/2016 | 8/11/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2148 and #3938); CVL (Cert. #785); DRBG (Cert. #1145); HMAC (Certs. #1315 and #2560); RSA (Cert. #2012); SHS (Certs. #1869 and #3247) -Other algorithms: EC Diffie-Hellman (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Embedded "A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging." |
| 2709 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type A (Hardware Versions: A0 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[1], A1 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[2]; Firmware Versions: ZZ01[1], NA01[2], NA02[2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/11/2016 08/26/2016 09/29/2016 | 9/28/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); HMAC (Cert. #2231); SHS (Cert. #2879); RSA (Cert. #1795); DRBG (Cert. #867) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2708 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2016 | 8/8/2021 | Overall Level: 2 Multi-Chip Embedded |
| 2707 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type B (Hardware Versions: A2 with PX04SVQ040B, PX04SVQ080B, PX04SVQ160B or PX04SRQ192B; Firmware Version: PD09) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2016 | 8/8/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2706 | V-Key 72 Bendemeer Road #02-20 Luzerne Singapore, Singapore 339941 Singapore Joseph Gan TEL: +65 6471 2524 FAX: +65 6471 2526 CST Lab: NVLAP 200901-0 | V-Key Cryptographic Module (Software Version: 3.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/09/2016 | 8/8/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): VOS 3.6.0 running on a Samsung Galaxy S4 with Android 4.4.2 operating in single user mode -FIPS Approved algorithms: AES (Cert. #3679); Triple-DES (Cert. #2057); SHS (Cert. #3093); HMAC (Cert. #2425); KBKDF (Cert. #74); RSA (Cert. #1900) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RNG Multi-Chip Stand Alone "A software cryptographic module residing within a virtual machine, V-OS that provides a sandboxed operating environment. The Module provides symmetric ciphers, including AES and Triple DES, asymmetric cipher RSA, secure hash functions SHA-1 and SHA-256, message authentication, key derivation and key storage." |
| 2705 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009-1699 USA Savitha Naik TEL: 760-476-7416 FAX: 760-929-3941 David Suksumrit TEL: 760-476-2306 FAX: 760-929-3941 CST Lab: NVLAP 100432-0 | Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; P/N 1047117 (tamper evident seal applied over ESEM); Firmware Version: 02.09.06) (The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/08/2016 11/17/2016 | 11/16/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3449, #3450 and #3879); CVL (Certs. #454 and #747); DRBG (Cert. #1107); ECDSA (Cert. #839); HMAC (Cert. #2521); KAS (Cert. #76); KTS (AES Cert. #3879); SHS (Certs. #2689, #3201 and #3202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); DES; DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); HMAC MD5; MD5; PBKDF (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions." |
| 2704 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Catalyst 3750-X Switch (Hardware Versions: WS-C3750X-24T with C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, or C3KX-NM-10GT; Firmware Version: 15.2(3)E1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/08/2016 | 8/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275, and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Cert. #1764); KBKDF (Cert. #49); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules." |
| 2703 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653) -Other algorithms: N/A Multi-Chip Stand Alone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
| 2702 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise (Software Version: 10.0.10586) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048) -Other algorithms: MD5 Multi-Chip Stand Alone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
| 2701 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048) -Other algorithms: MD5; NDRNG Multi-Chip Stand Alone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
| 2700 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub (Software Version: 10.0.10586) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3629 and #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-Chip Stand Alone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
| 2699 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Linda Gallops TEL: 704-972-5018 FAX: 980-355-5399 CST Lab: NVLAP 200928-0 | Oracle Solaris Userland Cryptographic Framework (Software Version: 1.3) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/08/2016 11/03/2016 | 11/2/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3936); Triple-DES (Cert. #2159); RSA (Cert. #2011); DSA (Cert. #1074); ECDSA (Cert. #862); SHS (Cert. #3245); HMAC (Cert. #2558); DRBG (Cert. #1143) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); SHS (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Oracle Solaris Userland Cryptographic Framework module provides cryptographic functionality for any application that calls into it. The module provides encryption, decryption, hashing, secure random number generation, signature generation and verification, certificate generation and verification, message authentication functions, and key pair generation for RSA and DSA. The module can leverage the algorithm acceleration from SPARC and x86 processors when available." |
| 2698 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Linda Gallops TEL: 704-972-5018 FAX: 980-355-5399 CST Lab: NVLAP 200928-0 | Oracle Solaris Kernel Cryptographic Framework (Software Version: 1.3) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/08/2016 11/03/2016 | 11/2/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3935); Triple-DES (Cert. #2158); RSA (Cert. #2010); ECDSA (Cert. #861); SHS (Cert. #3243); HMAC (Cert. #2556); DRBG (Cert. #1142) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Oracle Solaris Kernel Cryptographic Framework module provides cryptographic functionality for the kernel module. The module provides encryption, decryption, hashing, signature generation and verification, secure random number generation, and message authentication functions. The module can leverage the algorithm acceleration from SPARC and x86 processors when available." |
| 2697 | Ciena® Corporation 7035 Ridge Road Hanover, MD 21076 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module (Hardware Version: 1.0 with PCB P/N NTK539QS-220; Firmware Version: 2.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3601 and #3602); CVL (Cert. #624); DRBG (Cert. #934); ECDSA (Certs. #736 and #737); HMAC (Cert. #2298); SHS (Certs. #2963 and #2964); Triple-DES (Cert. #2005) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Embedded "The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service." |
| 2696 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Mahesh Bommareddy TEL: 408-936-5493 Van Nguyen TEL: 408-936-2247 CST Lab: NVLAP 100432-0 | Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways (Hardware Versions: P/Ns {SRX100H, SRX100H2, SRX100H-TAA, SRX110H2-VA, SRX110H2-VB, SRX110H-VA, SRX110H-VB; SRX210HE, SRX210HE2, SRX210HE2-POE, SRX210HE-POE, SRX210HE-POE-TAA, SRX210HE-TAA, SRX210H2-POE-TAA, SRX210H2-TAA; SRX220H, SRX220H2, SRX220H-POE, SRX220H2-POE; SRX240H, SRX240H2, SRX240H2-DC, SRX240H2-POE, SRX240H-DC, SRX240H-POE, SRX240H-POE-TAA, SRX240H-TAA, SRX240H2-DC-TAA, SRX240H2-POE-TAA, SRX240H2-TAA; SRX550-645AP, SRX550-645DP, SRX550-645AP-TAA, SRX550-645DP-TAA; SRX650-BASE-SRE6-645AP, SRX650-BASE-SRE6-645DP, SRX650B-SRE6-645AP-TAA} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40) (When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #2035, #2036, #2039, #2040, #2041, #2042 and #2043); AES (Certs. #3650, #3656, #3657, #3658, #3659, #3660 and #3661); SHS (Certs. #3068, #3074, #3075, #3076, #3077, #3078 and #3079); HMAC (Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); CVL (Certs. #659 and #660); RSA (Certs. #1885, #1890, #1891, #1892, #1893 and #1894); DSA (Certs. #1022, #1027, #1028, #1029, #1030 and #1031); ECDSA (Certs. #758, #764, #765, #766, #767 and #768); DRBG (Cert. #981) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-128; UMAC-64; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128 Multi-Chip Stand Alone "Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers." |
| 2695 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Harshad Thakar TEL: 720-684-2880 CST Lab: NVLAP 201029-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module (Hardware Versions: ST1000LM038 - 1RD172 [1], ST2000LM010 - 1RA174 [2], ST500LM033 - 1RD17D [3], ST1000LX017 - 1U9172 [4], ST2000LX003 - 1RJ174 [5]; Firmware Versions: SDM1 [1,2, 3], RSE1 [1, 3], LSM1 [1,2, 3], RDE1 [2], SSM1 [4,5]) (When operated in FIPS Mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/03/2016 05/23/2017 08/31/2017 | 8/2/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2804, #2947, #3758, #3759 and #3760); CVL (Certs. #707 and #708); DRBG (Cert. #62); HMAC (Certs. #1597 and #2460); KTS (AES Cert. #2947); RSA (Certs. #1933 and #1934); SHS (Certs. #1225, #3128 and #3129); PBKDF (vendor affirmed) -Other algorithms: Diffie-Hellman (CVL Cert. #707, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Embedded "The ‘Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module’ is embodied in Seagate Laptop thin and Laptop Self-Encrypting Drive model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 2694 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Board (Hardware Version: HM800SL1 or HM800SL1a; Firmware Versions: 03.07.49.00, 03.07.54.00 or 03.07.56.00) (When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/03/2016 08/04/2017 | 8/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); SHS (Cert. #2738); KTS (AES Cert. #3305) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Board provides high speed data at rest encryption for Hitachi storage." |
| 2693 | Forcepoint 10900-A Stonelake Blvd Quarry Oaks 1, Ste 350 Austin, TX 78759 USA Michael Carney TEL: 952-444-9546 CST Lab: NVLAP 200556-0 | Forcepoint Sidewinder (Firmware Version: 8.3.2P07 with patch 8.3.2E106) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/03/2016 | 8/2/2021 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): The module was tested on the 1402-C3 McAfee Firewall Enterprise with a proprietary OS (SecureOS® version 8.3) -FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2692 | Zanjia Electronic Science & Technology (Beijing) Co., Ltd. Rm 1701, Bldg B, Wantong New World Plaza No.2 Fuchengmenwai St. Xicheng Dist. Beijing, Beijing 100037 China Jingqiang Lin TEL: +86-18910039067 Zheng Li TEL: +86-18600339661 CST Lab: NVLAP 200658-0 | HSM-ZJ2014 (Hardware Version: ZJ2014-2697v2-680-32G; Firmware Version: 1.0.0.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2016 | 7/27/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3912); DRBG (Cert. #1128); ECDSA (Cert. #855); HMAC (Cert. #2541); RSA (Cert. #1996); SHS (Cert. #3224) -Other algorithms: AES (Cert. #3912, key wrapping); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength ) Multi-Chip Stand Alone "HSM-ZJ2014 is a hardware security module, providing cryptographic services including encryption, decryption, signature generation and verification, and key management." |
| 2691 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA Michael Zagorski TEL: 845-435-1853 Michael Onghena TEL: 919-543-4049 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1] and IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2] (Hardware Versions: FC 3863 EC N98775 Drv 22H [1] and FC 3863 EC P00339 Drv D27I [2]; Software Versions: RACF level HRF7790 [1] and RACF level HRF77A0 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 07/28/2016 04/25/2017 05/09/2017 06/01/2017 | 7/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 IBM z/OS Version 2 Release 2 running on an IBM z13 (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1979); SHS (Cert. #3196) -Other algorithms: N/A Multi-Chip Stand Alone "The z/OS RACF Program Signature Verification package consists of the core module (IRRPVERS) that is utilized when verifying signed code as it is loaded as well as an auxiliary module responsible for driving the initialization of IRRPVERS. The RACF Program Signature Verification module consists of software-based cryptographic algorithms, as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF)." |
| 2690 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Van Nguyen TEL: 408-936-2247 Seyed Safakish TEL: 408-745-8158 CST Lab: NVLAP 100432-0 | MX240, MX480, and MX960 3D Universal Edge Routers with the Multiservices MPC and Junos 14.2X4-D10.11 (Hardware Versions: MX240, MX480 and MX960 with components identified in Security Policy Table 1; Firmware Version: Junos 14.2X4-D10.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2016 05/02/2017 | 7/27/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3955, #3956 and #3957); CVL (Certs. #791 and #792); DRBG (Certs. #1157 and #1158); DSA (Certs. #1078 and #1079); ECDSA (Certs. #869 and #870); HMAC (Certs. #2575, #2576, #2577 and #2578); RSA (Certs. #2019 and #2020); SHS (Certs. #3261, #3262, #3263 and #3264); Triple-DES (Certs. #2166, #2167 and #2168); -Other algorithms: ARCFOUR; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC-MD5; HMAC-RIPEMD160; NDRNG; UMAC-128; UMAC-64 Multi-Chip Stand Alone "The MX 3D Universal Edge Routers deliver high performance, reliability, and scale to enable a cost-effective solution. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services." |
| 2689 | Kaminario 75 Second Avenue 6th Floor, Suite 620 Needham, MA 02494 USA Mike Jochimsen TEL: 1-925-915-0495 Mark Shteiman TEL: 972-52-5222883 CST Lab: NVLAP 201029-0 | Kaminario Encryption Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2016 | 7/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Kaminario Encryption Module is a standalone cryptographic module of the Kaminario K2 All Flash Array (AFA) product, the backbone of the modern data center. The module delivers core cryptographic functions and features robust algorithm support. Kaminario K2 offloads to the Cryptographic Module various crypto functions such as authentication, secure key management, data integrity, management traffic encryption and data at rest encryption." |
| 2688 | iStorage Limited iStorage House 13 Alpherton Lane, Perivale Middlesex UB6 8DH United Kingdom John Michael TEL: +44 (0)20 8991 6260 FAX: +44 (0)20 8991 6277 Lev Bolotin TEL: 425-820-9929 CST Lab: NVLAP 200983-0 | datAshur Pro 3.0 (Hardware Version: IS-FL-DA3-256-4; IS-FL-DA3-256-8; IS-FL-DA3-256-16; IS-FL-DA3-256-32; IS-FL-DA3-256-64; Firmware Version: Encryption Controller: V1.01.10; Security Controller: v1.11; Software Version: N/A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/26/2016 03/17/2017 06/02/2017 07/14/2017 | 7/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); SHS (Cert. #3127); PBKDF (Vendor Affirmed) -Other algorithms: NDRNG Multi-Chip Stand Alone "iStorage datAshur Secure USB Flash Drive (iStorage datAshur Pro 3.0 or datAshur) is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit XTS-AES encryption to secure sensitive information in the event that the drive is lost or stolen.The data encryption key (DEK) and other cryptographic parameters are generated within the module on first use through the use of a NIST approved DRBG. The seed for the DRBG is also produced within the module from an NDRNG." |
| 2687 | SyncDog, Inc. 1818 Library Street Suite 500 Reston, VA 20190 USA Jonas Gyllensvaan TEL: 1-855-796-2364 CST Lab: NVLAP 201029-0 | SyncDog Cryptographic Module (Software Version: 2.5) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/25/2016 | 7/24/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The SyncDog Cryptographic Module provides validated cryptographic functions for SentinelSecure™ SentinelSecure secures data in transport and data at rest for all applications utilizing its security protocols. SentinelSecure provides a secure mobile communications platform and app containerization." |
| 2686 | HPE Data Security 20400 Stevens Creek Blvd STE 500 Cupertino, CA 95014 USA Luther Martin TEL: 408-886-3255 FAX: 408-886-3201 CST Lab: NVLAP 200802-0 | Voltage Cryptographic Module v.5.0 (Software Version: Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/19/2016 08/04/2016 08/22/2016 | 8/21/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CPU Intel(R) Core(TM) i7-3770 with AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010 CPU Intel(R) Core(TM) i7-3770 w/o AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010 CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - OSS running on HP Integrity NonStop BladeSystem NB54000c CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running on HP Integrity NonStop X NS7 X1 CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - Guardian running HP Integrity NonStop BladeSystem NB54000c CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running on HP Integrity NonStop X NS7 X1 CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running HP Integrity NonStop X NS7 X1 CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running HP Integrity NonStop X NS7 X1 CPU Intel(R) Core(TM) i7-2600 with AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 CPU Intel(R) Core(TM) i7-2600 w/o AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 (single-user mode) -FIPS Approved algorithms: ECDSA (Certs. #803, #806, #829, #845 and #846); DSA (Certs. #1042, #1044, #1050, #1059 and #1060); Triple-DES (Certs. #1915, #1916, #1917, #1918, #2091, #2117, #2137, #2138, #2169, #2208 and #2209); SHS (Certs. #2791, #2792, #2793, #2794, #3131, #3166, #3210 and #3211); AES (Certs. #3372, #3373, #3374, #3375, #3410, #3411, #3412, #3413, #3761, #3843, #3894, #3895, #3918, #4033 and #4034); HMAC (Certs. #2455, #2461, #2493, #2528 and #2529); RSA (Certs. #1730, #1731, #1732, #1733, #1935, #1963, #1984 and #1985); DRBG (Certs. #796, #797, #798, #799, #1033, #1088, #1114, and #1115); KBKDF (Certs. #63, #67, #68, #69, #76, #83, #87 and #88); CVL (Certs. #509, #510, #511, #512, #709, #732, #754 and #755); PBKDF (vendor affirmed); -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; Dual EC DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The Voltage Cryptographic Module v.5.0 provides the Validated algorithms used by the HPE SecureMail, HPE SecureFile and HPE SecureData families of products." |
| 2685 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYRUS USB-3 Module (Hardware Version: SFP100000-1; SFP100000-2; SFP100000-3; SFP100000-4; SFP200000-1; SFP200000-2; SFP200000-3; SFP200000-4; SFP300000-1; SFP300000-2; SFP300000-3; SFP300000-4; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3406); KTS (AES Cert. #3115); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658); KBKDF (Cert. #54) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The SPYRUS USB-3 Module provides multiple security functionalities in a single platform, including WindowsToGo, PKI support, Secure Mass Storage and conventional cryptographic token capabilities. This Module provides Suite-B algorithms that ensure the protection and integrity of User Data and application data on board." |
| 2684 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco C819 ISR, C880 ISR, C890 ISR, CGR 2010, C800M, ESR5921, and IR809 (Hardware Versions: C819G-4G-GA, C819G-4G-NA, C819G-4G-ST, C819G-4G-VZ, C819HG-4G-A, C819HG-4G-G, C819HG-4G-V, ESR5921, C881, C881G-4G-GA, C887VAG-4G-GA, C891F, C892FSP, C897VA, C897VAG-LTE-GA, C899G-LTE-GA, C899G-LTE-NA, C899G-LTE-ST, C899G-LTE-VZ, CGR 2010 [1], C841M-4X, C841M-8X, IR809G-LTE-VZ, IR809G-LTE-NA with GRWIC-ESM-8x [1] or GRWIC-ESM-4x [1]; Firmware Version: IOS 15.5M) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1764 and #2377); RSA (Certs. #1471 and #1868); SHS (Certs. #2361 and #3043); Triple-DES (Certs. #1688 and #2020) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 to 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2683 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Integrated Services Router (ISR) 891W, 1941W, 829W (Hardware Versions: C891FW-A, C891FW-E, 1941W, IR829GW-LTE-NA-A, IR829GW-LTE-VZ-A; Firmware Versions: Router IOS 15.5M and AP IOS 15.3.3-JB) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1791, #2343, #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1452, #1764 and #2377); KBKDF (Certs. #49 and #86); RSA (Certs. #1471 and #1868); SHS (Certs. #2020, #2361 and #3043); Triple-DES (Certs. #1466 and #1688) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2682 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Integrated Services Router (ISR) 1905 ISR, 1921 ISR, 1941 ISR, 2901 ISR, 2911 ISR, 2921 ISR, 2951 ISR, 3925 ISR, 3925E ISR, 3945 ISR, 3945E ISR, 5915 ESR and 5940 ESR (Hardware Versions: 1905, 1921, 1941 [3], 2901 [4], 2911 [5], 2921 [6], 2951 [7], 3925 [8], 3945 [9], 3925E [10], 3945E [11], 5915, 5940 with PVDM2-8 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-48 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-128 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-192 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-256 [4, 5, 6, 7, 8, 9, 10, 11] and ISM-VPN-19 [3], ISM-VPN-29 [4, 5, 6, 7], ISM-VPN-39 [8, 9]; Firmware Version: IOS 15.5M) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/19/2016 | 7/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2343 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1764 and #1452); RSA (Cert. #1471); SHS (Certs. #2020 and #2361); Triple-DES (Certs. #1466 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2681 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024F-4X-RT-DC (80-1007212-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a) (When operated in FIPS mode with the tamper evident labels installed as specified in Appendix A and configured as specified in Tables 4 and 8 and as per Section 9 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2715 and #3143); SHS (Cert. #2280); RSA (Cert. #1411); HMAC (Cert. #1694); DRBG (Cert. #452); CVL (Certs. #173, #394 and #403); Triple-DES (Cert. #1632) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5; DES; HMAC-SHA-1-96 (HMAC Cert. #1694) Multi-Chip Stand Alone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor." |
| 2680 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Joonwoong Kim TEL: 82-10-2207-1919 FAX: 82-2-6950-2080 Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 CST Lab: NVLAP 100432-0 | LG Kernel Cryptographic Module (Software Versions: 3.4.0 [1] or 3.10.49 [2, 3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/15/2016 | 7/14/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): [1] Android 5.0.1 running on an LG G3 (Model VS985) [2] Android 5.0.1 running on an LG G-Flex 2 (Model LGLS996) [3] Android 5.1 running on an LG G4 (Model VS986) (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1875 and #1940); AES (Certs. #3290 and #3443); SHS (Certs. #2729 and #2843); HMAC (Certs. #2088 and #2192) -Other algorithms: DES; Twofish; MD5; MD4; ARC4; GHASH; RNG Multi-Chip Stand Alone "The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality." |
| 2679 | Gemalto SA 6, rue de la Verrerie - CS 20001 Meudon Cedex 92197 France Gilles ROMME TEL: +33 155015712 FAX: +33 155015170 Guennole Tripotin TEL: +33 442365522 FAX: +33 442365236 CST Lab: NVLAP 100432-0 | MultiApp V31 Platform (Hardware Versions: NXP P60D080P VC (MPH132), NXP P60D144P VA (MPH149); Firmware Versions: MultiApp V31 patch 1.4, Demonstration Applet version V1.3) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3543); CVL (Cert. #597); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #1984, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3543, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Single Chip "The MultiApp ID smart cards are fully compliant with two major industry standards: Sun's Javacard 2.2.1 and Global Platform (GP) Card Specification version 2.1.1. They are therefore Java-GP cards, capable of managing applets in a controlled and secure manner in this multi-applet environment. This platform is delivered with a set of applet already loaded loaded in ROM and that can be installed if proper ordering options have been set." |
| 2678 | EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA Marshall Schiring TEL: 402-479-8375 FAX: 402-479-8472 Josh Johnson TEL: 402-479-8459 FAX: 402-479-8472 CST Lab: NVLAP 100432-0 | Johnson Encryption Machine 2 (JEM2) (Hardware Versions: P/Ns R035-3900-180-00 and R035-3900-280-01; Firmware Version: 4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 | 7/14/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3436 and #3437); DRBG (Cert. #837); ECDSA (Cert. #692); HMAC (Cert. #2187); KTS (AES Cert. #3437); SHS (Cert. #2838) -Other algorithms: AES-MAC (AES Cert. #3436, vendor affirmed; P25 AES OTAR); DES; NDRNG Multi-Chip Embedded "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES Key Wrap, AES, ECDSA, DRBG, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms." |
| 2677 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SMA 6200 and SMA 7200 (Hardware Versions: P/Ns 101-500399-57 Rev A and 101-500398-57 Rev A; Firmware Version: SRA 10.7.2-619) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2016 06/13/2017 | 7/14/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #954); AES (Certs. #3626, #3627 and #3628); RSA (Certs. #1869 and #1870); Triple-DES (Certs. #2021, #2022 and #2023); SHS (Certs. #3044, #3045 and #3046); HMAC (Certs. #2378, #2379 and #2380); CVL (Certs. #646, #647, #648 and #649) -Other algorithms: MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "SonicWALL Software SMA 6200 and SMA 7200 are part of the SonicWALL Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS and Google Android among others." |
| 2676 | Cohesity, Inc. 451 El Camino Real Suite 235 Santa Clara, CA 95050 USA Vivek Agarwal TEL: 415-690-7805 CST Lab: NVLAP 200427-0 | Cohesity OpenSSL FIPS Object Module (Software Version: 1.0.1) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #2398) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/11/2016 | 7/10/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7.2 running on a Cohesity CS2500 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3967); CVL (Cert. #796); DRBG (Cert. #1162); DSA (Cert. #1081); ECDSA (Cert. #873); HMAC (Cert. #2585); RSA (Cert. #2027); SHS (Cert. #3271); Triple-DES (Cert. #2176) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG Multi-Chip Stand Alone "The Cohesity OpenSSL FIPS Object Module is a general purpose cryptographic module compiled from the source code for the OpenSSL FIPS Object Module ECP 2.0.12. It is incorporated into the CS2000 family of Cohesity Storage Systems." |
| 2675 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) & NCS 2000 Series (Hardware Versions: [15454-M2-SA, 15454-M6-SA, NCS2002-SA, NCS2006-SA, NCS2015-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, NCS2K-TNCS-O-K9, NCS2K-TNCS-K9, 15454-M-WSE-K9, NCS2K-MR-MXP-LIC, 15454-M-10X10G-LC, and NCS2K-200G-CK-LIC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 10.5) (When installed, initialized and configured as specified in Section 6 of the Security Policy with tamper evident seals installed as indicated in Section 5.6 of the Security Policy and when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2016 | 7/10/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2769, #2770, #3770 and #3771); CVL (Certs. #750 and #751); DRBG (Certs. #1040 and #1041); HMAC (Certs. #2470 and #2471); KBKDF (Cert. #79); RSA (Certs. #1940 and #1941); SHS (Certs. #3140 and #3141); Triple-DES (Cert. #2098) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Cisco ONS 15454 Multiservice Transport Platforms (MSTPs) and NCS 2000 Series provide capital and operational efficiency by addressing the increasing demand for multiple services, greater transport capacity, networking flexibility, multiple distance options, and management simplicity in a single platform." |
| 2674 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Brian Wood TEL: +1-973-440-9125 JungHa Paik TEL: +82-10-8861-0858 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC1.7) (When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/11/2016 09/20/2016 | 9/19/2021 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 with PAA Android Marshmallow 6.0.1 running on Samsung Galaxy S7 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3836 and #3837); SHS (Certs. #3160, #3161 and #3193); HMAC (Certs. #2487, #2488 and #2516); DRBG (Certs. #1082 and #1083) -Other algorithms: DES; Twofish; MD5; krng; ARC4; Pcompress; CRC32c; Deflate; LZO; GHASH; GF128MUL; Triple-DES (non-compliant) Multi-Chip Stand Alone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2673 | MRV Communications Inc. 300 Apollo Dr. Chelmsford, MA 01824 USA Tim Bergeron TEL: 978-674-6860 Phil Bellino TEL: 978-674-6870 CST Lab: NVLAP 200427-0 | LX-4000T Series Console Servers (Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive), 600-R3265 RevC through 600-R3288 RevC (inclusive), 600-R3265 RevD through 600-R3288 RevD (inclusive) and 600-R3265 RevE through 600-R3288 RevE (inclusive); Firmware Versions: LinuxITO Version: 6.1.0 and PPCiboot Version: 5.3.9) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IPsec, SNMP, SSH and TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/08/2016 | 7/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3765); DRBG (Cert. #1035); DSA (Cert. #1046); SHS (Cert. #3134) -Other algorithms: DES; EC Diffie-Hellman (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); IKEv2 KDF (non-compliant); MD5; NDRNG; RSA (non-compliant); SNMP KDF (non-compliant); SSH KDF (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access." |
| 2672 | Information Assurance Specialists, Inc. 900 Route 168 Suite C4 Turnersville, NJ 08012 USA William Morgan TEL: 856-581-8033 Ext. 1006 FAX: 856-228-1265 Keiron Tomasso TEL: 856-581-8033 Ext. 1001 FAX: 856-228-1265 CST Lab: NVLAP 100432-0 | IAS Router (Hardware Versions: P/Ns IAS STEW Rev 1.0, IAS KG-RU Rev 1.0 and IAS Router Micro Rev 1.0; Firmware Version: 50e8756 - 2015-11-24) (When operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2016 | 7/6/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1935); AES (Cert. #3430); DRBG (Cert. #782); ECDSA (Cert. #663); HMAC (Cert. #2182); CVL (Certs. #493 and #523); RSA (Cert. #1756); KTS (vendor affirmed); SHS (Cert. #2830) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "IAS Routers are purpose-built secure IP Routers/VPN Gateways designed to be small, lightweight, low power consumption, highly portable devices able to leverage a wide range of WAN connectivity options to allow secure communications back to a central site from nearly anywhere on the planet." |
| 2671 | Duo Security, Inc. 123 North Ashley Street Suite 200 Ann Arbor, MI 48104 USA Duo Mobile Security CST Lab: NVLAP 201029-0 | Duo Security Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/07/2016 | 7/6/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus -FIPS Approved algorithms: AES (Cert. #2125); HMAC (Cert. #1296); DSA (Cert. #666); ECDSA (Cert. #319); RSA (Cert. #1094); SHS (Cert. #1849); Triple-DES (Cert. #1351); DRBG (Cert. #233); CVL (Cert. #28) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Duo Security Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to Duo Security's Two-Factor Authentication mobile application." |
| 2670 | Ceragon Networks, Ltd. 24 Raul Wallenberg St. Tel Aviv 69719 Israel Yoav Shilo CST Lab: NVLAP 201029-0 | FibeAir® IP-20C, FibeAir® IP-20S, FibeAir® IP-20N, FibeAir® IP-20A, FibeAir® IP-20G, and FibeAir® IP-20GX (Hardware Versions: IP-20N, IP-20A, IP-20G, IP-20GX, IP-20C, IP-20S, IP-20-TCC-B-MC+SD-AF: 24-T009-1|A, IP-20-TCC-B2+SD-AF: 24-T010-1|A, IP-20-TCC-B2-XG-MC+SD-AF: 24-T011-1|A, IP-20-RMC-B-AF: 24-R010-0|A; Firmware Version: CeraOS 8.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/04/2016 | 7/3/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3865 and #3867); CVL (Cert. #742); DRBG (Cert. #1099); HMAC (Cert. #2509); KTS (AES Cert. #3865 and HMAC Cert. #2509; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1973); SHS (Certs. #3185) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RC5; CRC32; CRC16; CRC7; ECDSA (non-compliant); DSA (non-compliant); NDRNG; AES (non-compliant) Multi-Chip Stand Alone "FibeAir IP-20 platform provides secured wireless backhaul solutions to deliver mission-critical multimedia services, 4G and other applications with high security and reliability. The platform provides multi gigabit wireless links in 4-86GHz frequency bands, supporting IP and TDM services in a wide range of topologies and network architectures." |
| 2669 | INTEGRITY Security Services 7585 Irvine Center Drive Suite 250 Irvine, CA 92618 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 100432-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 3.0.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/30/2016 08/08/2016 12/06/2016 12/07/2016 | 12/6/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): FreeRTOS 7.6 running on Cubic PU-4 (ST-Micro STM32F4xxx/ARM Cortex-M4) OpenWrt/Linaro running on Gateway 5100 Ventana (i.MX6 800MHz/ARM Cortex-A9) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3773, #3774, #3775, #3776, #3777, #3889, #3890, #3891, #3892 and #3893); DRBG (Certs. #1043 and #1113); ECDSA (Certs. #812 and #844); CVL (Certs. #720 and #929); HMAC (Certs. #2473 and #2527); RSA (Certs. #1943 and #1983); SHS (Certs. #3143 and #3209); PBKDF (vendor affirmed) -Other algorithms: AES (Certs. #3773 and #3889, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (shared secret computation provides 192 bits of encryption strength); EC Diffie-Hellman (shared secret computation provides between 112 and 256 bits of encryption strength); Triple-DES (non-compliant); MD5; HMAC-MD5 Multi-Chip Stand Alone "Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
| 2668 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit P/N CLN1780L Rev F with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.8.1.06) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/30/2016 08/29/2016 | 8/28/2021 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #173 and #3547); DRBG (Cert. #903); HMAC (Certs. #39, #2265 and #2266); RSA (Cert. #1827); SHS (Certs. #258 and #2926); Triple-DES (Certs. #275 and #1986); CVL (Certs. #603, #604 and #605) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-96 (non-compliant); DSA (non-compliant); RNG Multi-Chip Stand Alone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2667 | Micron Technology, LLC Micron Technology 8000 S. Federal Way Boise, ID 83716-9632 USA Paul Barna TEL: 208-492-1062 Michael Selzler TEL: 720-494-5217 CST Lab: NVLAP 200427-0 | Micron S650DC® SAS TCG Enterprise SSC Self-Encrypting Drive (Hardware Versions: MTFDJAK400MBS-2AN16FCYY, MTFDJAK800MBS-2AN16FCYY, MTFDJAL1T6MBS-2AN16FCYY and MTFDJAL3T2MBS-2AN16FCYY; Firmware Versions: MB13, MB17 and MB18) (When installed, initialized and configured as specified in Section 7 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/30/2016 01/19/2017 06/29/2017 | 1/18/2022 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841) -Other algorithms: NDRNG Multi-Chip Embedded "The Micron Secure ® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Micron S650DC SAS SED model solid state drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2666 | Cambium Networks, Ltd. Unit B2, Linhay Business Park, Eastern Road Ashburton TQ13 7UP UK Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | PTP 700 Point to Point Wireless Ethernet Bridge (Hardware Versions: P/Ns C045070B001A, C045070B002A, C045070B003A, C045070B004A, C045070B005A, C045070B006A, C045070B007A, C045070B008A, C045070B009A, C045070B010A, C045070B011A, C045070B012A, C045070B013A, C045070B014A, C045070B015A, C045070B016A, C045070B017A, C045070B018A, C045070B019A, C045070B020A, C045070B021A, C045070B022A, C045070B023A, C045070B024A, C045070B025A, C045070B026A, C045070B027A, C045070B028A, C045070B029A and C045070B030A; Firmware Version: 700-01-00-FIPS) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/29/2016 | 6/28/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2594 and #2754); DRBG (Cert. #465); DSA (Cert. #842); HMAC (Cert. #1728); SHS (Cert. #2323); CVL (Certs. #202 and #203); KTS (AES Cert. #2754 and HMAC Cert. #1728; key establishment methodology provides 128 or 256 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG Multi-Chip Stand Alone "The PTP 700 is deployed in pairs to create a wireless bridge between two Ethernet networks. The Module operates in licensed, lightly-licensed, and unlicensed frequency bands between 4400 MHz and 5875 MHz, in channel bandwidths up to 45 MHz, providing aggregate data rates up to 450 Mbit/s. The Module transmits and receives Ethernet frames as plaintext, and transmits and receives encrypted wireless signals. The Module is available in 24 different variants, consisting of combinations of physical format, regional variants, capacity variants and ATEX/HAZLOC units." |
| 2665 | DocuSign, Inc. 221 Main St. Suite 1000 San Francisco, CA 94105 USA Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0 | DocuSign Signature Appliance (Hardware Versions: 7.0 and 8.0; Firmware Version: 8.0) (When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2016 07/25/2016 | 7/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Certs. #786 and #787); DRBG (Certs. #98, #1137 and #1138); HMAC (Certs. #2551, #2552, #2563 and #2564); KTS (Triple-DES Cert. #2160 and HMAC Cert. #2563; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2005 and #2006); SHS (Certs. #3237, #3238, #3248 and #3249); Triple-DES (Certs. #2155, #2156 #2160 and #2161); Triple-DES MAC (Triple-DES Certs. #2155 and #2156, vendor affirmed) -Other algorithms: HMAC (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data." |
| 2664 | Advanced Card Systems Ltd. Units 2010-2013, 20/F Chevalier Commercial Centre 8 Wang Hoi Road Kowloon Bay Hong Kong Andrew Chan TEL: +852-27967873 FAX: +852-27961286 CST Lab: NVLAP 200427-0 | ACOS5-64 (Hardware Version: ACOS5-64; Firmware Version: 3.00) (When installed, initialized and configured as specified in the Security Policy Section Secure Initialization. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/20/2016 | 6/19/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3539); CVL (Cert. #591); DRBG (Cert. #893); RSA (Cert. #1816); SHS (Cert. #2917); Triple-DES (Cert. #1982); Triple-DES MAC (Triple-DES Cert. #1982, vendor affirmed) -Other algorithms: NDRNG; Triple-DES (Cert. #1982, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single Chip "ACOS5-64 is a hardware cryptographic module validated against FIPS 140-2 at Security Level 3. It is a two-factor authentication smart card module. It provides digital signature creation/verification for online authentication and data encryption/decryption for online transactions." |
| 2663 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-4000 Amir Shahhosseini TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.13) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/20/2016 06/23/2016 | 6/22/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3931 and #3932); RSA (Certs. #2008 and #2009); HMAC (Certs. #2554 and #2555); DRBG (Certs. #1140 and 1141); SHS (Certs. #3241 and #3242); CVL (Certs. #782 and 783) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
| 2662 | LG Electronics, Inc. 20 Yoido-dong Youngdungpo-gu Seoul 152-721 Republic of Korea Adam Wick TEL: 503-808-7216 FAX: 503-350-0833 Jongseong Kim TEL: 82-10-4535-0110 FAX: 82-2-6950-2080 CST Lab: NVLAP 100432-0 | LG Framework Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/17/2016 09/02/2016 | 9/1/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985) Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3289); DRBG (Cert. #748); DSA (Cert. #943); HMAC (Cert. #2087); RSA (Cert. #1683); SHS (Cert. #2728); Triple-DES (Cert. #1874) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG; ECDSA (non-compliant); TLS KDF (non-compliant) Multi-Chip Stand Alone "The LG Framework Cryptographic Module is a software library that provides cryptographic functionality." |
| 2661 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Bob Pittman TEL: 978-264-5211 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HPE 6125XLG Blade Switches (Hardware Version: HPE 6125XLG; Firmware Version: 7.1.045) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/16/2016 | 6/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2943 and #2990); CVL (Cert. #341); DRBG (Cert. #546); DSA (Cert. #875); HMAC (Certs. #1866 and #1896); RSA (Cert. #1546); SHS (Certs. #2479 and #2511) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The HPE Networking device is suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The device includes fixed-port L2/L3 managed Ethernet switch appliances. This device is based on the Comware 7.1 platform." |
| 2660 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Versions: MZILS3T8HCJM-000D8 [1], MZILS3T8HCJM-000G6 [2]; Firmware Versions: CXP2 [1], NA01 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/16/2016 07/22/2016 | 7/21/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121) -Other algorithms: NDRNG Multi-Chip Stand Alone "Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase." |
| 2659 | L-3 Communications, Aviation Recorders 100 Cattlemen Road Sarasota, Florida 34232 USA Tom Fields TEL: 941-377-5540 FAX: 941-377-5591 Robert S. Morich TEL: 941-371-0811, x5774 FAX: 941-377-5591 CST Lab: NVLAP 200002-0 | eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module (Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 06/16/2016 | 6/15/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): eSRVIVR® Cockpit Voice and Flight Data Recorder (Hardware version: 1493200-3000) with Nucleus PLUS 1.15.6 -FIPS Approved algorithms: AES (Cert. #3754) -Other algorithms: N/A Multi-Chip Embedded "A software-based AES implementation in a Cockpit Voice and Flight Data Recorder (CVFDR) that supports 128, 192, and 256 bit key lengths. Various data types can be selected for encryption prior to being recorded in a crash-protected module." |
| 2658 | Rubrik Inc. 299 South California Avenue Suite 250 Palo Alto, CA 94046 USA Rubrik Support CST Lab: NVLAP 201029-0 | Rubrik Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/15/2016 | 6/14/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 CentOS 6.3 on a GigaVUE-TA1 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Rubrik Cryptographic Library provides FIPS 140-2 validated cryptographic functions (including Suite B algorithms) for Rubrik’s Hybrid Appliances." |
| 2657 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux libgcrypt Cryptographic Module v4.0 [1] and Red Hat Enterprise Linux libgcrypt Cryptographic Module v5.0 [2] (Software Versions: 4.0 [1], 5.0 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 06/13/2016 07/28/2017 | 6/12/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with AES-NI [1] Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without AES-NI [1] Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A [1] Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions [1] Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645, #3646, #3647, #3648, #3649, #4580 and #4581); DRBG (Certs. #972, #973, #974, #975, #976, #977, #978, #979, #980, #1527 and #1528); DSA (Certs. #1017, #1018, #1019, #1020, #1021, #1214 and #1215); HMAC (Certs. #2395, #2396, #2397, #2398, #2399, #3030 and #3031); RSA (Certs. #1879, #1880, #1881, #1882, #1883, #2498 and #2499); SHS (Certs. #3062, #3063, #3064, #3065, #3066, #3756 and #3757); Triple-DES (Certs. #2030, #2031, #2032, #2033, #2034, #2433 and #2434) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; Blowfish; Camellia; Cast5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; SEED; Serpent; Tiger; Twofish; Whirlpool Multi-Chip Stand Alone "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 7.1 [1] and RHEL 7.4 [2]." |
| 2656 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Dariusz Wolny CST Lab: NVLAP 100432-0 | Motorola GGM 8000 Gateway (Hardware Versions: Base Unit P/N CLN1841E Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC); Firmware Version: KS-16.8.1.06) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2016 07/06/2016 08/29/2016 | 8/28/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #962 and #3547); DRBG (Cert. #903); HMAC (Certs. #1487, #2265 and #2266); CVL (Certs. #603, #604 and #605); RSA (Cert. #1827); SHS (Certs. #933 and #2926); Triple-DES (Certs. #757 and #1986) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); DSA (non-compliant); RNG Multi-Chip Stand Alone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2655 | Nuvoton Technology Corporation 4, Creation Road III Hsinchu Science Park Taiwan Yossi Talmi TEL: +972-9-9702364 CST Lab: NVLAP 200556-0 | NPCT6XX TPM 1.2 (Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1) (When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2016 08/19/2016 | 8/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3093 and #3468); RSA (Certs. #1582 and #1779); HMAC (Certs. #1938 and #2213); SHS (Certs. #2554 and #2863); CVL (Certs. #373 and #535) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3093 and #3468, key wrapping); RNG Single Chip "Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation." |
| 2654 | Broadcom Ltd. 3151 Zanker Road San Jose, CA 95134 USA Gary Goodman TEL: 408-922-1092 FAX: 408-922-1023 Alfonso Ip TEL: 408-922-1023 FAX: 408-922-8050 CST Lab: NVLAP 100432-0 | BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 (Hardware Versions: P/Ns BCM58101B0, BCM58102B0 and BCM58103B0; Firmware Version: rev0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/07/2016 06/13/2016 | 6/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3762 and 3763); HMAC (Cert. #2462); SHS (Cert. #3132); DRBG (Cert. #1034); ECDSA (Cert. #807); DSA (Cert. #1045); RSA (Cert. #1936) -Other algorithms: EC Diffe-Hellman (key agreement; key establishment methodology provides 128-bits of encryption strength); NDRNG Single Chip "Highly integrated, low power, security processor." |
| 2653 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco Adaptive Security Appliance (ASA) Virtual (Software Version: 9.4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/06/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco C220 M3 ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco E180D M2 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3911); CVL (Cert. #772); DRBG (Cert. #1126); ECDSA (Cert. #854); HMAC (Cert. #2540); RSA (Cert. #1995); SHS (Cert. #3223); Triple-DES (Cert. #2147) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2652 | Vormetric, Inc. 2860 Junction Ave San Jose, CA 95134 USA Peter Tsai TEL: (669) 770-6927 FAX: (408) 844-8638 Steve He TEL: (669) 770-6852 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Data Security Manager Module (Hardware Version: 3.0; Firmware Version: 5.3.0) (When Operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/06/2016 | 6/5/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3499 and #3536); SHS (Certs. #2887, #2914 and #2915); HMAC (Certs. #2234, #2259 and #2260); RSA (Cert. #1796); ECDSA (Cert. #712); DRBG (Cert. #869); CVL (Certs. #589 and #590); KTS (AES Cert. #3499 and HMAC Cert. #2234) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); Triple-DES (non-compliant); MD5; Aria; SSH KDF (non-compliant); NDRNG Multi-Chip Stand Alone "The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module." |
| 2651 | Huawei Technologies Co., Ltd. Huawei Industrial Base, Bantian Longgang Shenzhen, Guangdong 518129 China blue.li@huawei.com TEL: 0086-0755-28976679 FAX: 0086-0755-28976679 CST Lab: NVLAP 200856-0 | Huawei FIPS Cryptographic Library (HFCL) (Software Version: V300R003C22SPC805) (When installed, initialized and configured as specified in the Security Policy Section 6.1. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/03/2016 | 6/2/2021 | Overall Level: 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): DELL PowerEdge T110 II Intel Pentium w/ RHEL 5.3 evaluated at EAL4 -FIPS Approved algorithms: AES (Cert. #3477); Triple-DES (Cert. #1960); DSA (Cert. #984); RSA (Cert. #1785); ECDSA (Cert. #707); SHA (Cert. #2872); DRBG (Cert. #857); HMAC (Cert. #2221); CVL (Certs. #551 and #552) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength) Multi-Chip Stand Alone "Huawei FIPS Cryptographic Library (HFCL) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)." |
| 2650 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA Service Module (SM) (Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/02/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444 and #3439); CVL (Cert. #525); DRBG (Certs. #332 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247 and #2188); RSA (Cert. #1760); SHS (Certs. #1794 and #2839); Triple-DES (Certs. #1321 and #1937) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes." |
| 2649 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® ICX ™ 6610 and ICX 7450 Series (Hardware Versions: {ICX6610-24F-I (80-1005350-04), ICX6610-24F-E (80-1005345-04), ICX6610-24-I (80-1005348-05), ICX6610-24-E (80-1005343-05), ICX6610-24P-I (80-1005349-06), ICX6610-24P-E (80-1005344-06), ICX6610-48-I (80-1005351-05), ICX6610-48-E (80-1005346-05), ICX6610-48P-I (80-1005352-06), ICX6610-48P-E (80-1005347-06), ICX7450-24 (80-1008060-01), ICX7450-24P (80-1008061-01), ICX7450-48 (80-1008062-01), ICX7450-48P (80-1008063-01), ICX7450-48F (80-1008064-01), with Components (80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1008308-01; 80-1008309-01; 123400000829A-R01; 123400000830A-R01; 123400000833A-R01)} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b) (When operated in FIPS mode with tamper evident labels installed and with configurations as defined in Table 5 of the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/27/2016 07/14/2016 | 7/13/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1197, #1269, #1276, #2697, #2981, #2984, #3008, #3139, #3142 and #3438); KTS (AES Certs. #2984 and #3438; key establishment methodology provides 128 bits of encryption strength); SHS (Certs. #2265 and #2505); HMAC (Certs. #1679 and #1890); DRBG (Certs. #442 and #569); RSA (Certs. #1396 and #1565); CVL (Certs. #161, #362, #386, #388, #390 and #400); KBKDF (Certs. #36 and #58); Triple-DES (Certs. #1617 and #1764); DSA (Certs. #819 and #887) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; DSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. The Brocade 7450 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments." |
| 2648 | NetApp, Inc. 495 E. Java Drive Sunnyvale, CA 94089 USA CST Lab: NVLAP 201029-0 | NetApp Cryptographic Security Module (Software Version: 1.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/27/2016 06/10/2016 | 6/9/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux 11 operating on Fujitsu RX300-S6 Server with Intel Xeon SUSE Linux 11 operating on Fujitsu RX200S5 Server with Intel Xeon FreeBSD 9.1 operating on Fujitsu RX300-S6 Server with Intel Xeon FreeBSD 9.1 operating on Fujitsu RX200S5 Server with Intel Xeon Debian Linux 8 operating on Fujitsu RX300-S6 Server with Intel Xeon Debian Linux 8 operating on Fujitsu RX200S5 Server with Intel Xeon Scientific Linux 6.1 operating on Fujitsu RX300-S6 Server with Intel Xeon Scientific Linux 6.1 operating on Fujitsu RX200S5 Server with Intel Xeon. -FIPS Approved algorithms: AES (Cert. #3593); CVL (Cert. #615); DRBG (Cert. #928); DSA (Cert. #998); ECDSA (Cert. #732); HMAC (Cert. #2290); RSA (Cert. #1847); SHS (Cert. #2955); Triple-DES (Cert. #2000) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #615, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-Chip Stand Alone "The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products." |
| 2647 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYCOS® 3.0 QFN (Hardware Version: 742100004F; Firmware Version: 3.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/25/2016 | 5/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3115); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single Chip "SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications." |
| 2646 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 Brian Wood TEL: +1-973-440-9125 CST Lab: NVLAP 200658-0 | Samsung Flash Memory Protector V1.1 (Hardware Version: 3.0.1; Software Version: 1.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 05/13/2016 | 5/12/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 edge (single-user mode) -FIPS Approved algorithms: AES (Cert. #3839); SHS (Cert. #3163); HMAC (Cert. #2490) -Other algorithms: N/A Multi-Chip Stand Alone "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services." |
| 2645 | Harris Corporation Communication Systems Division 1680 University Avenue Rochester, NY 14610 USA Esther Betancourt TEL: 585-242-3635 FAX: 585-241-8459 Eric Hackett TEL: 585-241-8168 FAX: 585-241-8459 CST Lab: NVLAP 200928-0 | RF-7800W Broadband Ethernet Radio (Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Versions: 4.10 and 5.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in Section 2.4 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2016 12/02/2016 12/09/2016 | 12/8/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3530 and #3581); Triple-DES (Cert. #1993); DRBG (Cert. #920); SHS (Cert. #2943); HMAC (Cert. #2281); RSA (Cert. #1842); DSA (Cert. #994); KAS (Cert. #69); CVL (Cert. #609) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform." |
| 2644 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ (Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
| 2643 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ (Hardware Versions: nC3423E-500, nC3423E-1K5 and nC3423E-6K0, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F2 500+, nShield F2 1500+, nShield F2 6000+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
| 2642 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock (Hardware Versions: nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N; Firmware Version: 2.61.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
| 2641 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3023E-010, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F2 10e, nShield F2 500e, nShield F2 1500e, nShield F2 6000e are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
| 2640 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-010, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.61.2-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Certs. #516 and #532); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10e, nShield F3 500e, nShield F3 1500e, nShield F3 6000e, nShield F3 500e for nShield Connect, nShield F3 1500e for nShield Connect, nShield F3 6000e for nShield Connect are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
| 2639 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | MiniHSM, MiniHSM for nShield Edge F3, and MiniHSM for Time Stamp Master Clock (Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200, Build Standard N; Firmware Version: 2.61.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The MiniHSM, MiniHSM for nShield Edge F3 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
| 2638 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ (Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed) -Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed." |
| 2637 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B or 910-000117-00A Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6], and 920-000112-00A Rev. A [7]; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 09/08/2016 | 9/7/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870) -Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
| 2636 | Redline Communications 302 Town Centre Blvd. 4th Foor Markham, ON L3R 0E8 Canada Andrew Spurgeon TEL: 905-479-8344 FAX: 905-479-5331 CST Lab: NVLAP 200928-0 | RDL-3000 and eLTE-MT (Hardware Versions: RDL-3000, eLTE-MT; Firmware Version: 3.1) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2016 | 5/12/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3469 and #3472); DRBG (Cert. #854); SHS (Certs. #2866 and #2867); HMAC (Certs. #2216 and #2217); RSA (Cert. #1780); DSA (Cert. #981); KAS (Cert. #63); ECDSA (Cert. #703); CVL (Cert. #541) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The RDL-3000, Elte-MT Broadband Wireless Systems by Redline Communications leverage proven orthogonal frequency-division multiplexing (OFDM) technology to deliver high-speed Ethernet throughput over wireless links." |
| 2635 | Ciena® Corporation 7035 Ridge Road Hanover, MD 21076 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Packet-Optical Platform 4x10G (Hardware Versions: 2.0 and 3.0; Firmware Version: 2.00) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 08/15/2016 | 8/14/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3599 and #3600); Triple-DES (Cert. #2004); SHS (Cert. #2962); HMAC (Cert. #2297); DRBG (Cert. #933); RSA (Cert. #1851); ECDSA (Cert. #735); CVL (Cert. #623) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-Chip Embedded "The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering." |
| 2634 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC 1200.2 SSD Self-Encrypting Drive (Hardware Versions: ST400FM0293, ST800FM0213, ST1600FM0023 and ST3200FM0043; Firmware Versions: 3504, 0204, 0205, 0206, FF15, C206, 0207 and FF19) (When installed, initialized and configured as specified in Section 7 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2016 10/25/2016 08/31/2017 | 10/24/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841) -Other algorithms: NDRNG Multi-Chip Embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate 1200.2 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2633 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux OpenSSH Client Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/12/2016 06/17/2016 | 6/16/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: CVL (Certs. #700, #701 and #702) -Other algorithms: N/A Multi-Chip Stand Alone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2632 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL SM 9800 (Hardware Versions: P/N 101-500380-71, Rev. A; Firmware Version: SonicOS v6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/12/2016 06/12/2017 | 5/11/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3403); Triple-DES (Cert. #1925); SHS (Cert. #2816); DSA (Cert. #960); RSA (Cert. #1742); HMAC (Cert. #2171); DRBG (Cert. #815); CVL (Cert. #503) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; NDRNG; MD5; RC4; RSA (non-compliant) Multi-Chip Stand Alone "The SonicWALL™ SuperMassive™ Series is SonicWALL's Next-Generation Firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency." |
| 2631 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 CST Lab: NVLAP 200928-0 | Intel OpenSSL FIPS Object Module (Software Versions: 2.0.5 and 2.0.8) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2016 | 5/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3) Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3) Linux 3.10 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3) Linux 3.10 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3) -FIPS Approved algorithms: AES (Certs. #3848 and #3849); DRBG (Certs. #1092 and #1093); DSA (Certs. #1051 and #1052); HMAC (Certs. #2496 and #2497); RSA (Certs. #1965 and #1966); SHS (Certs. #3170 and #3171); Triple-DES (Certs. #2119 and #2120); ECDSA (Certs. #831 and #832); CVL (Certs. #735 and #736) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant); Dual EC DRBG Multi-Chip Stand Alone "The Intel OpenSSL FIPS Object Module provides cryptographic services for Intel Security products." |
| 2630 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Rezník TEL: +420-532-294-645 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux OpenSSH Server Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/02/2016 06/17/2016 | 6/16/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: CVL (Certs. #700, #701 and #702) -Other algorithms: N/A Multi-Chip Stand Alone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2629 | Zebra Technologies Corporation One Zebra Plaza Holtsville, NY 11742 USA Brian Stormont TEL: 401-276-5751 FAX: 401-276-5889 Gerry Corriveau TEL: 401-276-5667 FAX: 401-276-5889 CST Lab: NVLAP 100432-0 | ZBR-88W8787-WLAN (Hardware Versions: P/N: 88W8787, Version 1.0; Firmware Version: Marvell Firmware Version 14.66.35.p51; Zebra Driver Firmware Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 05/01/2016 | 4/30/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Zebra QLn320 Printer with QNX 6.5.0 -FIPS Approved algorithms: AES (Cert. #3003); HMAC (Cert. #2248); SHS (Cert. #2902) -Other algorithms: SAFER+ Multi-Chip Stand Alone "The ZBR-88W8787-WLAN Module implements cryptographic support for Zebra wireless devices." |
| 2628 | Giesecke+Devrient Mobile Security GmbH Prinzregentenstrasse 159 Munich D-81677 Germany Alexander Summerer TEL: +49-89/4119-2418 FAX: +49-89/4119-2819 Steffen Heinrich TEL: +49-89/4119-2453 CST Lab: NVLAP 100432-0 | StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element (Hardware Version: SLE78CUFX5000PH (M7893 B11); Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 07/03/2017 | 4/27/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #455); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed); AES (Certs. #2720 and #2721); SHS (Certs. #2288, #2289 and #2290); RSA (Certs. #1506 and #1507); DSA (Cert. #837); ECDSA (Cert. #476); KBKDF (Cert. #18); CVL (Cert. #177) -Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG Single Chip "StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element is a highly secured and integrated smartcard-based platform from Giesecke & Devrient complying with JavaCard Classic 3.0.4 and GlobalPlatform 2.2.1 standards.The Sm@rtCafé Expert 7.0 OS-platform is deployed in national ID, ePassport, authentication and digital signature programs with match-on-card biometric verification.StarSign Crypto-USB Token S is the ideal platform in a USB-Token form factor for secure logical access, online tax declaration, web based online authentication applications using FIDO and certificate" |
| 2627 | Nuvoton Technology Corporation 4, Creation Road III Hsinchu Science Park Taiwan Yossi Talmi TEL: +972-9-9702364 CST Lab: NVLAP 200556-0 | NPCT6XX TPM 2.0 (Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 1.3.0.1, 1.3.1.0, 1.3.2.8) (When installed, initialized, and configured as specified in the Security Policy Section 8 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 08/25/2016 03/14/2017 | 8/24/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3541 and #3542); CVL (Certs. #593, #594, #595, and #596); KAS (Certs. #66 and #67); ECDSA (Certs. #719 and #720); DRBG (Certs. #898 and #899); HMAC (Certs. #2262 and #2263); RSA (Certs. #1819 and #1820); SHS (Certs. #2919 and #2920) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3541 and #3542, key wrapping, key establishment methodology provides 128 bits of encryption strength) Single Chip "Nuvoton NPCT6XX TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation." |
| 2626 | Century Longmai Technology Co. Ltd 3rd Floor, Gongkong Building No. 1 Wangzhuang Rd Haidian District Beijing, Vendor State 100083 China Lemon Yang TEL: +86 13810314817 FAX: +86 10 62313636 CST Lab: NVLAP 200658-0 | mToken CryptoID (Hardware Version: SCC-X; Firmware Version: 3.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/14/2016 | 4/13/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1994); AES (Cert. #3582); SHS (Cert. #2944); DRBG (Cert. #921); ECDSA (Cert. #728); RSA (Cert. #1843); HMAC (Cert. #2282); KAS (Cert. #70); CVL (Cert. #610); KAS (SP 800-56Arev2 with CVL Cert. #610, vendor affirmed); KTS (Triple-DES Cert. #1994); KTS (AES Cert. #3582) -Other algorithms: SHS (non-compliant); RSA (key wrapping; non-compliant less than 112 bits of encryption strength); HMAC (non-compliant); NDRNG Multi-Chip Stand Alone "mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with computer device via USB interface in a "plug and play" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc." |
| 2625 | ECI Telecom Ltd. 30, Hasivim Street Petach Tikvah 49517 Israel Milind Barve TEL: +91-9987537250 FAX: +972-3-928-7100 CST Lab: NVLAP 200556-0 | ECI TR10_4EN Encryption Module (Hardware Versions: Board-Type=0x856B, Revision# D3; Firmware Version: R6.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/28/2016 | 4/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3551, #3552 and #3576) -Other algorithms: AES (Cert. #3552, key wrapping) Multi-Chip Embedded "TR10_4EN is a ‘1U’ sized card that fits into ECI’s Apollo chassis." |
| 2624 | Siemens PLM Software Inc. 5800 Granite Parkway Suite 600 Plano, TX 75024 USA Vikas Singh TEL: 651-855-6176 CST Lab: NVLAP 200427-0 | Teamcenter Cryptographic Module (Software Version: 3.0) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/27/2016 | 4/26/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 SP1 (x86 32-bit) running on an HP Compaq Pro 6305 Windows 7 SP1 (x64) running on an HP Compaq Pro 6305 SUSE Linux 11.2 (x64) running on an HP Compaq Pro 6305 Mac OS X 10.11 (x64) running on a Mac Mini (single-user mode) -FIPS Approved algorithms: AES (Cert. #3680); CVL (Cert. #676); DRBG (Cert. #988); DSA (Cert. #1037); ECDSA (Cert. #774); HMAC (Cert. #2426); RSA (Cert. #1901); SHS (Cert. #3094); Triple-DES (Cert. #2058) -Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (CVL Cert. #676, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers." |
| 2623 | Veritas Technologies LLC 500 East Middlefield Road Mountain View, CA 94043 USA Ravi Mahendrakar CST Lab: NVLAP 201029-0 | Veritas Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/25/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Veritas Cryptographic Module from Veritas provides cryptographic services which are used to encrypt the data at rest and in the secure communication with a trusted third party." |
| 2622 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - NSS Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/22/2016 | 4/21/2021 | Overall Level: 2 -Physical Security: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3452); Triple-DES (Cert. #1943); DSA (Cert. #971); ECDSA (Cert. #699); RSA (Cert. #1767); SHS (Cert. #2848); HMAC (Cert. #2198); DRBG (Cert. #846) -Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Cert. #3452, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1943, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE Multi-Chip Stand Alone "SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications." |
| 2621 | Forcepoint 10900-A Stonelake Blvd. Quarry Oaks 1 Ste. 350 Austin, TX 78759 USA Matt Sturm TEL: 858-320-9444 CST Lab: NVLAP 201029-0 | Websense C Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/21/2016 | 4/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense C Crypto Module provides support for cryptographic and secure communications services for these solutions." |
| 2620 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Palo Alto Networks VM-Series (Software Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/21/2016 09/08/2016 | 9/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): VMware ESXi 5.5 running on PA-VM-ESX-7.0.1.ova or PA-VM-NSX-7.0.1.ova CentOS 6.5 - KVM running on PA-VM-KVM-7.0.1.qcow2 Citrix XenServer 6.1.0 running on PA-VM-SDX-7.0.1.xva (single-user mode) -FIPS Approved algorithms: AES (Cert. #3501); CVL (Certs. #568, #569, #570 and #571); DRBG (Cert. #871); ECDSA (Cert. #714); HMAC (Cert. #2235); RSA (Cert. #1797); SHS (Cert. #2888) -Other algorithms: AES (Cert. #3501, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #569, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features." |
| 2619 | Vocera Communications, Inc. 525 Race Street San Jose, CA 95126 USA Ammath Keunemany TEL: 408-882-4615 CST Lab: NVLAP 200996-0 | Vocera Cryptographic Module v3.0 (Hardware Version: 88W8787; Firmware Version: 3.0; Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 04/19/2016 | 4/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Vocera Embedded Linux Version 3.0 running on a B3000n badge (single-user mode) -FIPS Approved algorithms: AES (Certs. #3531 and #3532); HMAC (Cert. #2257); SHS (Cert. #2912); RSA (Cert. #1815); DRBG (Cert. #888); CVL (Cert. #586) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5 Multi-Chip Stand Alone "Vocera B3000n Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000n Badge, ensures protected communications using industry-standard secure wireless communication protocols." |
| 2618 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200997-0 | Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances (Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.4.3) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/19/2016 08/10/2016 | 8/9/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #3439); CVL (Cert. #525); DRBG (Certs. #332, #336, #819 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247, #1514, #2095 and #2188); RSA (Cert. #1760); SHS (Certs. #1794, #2091, #2737 and #2839); Triple-DES (Certs. #1321, #1513, #1881 and #1937) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2617 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-4000 Amir Shahhosseini TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | WildFire WF-500 (Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.0.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/18/2016 | 4/17/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); RSA (Cert. #1782); ECDSA (Cert. #713); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; Triple-DES (non-compliant); CAST; ARCFOUR; Blowfish; Camellia; SEED; RC2; RC4; HMAC-MD5; UMAC; HMAC-RIPEMD Multi-Chip Stand Alone "WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks" |
| 2616 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-3060 and PA-7080 Firewalls (Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B or 910-000117-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/18/2016 09/08/2016 | 9/7/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870) -Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength); Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC Multi-Chip Stand Alone "The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures." |
| 2615 | Mojo Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0 | AirTight Wireless Sensor (Hardware Versions: C-75 and C-75-E with Tamper Evident Seal Kit: C-TPL-A; Firmware Version: 7.2.FIPS.04) (When operated in FIPS mode and with tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/12/2016 04/14/2016 04/15/2016 04/19/2016 | 4/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3766); CVL (Cert. #710); DRBG (Cert. #1036); HMAC (Cert. #2465); KBKDF (Cert. #77); KTS (AES Cert. #3766 and HMAC Cert. #2465; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1937); SHS (Cert. #3135) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks." |
| 2614 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Crypto Engine Core (Hardware Version: 5.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/11/2016 | 4/10/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1980); AES (Cert. #3526); SHS (Cert. #2909); HMAC (Cert. #2254) -Other algorithms: DES; AEAD Single Chip "QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments." |
| 2613 | Nokia Corporation 600 March Road Ottawa, ON K2K 2E6 Canada Carl Rajsic CST Lab: NVLAP 200556-0 | SR-OS Cryptographic Module (Firmware Version: 13.0R4) (When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 04/11/2016 | 4/10/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): SR-OS 13.0R4 on CPM-7950 XRS-20 CPM SR-OS 13.0R4 on CPM-7950 XRS-16 CPM SR-OS 13.0R4 on CPM-7750 SR CPM5 SR-OS 13.0R4 on CFP-7750 SR-c12 CFM-XP-B SR-OS 13.0R4 on CPM-7750 SR-a -FIPS Approved algorithms: AES (Cert. #3484); Triple-DES (Cert. #1965); RSA (Cert. #1789); HMAC (Cert. #2226); SHS (Cert. #2878); DRBG (Cert. #861); DSA (Cert. #985); CVL (Cert. #560) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it." |
| 2612 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Pseudo Random Number Generator (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2016 06/12/2017 | 4/7/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #885); SHS (Certs. #2908 and #2930) -Other algorithms: NDRNG Single Chip "QTI Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG." |
| 2611 | Silent Circle 4210 Fairfax Corner West Ave. Suite 215 Fairfax, VA 22033 USA Eric Carter Allen Stone CST Lab: NVLAP 201029-0 | Java Crypto Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/07/2016 06/20/2016 03/13/2017 | 6/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG; Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "The Java Crypto Module provides cryptographic functions for SilentOS from Silent Circle." |
| 2610 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA OS X El Capitan v10.11 running on iMac with i7 CPU with PAA OS X El Capitan v10.11 running on iMac with i7 CPU without PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847); CVL (Certs. #722, #723, #724, #725, #726, #727, #728 and #729); DRBG (Certs. #1059, #1060, #1061, #1062, #1063, #1064, #1065, #1066, #1067, #1068, #1069, #1070, #1071, #1072, #1073, #1074, #1075, #1076, #1077, #1078, #1079, #1080, #1081 and #1091); ECDSA (Certs. #820, #821, #822, #823, #824, #825, #826 and #827); HMAC (Certs. #2325, #2326, #2327, #2328, #2329, #2330, #2331, #2332, #2333, #2334, #2335, #2336, #2337, #2338, #2339, #2340, #2341, #2342, #2343, #2344, #2345, #2346, #2347, #2348, #2479, #2480, #2481, #2482, #2483, #2484, #2485 and #2486); KTS (AES Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1953, #1954, #1955, #1956, #1957, #1958, #1959 and #1960); SHS (Certs. #2991, #2992, #2993, #2994, #2995, #2996, #2997, #2998, #2999, #3000, #3001, #3002, #3003, #3004, #3005, #3006, #3007, #3008, #3009, #3010, #3011, #3012, #3013, #3014, #3152, #3153, #3154, #3155, #3156, #3157, #3158 and #3159); Triple-DES (Certs. #2106, #2107, #2108, #2109, #2110, #2111, #2112 and #2113); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2609 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 9.0 running on iPhone4S with Apple A5 CPU iOS 9.0 running on iPhone5 with Apple A6 CPU iOS 9.0 running on iPhone5S with Apple A7 CPU iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU iOS 9.0 running on iPad (4th generation) with Apple A6X CPU iOS 9.0 running on iPad Air 2 with Apple A8X CPU iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747); DRBG (Certs. #1017, #1018, #1020, #1021, #1022, #1023, #1024, #1025 and #1026); ECDSA (Certs. #791, #792, #794, #795, #796, #797, #798, #799 and #800); HMAC (Certs. #2349, #2350, #2351, #2352, #2353, #2354, #2355, #2356, #2357, #2442, #2443, #2445, #2446, #2447, #2448, #2449, #2450 and #2451); RSA (Certs. #1918, #1919, #1921, #1922, #1923, #1924, #1925, #1926 and #1927); SHS (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3111, #3112, #3114, #3115, #3116, #3117, #3118, #3119 and #3120); Triple-DES (Certs. #2076, #2077, #2079, #2080, #2081, #2082, #2083, #2084 and #2085); KTS (AES Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RIPEMD; RC2; RC4; RFC6637 KDF; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2608 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Adam Elshama TEL: 978-614-8327 CST Lab: NVLAP 200556-0 | SBC 5110 and 5210 Session Border Controllers (Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/05/2016 | 4/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3480 and #3481); CVL (Certs. #554, #555 and #556); DRBG (Cert. #859); ECDSA (Cert. #708); HMAC (Certs. #2222 and #2223); RSA (Cert. #1787); SHS (Certs. #2874 and #2875); Triple-DES (Certs. #1961 and #1962) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
| 2607 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Secure Kernel Code Integrity (skci.dll) in Microsoft Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] (single-user mode) -FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048) -Other algorithms: MD5 Multi-Chip Stand Alone "Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed." |
| 2606 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #575, #576, #663 and #664); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024) -Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography." |
| 2605 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #576 and #663); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024) -Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-Chip Stand Alone "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)." |
| 2604 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub (Software Versions: 10.0.10240 [1] and 10.0.10586 [2]) (When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 08/26/2016 | 8/25/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2] Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2] Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2] Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2] Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2] Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1] Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1] Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2] Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2] Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2] Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode) -FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048) -Other algorithms: AES (non-compliant); MD5 Multi-Chip Stand Alone "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk." |
| 2603 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498) -Other algorithms: N/A Multi-Chip Stand Alone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
| 2602 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) -Other algorithms: MD5 Multi-Chip Stand Alone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
| 2601 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871) -Other algorithms: MD5; NDRNG Multi-Chip Stand Alone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
| 2600 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB (Software Version: 10.0.10240) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2016 | 6/1/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA Windows 10 (x86) running on a Dell Inspiron 660s without PAA Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 (x64) running on a Dell XPS 8700 with PAA Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-Chip Stand Alone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
| 2599 | IBM 222 South Riverside Plaza Suite 1700 Chicago, Illinois 60606 US Mark Seaborn TEL: (312) 423-6640 Jason Resch TEL: (312) 423-6640 CST Lab: NVLAP 200002-0 | IBM Cloud Object Storage System’s™ FIPS Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/01/2016 04/12/2016 03/31/2017 | 4/11/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): ClevOS 3.8.0-FIPS-EDITION running on Intel Xeon with PAAClevOS 3.8.0-FIPS-EDITION running on Intel Xeon without PAAClevOS 3.8.2.19-FIPS-EDITION running on Intel Xeon with PAAClevOS 3.8.2.19-FIPS-EDITION running on Intel Xeon without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3611, #3612 and #4422); CVL (Certs. #630, #631 and #1137); DRBG (Certs. #941, #942 and 1428); DSA (Certs. #1006, #1007 and #1186); ECDSA (Certs. #743, #744 and #1071); HMAC (Certs. #2318, #2319 and #2935); RSA (Certs. #1858, #1859 and #2409); SHS (Certs. #2984, #2985 and #3640); Triple-DES (Certs. #2011, #2012 and #2380) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "The IBM Cloud Object Storage System’s™ FIPS Object Module is a full featured general purpose cryptographic library that is distributed as a component of ClevOS™ FIPS Edition, the underlying technology for IBM Cloud Object Store Appliances." |
| 2598 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Harjit Dhillon TEL: 916-501-1426 Steve Wierenga TEL: 650-265-3660 CST Lab: NVLAP 100432-0 | HPE Enterprise Secure Key Manager (Hardware Versions: P/Ns C8Z61AA, Versions 4.0 [1] and 4.1 [2]; Firmware Versions: 6.0.0-51 [1] and 6.1.0-14 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/01/2016 | 3/31/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3427 and #3428); CVL (Certs. #517, #518, #519, #520, #521 and #522); DRBG (Certs. #826, #827, #828 and #829); HMAC (Certs. #2179 and #2180); RSA (Certs. #1753 and #1754); SHS (Certs. #2827 and #2828); Triple-DES (Certs. #1932 and #1933) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES; MD5; RC4; RSA (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); SHS (non-compliant); SNMPv3 KDF (non-compliant); AES (non-compliant) Multi-Chip Stand Alone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover." |
| 2597 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/29/2016 | 3/28/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA OS X El Capitan v10.11 running on iMac with i7 CPU with PAA OS X El Capitan v10.11 running on iMac with i7 CPU without PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796); DRBG (Certs. #1047, #1048, #1049, #1050, #1051, #1052, #1053, #1054, #1055, #1056, #1057 and #1058); ECDSA (Certs. #816, #817, #818 and #819); HMAC (Certs. #2358, #2359, #2360, #2361, #2362, #2363, #2364, #2365, #2366, #2367, #2368, #2369, #2370, #2371, #2372, #2373, #2475, #2476, #2477 and #2478); KTS (AES Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1949, #1950, #1951 and #1952); SHS (Certs. #3024, #3025, #3026, #3027, #3028, #3029, #3030, #3031, #3032, #3033, #3034, #3035, #3036, #3037, #3038, #3039, #3148, #3149, #3150 and #3151); Triple-DES (Certs. #2102, #2103, #2104 and #2105); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2596 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9300 P (Hardware Versions: P/N NS-9300 P, Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2595 | Chunghwa Telecom Co., Ltd. No.99, Dianyan Road Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card Cryptographic Module (Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.2) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 | 3/28/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: CVL (Cert. #614); DRBG (Cert. #927); ECDSA (Cert. #731); RSA (Cert. #1846); SHS (Cert. #2953); Triple-DES (Cert. #1999) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Certs. #1999, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single Chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
| 2594 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module v6.0 (Software Version: 6.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/29/2016 | 3/28/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): iOS 9.0 running on iPhone4S with Apple A5 CPU with AES hardware acceleration iOS 9.0 running on iPhone4S with Apple A5 CPU without AES hardware acceleration iOS 9.0 running on iPhone5 with Apple A6 CPU with AES hardware acceleration iOS 9.0 running on iPhone5 with Apple A6 CPU without AES hardware acceleration iOS 9.0 running on iPhone5S with Apple A7 CPU iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware acceleration iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware acceleration iOS 9.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware acceleration iOS 9.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware acceleration iOS 9.0 running on iPad Air 2 with Apple A8X CPU iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750); CVL (Certs. #683, #684, #685, #686, #687, #688, #689, #690, #691, #692, #693, #694, #695 and #698); DRBG (Certs. #989, #990, #991, #992, #993, #994, #995, #996, #997, #999, #1000, #1001, #1002, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012, #1013, #1014, #1015 and #1016); ECDSA (Certs. #777, #778, #779, #780, #781, #782, #783, #784, #785, #786, #787, #788, #789 and #793); HMAC (Certs. #2302, #2304, #2306, #2307, #2309, #2310, #2311, #2312, #2313, #2314, #2315, #2316, #2317, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440 and #2444); KTS (AES Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1904, #1905, #1906, #1907, #1908, #1909, #1910, #1911, #1912, #1914, #1915, #1916, #1919 and #1920); SHS (Certs. #2968, #2970, #2972, #2973, #2974, #2975, #2976, #2977, #2978, #2979, #2980, #2981, #2982, #2983, #3096, #3097, #3098, #3099, #3100, #3101, #3102, #3103, #3104, #3105, #3106, #3107, #3108 and #3113); Triple-DES (Certs. #2060, #2061, #2062, #2063, #2064, #2065, #2066, #2067, #2068, #2069, #2070, #2071, #2072 and #2078); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2593 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9300 S (Hardware Versions: P/N NS-9300 S, Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/29/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2592 | Zebra Technologies Corporation One Zebra Plaza Holtsville, NY 11742 USA Robert Pang TEL: 631-738-5419 FAX: n/a Mariya Wright TEL: 914-574-8189 FAX: 631-738-4656 CST Lab: NVLAP 100432-0 | Zebra DCS Cryptographic Library (Firmware Versions: DAACVS00-001-R00, DAACWS00-001-R00 or DAACUS00-001-R00) (This validation entry is a non-security relevant modification to Cert. #1467) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/25/2016 08/15/2016 | 8/14/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): LI3678 with uC/OS-II v2.85 DS3678 and DS8178 with TreadX v6.5 STB3678 with uC/OS-II v2.85 FLB3678 and CR8178 with uC/OS-II v2.85 -FIPS Approved algorithms: AES (Certs. #3856, #3857 and #3858); HMAC (Certs. #2504, #2505 and #2506); SHS (Certs. #3178, #3179 and #3180) -Other algorithms: N/A Multi-Chip Stand Alone "The Zebra DCS Cryptographic Library provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Embedded devices which include cordless scanners, cradles and terminals." |
| 2591 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor NS-9100 and NS-9200 (Hardware Versions: P/Ns NS-9100 Versions 1.2 and 1.3 and NS-9200 Versions 1.2 and 1.3; FIPS Kit P/N IAC-FIPS-KT2; Firmware Version: 8.1.17.16) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2590 | ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 USA Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0 | CoSign (Hardware Version: 7.0; Firmware Version: 7.7) (When operated in FIPS Mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 | 3/23/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #2074 and #2087); Triple-DES MAC (Triple-DES Cert. #2087, vendor affirmed); SHS (Certs. #3109 and #3122); HMAC (Certs. #2441 and #2453); DRBG (Certs. #1028 and #98); RSA (Cert. #1929); CVL (Certs. #697); PBKDF (vendor affirmed) -Other algorithms: NDRNG; MD5; Triple-DES (Cert. #2074, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant); Triple-DES (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant) Multi-Chip Stand Alone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data." |
| 2589 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Adam Elshama TEL: 978-614-8327 CST Lab: NVLAP 200556-0 | SBC 7000 Session Border Controller (Hardware Version: SBC 7000; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/24/2016 | 3/23/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3482 and #3483); CVL (Certs. #557, #558 and #559); DRBG (Cert. #860); ECDSA (Cert. #709); HMAC (Certs. #2224 and #2225); RSA (Cert. #1788); SHS (Certs. #2876 and #2877); Triple-DES (Certs. #1963 and #1964) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-Chip Stand Alone "The SBC 7000 Session Border Controller is a high-performance air-cooled, 5U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
| 2588 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Inline Crypto Engine (SDCC) (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2016 | 3/21/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3556 and #3558) -Other algorithms: N/A Single Chip "QTI Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption." |
| 2587 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Dr. W Houston, TX 77070 USA Ramesh Narayanan TEL: +91 80 338 65384 Rituparna Mitra TEL: +91 80 251 65735 CST Lab: NVLAP 200928-0 | HP BladeSystem Onboard Administrator Firmware (Firmware Version: 4.40) (When installed, initialized and configured as indicated in the Security Policy in Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure -FIPS Approved algorithms: AES (Cert. #3333); CVL (Cert. #487); DRBG (Cert. #780); HMAC (Cert. #2124); RSA (Cert. #1712); SHS (Certs. #2766, #2767 and #2768); Triple-DES (Cert. #1903) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure." |
| 2586 | Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middlesex NW10 0UF United Kingdom Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 Francesco Rivieccio TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0 | Integral AES 256 Bit Crypto SSD Underlying PCB (Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INIS2564GCR140(R); INIS25128GCR140(R); INIS25256GCR140(R); INIS25512GCR140(R); INIS251TCR140(R); INIS252TCR140(R); INSSD64GS625M7CR140(R); INSSD128GS625M7CR140(R); INSSD256GS625M7CR140(R); INSSD512GS625M7CR140(R); INSSD1TS625M7CR140(R); INSSD2TS625M7CR140(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); INIS1864GCR140(R); INIS18128GCR140(R); INIS18256GCR140(R); INIS18512GCR140(R); INIS181TGCR140(R); INIS182TGCR140(R); INISHS64GCR140(R); INISHS128GCR140(R); INISHS256GCR140(R); INISHS512GCR140(R); INISHS1TCR140(R); INISHS2TCR140(R); INSSD128GM2M2260C140(R); INSSD256GM2M2260C140(R); INSSD512GM2M2260C140(R); INSSD1TM2M2260C140(R); INIM26064GCR140(R); INIM260128GCR140(R); INIM260256GCR140(R); INIM260512GCR140(R); INIM2601TCR140(R); INIM2602TCR140(R); INSSD64GM2M2280C140(R); INSSD128GM2M2280C140(R); INSSD256GM2M2280C140(R); INSSD512GM2M2280C140(R); INSSD1TGM2M2280C140(R); INIM28064GCR140(R); INIM280128GCR140(R); INIM280256GCR140(R); INIM280512GCR140(R); INIM2801TCR140(R); INIM2802TCR140(R); INSSD64GMSA6MCR140(R); INSSD128GMSA6MCR140(R); INSSD256GMSA6MCR140(R); INSSD512GMSA6MCR140(R); INSSD1TMSA6MCR140(R); INIMSA64GCR140(R); INIMSA128GCR140(R); INIMSA256GCR140(R); INIMSA512GCR140(R); INIMSA1TCR140(R); INIMSA2TCR140(R); INIM24264GCR140(R); INIM242128GCR140(R); INIM242256GCR140(R); INIM242512GCR140(R); INIM2421TCR140(R); INIM2422TCR140®; Firmware Version: S5FDM018) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/21/2016 06/21/2017 | 3/20/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2175); DRBG (Cert. #254); HMAC (Cert. #1335); SHS (Cert. #1887) -Other algorithms: NDRNG Multi-Chip Stand Alone "Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in 32 GB, 64 GB, 128 GB, 256 GB, 512 GB, 1 TB and 2 TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)." |
| 2585 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Greg Lazar TEL: 508-249-7822 Tom Dibb TEL: 508-249-7660 CST Lab: NVLAP 200556-0 | VNX 6 Gb/s SAS I/O Module with Encryption from EMC (Hardware Versions: 1.1.1-303-161-103B-04 and 1.2.1-303-224-000C-03; Firmware Version: 2.09.36) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3502 and #3512); KTS (AES Certs. #3502 and #3512) -Other algorithms: N/A Multi-Chip Embedded "The VNX 6Gb/s SAS I/O Module with Encryption is an optimized solution for native SAS/SATA HBA applications. It is the heart of any VNX storage system, providing the interface to the physical storage media. Its benefits include cost and universal drive support for SAS and SATA disks. The VNX 6Gb/s SAS I/O Module with Encryption is a high-density SAS controller solution that significantly increases total system performance, diagnostics, scalability and manageability. It provides the highest density, lowest power/port SAS controller solution available." |
| 2584 | Advantech B+B Smartworx Westlink Commercial Park Oranmore Co. Galway Ireland Paul Conway TEL: +353 91 792444 FAX: +353 91 792445 CST Lab: NVLAP 200556-0 | Advantech B+B SmartWorx Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Conel Linux 5 running on a Spectre V3 LTE (single-user mode) -FIPS Approved algorithms: AES (Certs. #3515 and #3516); CVL (Cert. #587); DRBG (Cert. #877); HMAC (Cert. #2244); RSA (Cert. #1805); SHS (Certs. #2896, #2897 and #2898); Triple-DES (Certs. #1974 and #1975) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1974, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "The Advantech B+B SmartWorx Cryptographic Module is a software module that provides cryptographic services to Advantech B+B SmartWorx products. The module provides a number of FIPS 140 validated cryptographic algorithms for services such as IPsec. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module." |
| 2583 | Box, Inc. 900 Jefferson Ave Redwood City, CA 94063 USA Crispen Maung TEL: 877-729-4269 CST Lab: NVLAP 200968-0 | Box JCA Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/21/2016 | 3/20/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Scientific Linux 6.4 with JRE 1.6.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610) Scientific Linux 6.4 with JRE 1.7.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610) (single-user mode) -FIPS Approved algorithms: AES (Cert. #2666); DRBG (Cert. #429); HMAC (Cert. #1657); SHS (Cert. #2239) -Other algorithms: AES (non-compliant); Blowfish; DES; Triple-DES (non-compliant); RC2; Diffie-Hellman (non-compliant); PBE (non-compliant); ARCFOUR; RSA (non-compliant); HMAC-MD5; PBKDF (non-compliant); DSA (non-compliant); MD2; MD5; PRNG (non-compliant); NDRNG Multi-Chip Stand Alone "Box JCA Cryptographic Module is a Java Cryptography Architecture provider that provides encryption, hashing and random number generation utilizing FIPS 140-2 validated algorithms." |
| 2582 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 Kernel Crypto API Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with Network Security Services (NSS) Module validated to FIPS 140-2 under Cert. #2564 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/16/2016 04/12/2016 | 4/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3145, #3146, #3147, #3148, #3149, #3150, #3151, #3152, #3218 and #3219); DRBG (Certs. #639, #640, #641, #642, #643, #644, #645 and #646); DSA (Certs. #892, #893, #894, #895, #909 and #910); HMAC (Certs. #1933, #1934, #1935, #1936, #1985 and #1986); SHS (Certs. #2607 and #2608); Triple-DES (Certs. #1797 and #1798) -Other algorithms: DES; SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant); HMAC SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant) Multi-Chip Stand Alone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.6 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
| 2581 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA Peter Kim TEL: 408-321-6300 CST Lab: NVLAP 201029-0 | FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402 (Hardware Versions: HX 4400, HX 4400D, HX 4402, HX 9402; Firmware Version: 3.1.0) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2016 | 3/13/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye HX series appliances enable security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management, and network security products, apply intelligence from FireEye to continuously validate Indicators of Compromises on the endpoints and identify if a compromise has occurred and assess the potential risk." |
| 2580 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA Peter Kim TEL: 408-321-6300 CST Lab: NVLAP 201029-0 | FireEye MX Series: MX 900, MX 8400 (Hardware Versions: MX 900, MX 8400; Firmware Version: 2.0.3) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2016 | 3/13/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye MX series appliances are mobile management platforms that work in conjunction with the FireEye MTP App to assimilate and disperse threat information to mobile endpoints, and offer integration with MDM solutions for a true detect to fix solution." |
| 2579 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 FAX: 858-845-1523 Yin Ling Liong TEL: 858-651-7034 FAX: 858-845-1523 CST Lab: NVLAP 200658-0 | QTI Inline Crypto Engine (UFS) (Hardware Version: 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/11/2016 | 3/10/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3555 and #3557) -Other algorithms: N/A Single Chip "QTI Inline Crypto Engine (UFS) provides high throughput storage data encryption and decryption." |
| 2578 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: 404-348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security Network Intrusion Prevention System Version 4.6.2 (Hardware Versions: GX4004, GX5008C, GX5008SFP, GX5208C, GX5208SFP, GX7412 and GX7800 with Tamper Evident Label Kit: 00VM255; Firmware Version: 4.6.2) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/07/2016 | 3/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3204 and #3210); DRBG (Certs. #679 and #682); ECDSA (Certs. #588 and #591); HMAC (Certs. #2018 and #2023); RSA (Certs. #1633 and #1635); SHS (Certs. #2651 and #2657); Triple-DES (Certs. #1825 and #1827) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Network Intrusion Prevention System (NIPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration." |
| 2577 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 512-319-2480 FAX: n/a CST Lab: NVLAP 201029-0 | Aruba Linux Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG, Dual EC DRBG Multi-Chip Stand Alone "The Aruba Linux Cryptographic Module implements full and approved cryptographic algorithm support, including Suite B algorithm compliance, for Aruba products. It provides secure key management, data integrity, data at rest encryption, and secure communications." |
| 2576 | Zinc Inc. 55 New Montgomery Street, Ste. 888 San Francisco, CA 94105 USA Evan Owen TEL: 877-586-5682 CST Lab: NVLAP 201029-0 | Zinc Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 08/08/2016 | 8/7/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Zinc Cryptographic Module provides cryptographic functions for Zinc Inc.’s mobile applications." |
| 2575 | Cellcrypt 6121 Lincolnia Rd Suite 100 Alexandria, VA 22312 USA Richard Chen TEL: 571-243-9445 CST Lab: NVLAP 100432-0 | Cellcrypt Secure Core 3 FIPS 140-2 Module (Software Version: 2.0.10) (When operated in FIPS mode and built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) (single user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3264); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #472); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #723); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #933); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #620); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2063); RSA (Certs. #1086, #1145, #1205, #1273, #1477, #1535, #1581 and #1664); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2702); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1853) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "Cellcrypt Secure Core 3 FIPS 140-2 Module Version 2.0.10 is a cryptographic software library providing privacy, authentication and integrity services. There are three major protocol groups supported:- Offline or store-and-forward based protocols- File storage and message attachments- Online or session-based protocols" |
| 2574 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Dr. W Houston, TX 77070 USA Luis Luciani TEL: 1-281-518-6762 CST Lab: NVLAP 200928-0 | iLO 4 Cryptographic Module (Hardware Versions: GLP-4: 531510-004 [1], GLP-3: 531510-003 [2] and Sabine: 610107-002 [3]; Flash Memory: (820595-001 [1,2,3]); NVRAM: (820597-001 [1]), (820596-001 [2,3]); DDR3 SDRAM: (820594-001 [1,2,3]); Firmware Version: 2.11) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/02/2016 | 3/1/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3398, #3399, #3400 and #3401); CVL (Cert. #502); DRBG (Cert. #814); DSA (Cert. #959); ECDSA (Cert. #676); HMAC (Cert. #2169); RSA (Cert. #1740); SHS (Cert. #2814); Triple-DES (Cert. #1924) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5 Multi-Chip Embedded "The HP Integrated Lights-Out 4 (HP iLO 4) built into HP ProLiant Gen8 and Gen9 servers is an autonomous secure management component embedded directly on the server motherboard. iLO helps simplify initial server setup, power and thermal optimization, remote server administration, and provides server health monitoring with the HP Active Health System (AHS)." |
| 2573 | Aruba a Hewlett Packard Enterprise Company 3333 Scott Blvd. Santa Clara, CA 95054 USA Steve Weingart TEL: 512-319-2480 FAX: n/a CST Lab: NVLAP 100432-0 | Aruba Common Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/01/2016 02/28/2017 | 2/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise 32-bit User Mode running on an IBM ThinkPad Lenovo Windows 7 Enterprise 64-bit User Mode running on an IBM ThinkPad Lenovo Android 4.0 running on a Droid 3 Smartphone Red Hat Enterprise Linux 6 with Linux 2.6 Kernel (32-bit) running on a Dell Dimension 9200 iOS9 running on an iPad 2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2744 and #2746); CVL (Certs. #265 and #266); DRBG (Certs. #496 and #498); ECDSA (Certs. #499 and #500); HMAC (Certs. #1721 and #1722); RSA (Certs. #1483 and #1484); SHS (Certs. #2316 and #2317); Triple-DES (Certs. #1652 and #1653) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX; AES XCBC; AES MAC (non-compliant); RSAES-OAEP Multi-Chip Stand Alone "The Aruba Common Cryptographic Module Version 1.0 is a software shared library that provides cryptographic services required by Aruba software applications." |
| 2572 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 S (Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/25/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2571 | Canon U.S.A., Inc. One Canon Park Melville, NY 11747 USA Jiuyuan Ge TEL: 631-330-5774 CST Lab: NVLAP 200427-0 | Canon imageRUNNER Crypto Module 2.1.1.1 for MEAP (Software Version: 2.1.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/25/2016 | 2/24/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): MontaVista Linux running on a Canon imageRUNNER with MEAP SDK 4.60 SP4 and CDC 1.1 Foundation Profile 1.1 with optional JCE provider package (single-user mode) -FIPS Approved algorithms: AES (Cert. #3442); CVL (Cert. #528); DRBG (Cert. #840); DSA (Cert. #969); ECDSA (Cert. #694); HMAC (Cert. #2191); KBKDF (Cert. #60); KTS (AES Cert. #3442); RSA (Cert. #1763); SHS (Cert. #2842); Triple-DES (Cert. #1939) -Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; HMAC-MD5; MD4; MD5; NDRNG; PBE; RC2; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Triple-DES (Cert. #1939, key wrapping; key establishment methodology provides 112 bits of encryption strength); Multi-Chip Stand Alone "Canon imageRUNNER Crypto Module for MEAP security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements" |
| 2570 | Certicom Corp. 4701 Tahoe Blvd., Building A Mississauga, Ontario L4W 0B5 Canada Certicom Support TEL: 905-507-4220 FAX: n/a Certicom Sales TEL: 905-507-4220 FAX: n/a CST Lab: NVLAP 200928-0 | Security Builder® Linux Kernel Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/23/2016 | 2/22/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with PAA CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without PAA Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953) -Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG Multi-Chip Stand Alone "Certicom Security Builder® Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel." |
| 2569 | Hiddn Security AS Nedre Slottgate 25 Oslo 0157 Norway Atle Haga TEL: +47 92452750 FAX: +47 38104499 Terje Leira TEL: +47 91112899 FAX: +47 38104499 CST Lab: NVLAP 100432-0 | CM1+ (Hardware Versions: PCBA P/N HGD-59400200 with PCB P/N HGD-59300039, Rev C; Firmware Versions: CM1+ HW v1.8.7.4, CM1+ FW v1.8.7.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2016 | 2/21/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3362) -Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength) Multi-Chip Embedded "The CM1+ is a 256-bit AES hardware encryption engine for protection of data at rest. The unit operates on the SATA protocol independent of the storage device, which allows encryption of disk drives of various storage capacities." |
| 2568 | Security First Corp. 29811 Santa Margarita Parkway Suite 600 Rancho Santa Margarita, CA 92688 USA Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092 CST Lab: NVLAP 100432-0 | SecureParser® (Software Version: 4.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2016 10/03/2016 12/23/2016 | 12/22/2021 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Android 5.0 running on a Samsung Galaxy S5Android 5.1 running on a Samsung Galaxy S5Android 5.1 running on a Samsung Galaxy S6Android 5.1 running on a Samsung Galaxy Note5Android 6.0 running on a Samsung Galaxy S5Android 6.0 running on a Samsung Galaxy S6Android 6.0 running on a Samsung Galaxy Note5 Android 6.0 running on a Samsung Galaxy S7Microsoft Windows Server 2008 R2 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows Server 2008 R2 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows Server 2012 R2 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows Server 2012 R2 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 7 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows 7 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 8.1 64-bit running on a Dell Optiplex 7010 with PAAMicrosoft Windows 8.1 64-bit running on a Dell Optiplex 7010 without PAAMicrosoft Windows 10 64-bit running on a Microsoft Surface Pro 4 with PAAMicrosoft Windows 10 64-bit running on a Microsoft Surface Pro 4 without PAARed Hat Enterprise Linux 6.7 64-bit running on a Dell Optiplex 7010 with PAARed Hat Enterprise Linux 6.7 64-bit running on a Dell Optiplex 7010 without PAARed Hat Enterprise Linux 7.2 64-bit running on a Dell Optiplex 7010 with PAARed Hat Enterprise Linux 7.2 64-bit running on a Dell Optiplex 7010 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #4071 and #4148); DRBG (Certs. #1220 and #1260); ECDSA (Certs. #918 and #954); HMAC (Certs. #2658 and #2719); KTS (AES Cert. #4071 and AES Cert. #4148; key establishment methodology provides between 128 and 256 bits on encryption strength); RSA (Certs. #2203 and #2260); SHS (Certs. #3354 and #3415) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Stand Alone "The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available." |
| 2567 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security XGS 3100, XGS 4100, XGS 5100, and XGS 7100 (Hardware Versions: XGS 3100, XGS 4100, XGS 5100 and XGS 7100; FIPS-LABELS: FIPS 140 tamper evidence labels P/N 00VM255; Firmware Versions: 5.3.1 and 5.3.3) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/19/2016 12/20/2016 | 12/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3280, #3282, #3283, #3284, #3307, #3308, #3309 and #3310); CVL (Certs. #463, #465, #466 and #467); DRBG (Certs. #738, #740, #741, #742, #756, #757, #758 and #759); DSA (Certs. #937, #939, #940 and #941); ECDSA (Certs. #633, #635, #636, #637, #640, #641, #642 and #643); HMAC (Certs. #2077, #2079, #2080, #2081, #2099, #2100, #2101 and #2102); RSA (Certs. #1677, #1679, #1680, #1681, #1691, #1692, #1693 and #1694); SHS (Certs. #2718, #2720, #2721, #2722, #2740, #2741, #2742 and #2743); Triple-DES (Certs. #1867, #1869, #1870, #1871, #1883, #1884, #1885 and #1886) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Network Intrusion Prevention System (IPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration. The XGS 3100, XGS 4100, XGS 5100, and XGS 7100 can be securely managed via SiteProtector, which is a central management console" |
| 2566 | Skyhigh Networks 900 E. Hamilton Ave. Suite 400 Campbell, CA 95008 USA Skyhigh Networks CST Lab: NVLAP 201029-0 | Java Crypto Module (Hardware Version: N/A; Firmware Version: N/A; Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/18/2016 | 2/17/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "The Java Crypto Module provides cryptographic functions for Skyhigh Networks cloud visibility and enablement products." |
| 2565 | Hiddn Security AS Nedre Slottgate 25 Oslo 0157 Norway Atle Haga TEL: +47 92452750 FAX: +47 38104499 Terje Leira TEL: +47 91112899 FAX: +47 38104499 CST Lab: NVLAP 100432-0 | coCrypt CM1+ (Hardware Versions: PCBA P/N HGD-59401600 with PCB P/N HGD-59300063, Rev G; Firmware Versions: coCrypt CM1+ HW v1.8.8.4, CM1+ FW v1.8.7.5, Host Controller FW v1.0.5.8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/18/2016 | 2/17/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3362) -Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength) Multi-Chip Embedded "The coCrypt CM1+ is a 256-bit AES hardware encryption engine which encrypts data either to a replacable microSD storage card or an USB flash drive. The unit allows the user to expand the storage capacity whenever needed." |
| 2564 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 NSS Module (Software Version: 3.14.3-22) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/17/2016 | 2/16/2021 | Overall Level: 2 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on System x3500 M4 without PAA -FIPS Approved algorithms: AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087); CVL (Certs. #368, #369, #370 and #371); DRBG (Certs. #603, #604, #605 and #606); DSA (Certs. #892, #893, #894 and #895); ECDSA (Certs. #554, #555, #556 and #557); HMAC (Certs. #1933, #1934, #1935 and #1936); RSA (Certs. #1577, #1578, #1579 and #1580); SHS (Certs. #2549, #2550, #2551 and #2552); Triple-DES (Certs. #1776, #1777, #1778 and #1779) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; MD2; RC2; Camellia; J-PAKE; DES; SEED; Triple-DES (Certs. #1776, #1777, #1778 and #1779, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CTS block chaining mode Multi-Chip Stand Alone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/" |
| 2563 | IBM Security 6303 Barfield Road Atlanta, GA 30328 USA Ferrell Moultrie TEL: (404) 348-9293 FAX: N/A CST Lab: NVLAP 200416-0 | IBM Security SiteProtector System Cryptographic Module (Software Version: 3.1.1) (When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/17/2016 | 2/16/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Server 2012 R2 Standard running on IBM Security SP 4001 with Intel Core i7-2600 @ 3.4GHz (1-CPU / 4-core) processor (single-user mode) -FIPS Approved algorithms: AES (Cert. #3279); CVL (Cert. #462); DRBG (Cert. #737); ECDSA (Cert. #632); HMAC (Cert. #2076); RSA (Cert. #1676); SHS (Cert. #2717); Triple-DES (Cert. #1866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #462, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-Chip Stand Alone "SiteProtector is a centralized management system that unifies management and analysis for network, server, and desktop protection agents and small networks or appliances. The SiteProtector is used as the central controlling point for IBM ISS appliances deployed on the network." |
| 2562 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Version: 2.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/17/2016 | 2/16/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3337, #3346, #3347 and #3348); CVL (Cert. #491); DRBG (Cert. #779); ECDSA (Cert. #661); HMAC (Cert. #2128); KAS (Cert. #58); RSA (Cert. #1727); SHS (Cert. #2772); Triple-DES (Cert. #1907) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC (also known as Traffic Flow Security or TFS) transmission security capability can be used to remove patterns from" |
| 2561 | Medtronic Care Management Services, LLC 7980 Century Blvd Chanhassen, MN 55317 USA Brian Golden TEL: 888-243-8881 Ben Lange TEL: 888-243-8881 CST Lab: NVLAP 100432-0 | CC FM TLS/SRTP (Software Version: 1.0.2) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/16/2016 03/22/2016 | 3/21/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Server 2008 R2 (x64) running on Intel Xeon E5620 (Dell PowerEdge R710), Android 4.0.4 running on ARM TI OMAP 4430 (Samsung Galaxy Tab 2) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3349); CVL (Certs. #494 and #495); DRBG (Certs. #794 and #795); HMAC (Cert. #2132); RSA (Cert. #1716); SHS (Cert. #2776) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SRTP-KDF (non-compliant); NDRNG Multi-Chip Stand Alone "CC FM TLS/SRTP facilitates secure communication for the TLS and SRTP protocols." |
| 2560 | Unisys Corporation 801 Lakeview Drive Suite 100 Blue Bell, PA 19422 USA Ralph Farina TEL: 610-648-3460 Timothy McCaffrey TEL: 610-648-4477 CST Lab: NVLAP 200928-0 | Unisys Linux Kernel Cryptographic API Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 11) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA and with PCLMULQDQ and SSSE 3 Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ and SSSE3 Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ and Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ and SSSE3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3513 and #3519); HMAC (Certs. #2246 and #2247); SHS (Certs. #2900 and #2901) -Other algorithms: N/A Multi-Chip Stand Alone "The Unisys Linux Kernel Cryptographic API Module is a software-only cryptographic module that comprises a set of Linux kernel modules. It provides general purpose cryptographic services to the remainder of the Linux kernel." |
| 2559 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Gary Sturdivant TEL: 1-650-427-4429 Eric Betts TEL: 1-650-427-1902 CST Lab: NVLAP 200928-0 | VMware Horizon JCE (Java Cryptographic Extension) Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Horizon 6, version 6.2 with Sun JRE 1.8 on Windows Server 2012R2 Datacenter hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630 Horizon 6, version 6.2 with Sun JRE 1.8 on Windows 7 SP1 Enterprise (32 bit) hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3554); DRBG (Cert. #905); DSA (Cert. #992); HMAC (Cert. #2268); RSA (Cert. #1830); SHS (Cert. #2929); Triple-DES (Cert. #1987) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #3554, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1987, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC Multi-Chip Stand Alone "The VMware Horizon JCE (Java Cryptographic Extension) Module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms." |
| 2558 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 P (Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/11/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2557 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B (DC); Senetas Corp. Ltd. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Firmware Versions: 2.6.1 and 2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/11/2016 04/11/2016 | 4/10/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3335, #3342 and #3343); CVL (Cert. #489); DRBG (Cert. #777); ECDSA (Cert. #659); HMAC (Cert. #2126); KAS (Cert. #56); RSA (Cert. #1725); SHS (Cert. #2770); Triple-DES (Cert. #1905) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis." |
| 2556 | Infineon Technologies AG Am Campeon 1-12 Neubiberg, Bavaria 85579 Germany Roland Ebrecht TEL: +49-821-2585168 FAX: +49-821-2585130 Thomas Hoffmann TEL: +49-821-2585124 FAX: +49-821-2585130 CST Lab: NVLAP 100432-0 | Trusted Platform Module 1.2 SLB 9660/SLB 9665/SLB 9670 (Hardware Versions: P/Ns SLB 9660, SLB 9665 and SLB 9670; Firmware Version: 4.80.0411.02 or 6.80.0113.02) (When operated in FIPS mode as specified in Security Policy Sections 1.1 and 8.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/09/2016 | 2/8/2021 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3523 and #3524); RSA (Certs. #1809 and #1810); SHS (Certs. #2905 and #2906); DRBG (Certs. #882 and #883); HMAC (Certs. #2251 and #2252); KBKDF (Certs. #70 and #71); CVL (Certs. #579, #580, #581, #582, #583 and #584); KTS (AES Certs. #3523 and #3524 and HMAC Certs. #2251 and #2252; key establishment methodology provides 128 bits of encryption strength); RSAEP (SP 800-56B, vendor affirmed) -Other algorithms: NDRNG; RSA (CVL Certs. #580 and #583, key wrapping provides 112 bits of encryption strength) Single Chip "The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the TCG specifications Version 1.2, Revision 116, 1 March 2011. See www.trustedcomputinggroup.org for further information on TCG and TPM." |
| 2555 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: n/a CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10, M-1450 Version 1.10, M-2750 Version 1.50, M-2850 Version 1.00, M-2950 Version 1.00, M-3050 Version 1.20, M-4050 Version 1.20 and M-6050 Version 1.40; FIPS Kit P/Ns IAC-FIPS-KT2 and IAC-FIPS-KT7; Firmware Version: 8.1.15.14) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/09/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant) Multi-Chip Stand Alone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2554 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Sandra Hernandez TEL: 512-286-5624 Marie Fraser TEL: +353 21 7306043 CST Lab: NVLAP 200416-0 | IBM(R) Security QRadar(R) Cryptographic Security Kernel (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/02/2016 | 2/1/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux (RHEL) v6.5 running on a IBM System X3650 M4 BD (single-user mode) -FIPS Approved algorithms: AES (Cert. #3131); CVL (Cert. #397); DRBG (Cert. #753); HMAC (Cert. #1981); RSA (Cert. #1686); SHS (Cert. #2600); Triple-DES (Cert. #1794) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The IBM(R) Security QRadar(R) Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine." |
| 2553 | ZOLL Medical Corporation 269 Mill Road Chelmsford, MA 01824-4105 USA Bryan Newman TEL: 978-421-9843 FAX: n/a Navid Shaidani TEL: 978-421-9843 FAX: n/a CST Lab: NVLAP 100432-0 | R Series Data Comm II (Hardware Version: 9214-00207 Rev B; Firmware Version: 03.02.010.1441) (When operated in FIPS mode. This module contains the embedded module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3276); CVL (Cert. #458); DRBG (Cert. #734); DSA (Cert. #935); ECDSA (Cert. #631); HMAC (Cert. #2074); RSA (Cert. #1688); SHS (Certs. #2714 and #2715); Triple-DES (Cert. #1864); KTS (AES Cert. #3276 and HMAC Cert. #2074; key establishment methodology provides 256 bits of encryption strength) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC4; AES CCM (non-compliant) Multi-Chip Stand Alone "The ZOLL R Series Data Comm II module allows data to be wirelessly transmitted." |
| 2552 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Motorola Solutions Astro Subscriber uMACE - Level 3 (Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2016 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822) -Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2551 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/04/2016 01/04/2017 | 1/3/2022 | Overall Level: 2 Multi-Chip Embedded |
| 2550 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Linux Cryptographic Module (Software Version: 1.0.1) (When installed, initialized and configured as indicated in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/29/2016 | 1/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): McAfee Linux 2.2.3 running on an Intel SR1530SH McAfee Linux 2.2.3 running on an Intel SR2625URLX McAfee Linux 2.2.3 on VMware ESXi 5.0 running on an Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Certs. #3116 and #3117); CVL (Certs. #378 and #379); DRBG (Certs. #627 and #628); DSA (Certs. #900 and #901); HMAC (Certs. #1953 and #1954); RSA (Certs. #1587 and #1588); SHS (Certs. #2572 and #2573); Triple-DES (Certs. #1787 and #1788) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Linux Cryptographic Module provides cryptographic services for McAfee Linux and security appliance products built upon this platform. McAfee Linux is an operating system built with a focus on the needs of security appliances." |
| 2549 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - Kernel Crypto API Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module v2.0 validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode and with module SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module version 1.0 validated to FIPS 140-2 under Cert. #2484 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/29/2016 | 1/28/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 with PAA SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3286, #3287, #3288, #3297 and #3298); DRBG (Certs. #744, #745, #746 and #747); HMAC (Certs. #2083, #2084, #2085 and #2086); RSA (Cert. #1687); SHS (Certs. #2724, #2725, #2726 and #2727); Triple-DES (Cert. #1873) -Other algorithms: Anubis; ARC4; Blowfish; Camellia; CAST5; CAST6; DES; Fcrypt; Khazad; Salsa20; SEED; Serpent; TEA; XTEA; XETA; Twofish; Two key Triple-DES (non-compliant); LRW mode; Fcrypt-PCBC; MD4; MD5; Michael Mic; RIPEMD; Tiger; Whirlpool Multi-Chip Stand Alone "SUSE Kernel Crypto API module provides cryptographic services to the Linux operating system kernel." |
| 2548 | Redpine Signals, Inc. 2107 N. First Street #680 San Jose, CA 95131-2019 USA Mallik Reddy TEL: 408-748-3385 Ext. 202 FAX: 408-705-2019 CST Lab: NVLAP 200802-0 | RS9113 (Hardware Version: 6.0; Firmware Version: RS9113.N00.WC.FIPS.OSI.1.2.6 with Bootloader version 1.7) (When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/28/2016 | 1/27/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3299 and #3300); KTS (AES Cert. #3299; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2628); HMAC (Cert. #2003); RSA (Cert. #1689); DRBG (Cert. #907); KBKDF (Cert. #50); CVL (Cert. #474) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES; HMAC-MD4 Multi-Chip Embedded "The RS9113 modules' family is based on Redpine Signals' RS9113 ultra-low-power Convergence SoC. These modules offer dual-band 1x1 802.11n, dual-mode Bluetooth 4.0 and Zigbee 802.15.4 in a single device. They are high performance, long range and ultra-low power modules. The modules provide guaranteed availability of connectivity at all locations within the defined zones, availability at all times, devices' mobility, security of data collection and transmission to backend database, low power for battery operated devices and bandwidth needs." |
| 2547 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Motorola Solutions Astro Subscriber uMACE - Level 2 (Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/28/2016 01/30/2017 | 1/29/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Operational Environment: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822) -Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2546 | Senetas Corporation Ltd. and SafeNet Inc. 312 Kings Way South Melbourne, Victoria 3205 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Laurie Mack TEL: 613-221-5065 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN1000/CN3000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/26/2016 | 1/25/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3336, #3344 and #3345); CVL (Cert. #490); DRBG (Cert. #778); ECDSA (Cert. #660); HMAC (Cert. #2127); KAS (Cert. #57); RSA (Cert. #1726); SHS (Cert. #2771); Triple-DES (Cert. #1906) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet networks. The CN1000 Series supports line rates of 10/100/1000 Mbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 2545 | HID Global and Oberthur Technologies 611 Center Ridge Drive Austin, TX 78753 USA Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 Christophe Goyet TEL: 703-322-8951 CST Lab: NVLAP 100432-0 | HID Global ActivID Applet Suite v2.7.4 on Oberthur Technologies Cosmo V8 (Hardware Version: Oberthur Technologies 0F; Firmware Versions: Oberthur Technologies '5601' and HID Global ActivID Applet Suite 2.7.4) (When operated with module ID-One PIV-C on Cosmo V8 validated to FIPS 140-2 under Cert. #2303 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/26/2016 08/11/2017 08/17/2017 | 1/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Certs. #336 and #1302); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #91); KBKDF (Cert. #33); KTS (AES Certs. #2910 and #2911); RSA (Cert. #1532); SHS (Cert. #2449); Triple-DES (Cert. #1727) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength) Single Chip "HID Global ActivID Applet v2.7.4 is a Java Card applet suite that uses the Oberthur Technologies Cosmo v8 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4)." |
| 2544 | HID Global and Giesecke+Devrient Mobile Security America Inc. 611 Center Ridge Drive Austin, TX 78753 USA Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 Jatin Deshpande TEL: 669-999-6323 CST Lab: NVLAP 100432-0 | HID Global ActivID Applet Suite v2.7.5 on Giesecke & Devrient Sm@rtCafé Expert 7.0 (Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0 and HID Global ActivID Applet Suite 2.7.5) (When operated with module Sm@rtCafé Expert 7.0 validated to FIPS 140-2 under Cert. #2327 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/26/2016 07/03/2017 07/14/2017 | 1/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Operational Environment: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2720 and #2721); CVL (Certs. #177, #1192 and #1193); DRBG (Cert. #455); ECDSA (Cert. #476); KAS (Cert. #91); KBKDF (Cert. #18); KTS (AES Certs. #2720 and #2721); RSA (Cert. #1507); SHS (Certs. #2289 and #2290); Triple-DES (Cert. #1637) -Other algorithms: NDRNG Single Chip "HID Global ActivID Applet v2.7.5 is a Java Card applet suite that uses the Sm@rtCafé Expert 7.0 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4)." |
| 2543 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiClient 5.0 VPN Client (Software Versions: FortiClient 5.0, build0367, 151201) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms." |
| 2542 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiClient 5.0 VPN Client (Software Versions: FortiClient 5.0, build0367, 151201) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms." |
| 2541 | Relocation Management Worldwide 6077 Primacy Parkway Suite 223 Memphis, TN 38119 USA Rob Gerwing TEL: 303-716-5939 FAX: (303) 974-1108 CST Lab: NVLAP 200416-0 | VERN (TM) RMW Crypto Library (Software Version: 1.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/26/2016 | 1/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Server 2012 running on a Dell Power Edge 2950 Server (single-user mode) -FIPS Approved algorithms: AES (Cert. #3275); HMAC (Cert. #2240); SHS (Cert. #2713) -Other algorithms: N/A Multi-Chip Stand Alone "The VERN RMW Crypto Library version 1.2 is a software cryptographic library that provides cryptographic services to the overall VERN Web application. The software contains implementations of approved cryptographic algorithms." |
| 2540 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiMail-1000D and FortiMail-3000D (Hardware Versions: Fortimail-1000D: C1AA85 with Disk Trays P/N: SP-D2000 and Power Supplies P/N: SP-FXX1000D-PS, FortiMail-3000D: C1AA63 with Disk Trays P/N: SP-D2TC and Power Supplies P/N: D750E-S1, Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiMailOS 5.2, build0460,150922) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2016 | 1/24/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities." |
| 2539 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200996-0 | FortiMail 5.2 (Firmware Versions: FortiMailOS 5.2, build0460,150922) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 01/25/2016 | 1/24/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiMail-3000D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities." |
| 2538 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) 7840 Extension Switch (Hardware Version: {7840 Extension Switch (P/N 80-1008000-01)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01)) (When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/19/2016 07/19/2016 | 7/18/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1723); AES (Certs. #2892, #3130 and #3132); SHS (Certs. #2435 and #2571); HMAC (Certs. #1828 and #1952); DRBG (Certs. #635 and #672); RSA (Cert. #1522); ECDSA (Cert. #522); CVL (Certs. #318, #319, and #396); -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNMPv3 KDF (non-compliant); HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; DES; DES3; DESX; RC2; RC4; NDRNG; MD2; MD4; MD5; ARCFOUR; BF; CAST; RIPEMD160; UMAC-64; EC Diffie-Hellman (CVL Certs. #311, #318 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (non-compliant); IKEv2 KDF (non-compliant); SHA-1 (non-compliant); SHA-256 (non-compliant); HMAC-SHA-512 (non-compliant) Multi-Chip Stand Alone "The Brocade 7840 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2537 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 | 1/14/2021 | Overall Level: 2 Multi-Chip Stand Alone |
| 2536 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 04/11/2017 05/22/2017 | 1/14/2021 | Overall Level: 2 Multi-Chip Stand Alone |
| 2535 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2016 | 1/14/2021 | Overall Level: 1 Multi-Chip Stand Alone |
| 2534 | Kodiak Networks, Inc. 1501 10th Street Suite 130 Plano, TX 75074 USA Terry Boland TEL: 972-665-3381 FAX: 972-665-0198 Sanjay Kulkarni TEL: 972-665-3222 FAX: 972-665-0198 CST Lab: NVLAP 100432-0 | Push To Talk Client Crypto Module (Software Version: 3.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/14/2016 | 1/13/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): iOS 8.1 running on iPhone™ 6 and Android 4.4 running on Samsung Galaxy S5 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3330 and #3417); DRBG (Certs. #775 and #821); HMAC (Certs. #2121 and #2175); RSA (Certs. #1710 and #1749); SHS (Certs. #2763 and #2823); Triple-DES (Certs. #1901 and #1928) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Embedded "Kodiak Push-to-Talk is a carrier-integrated Broadband Push-to-Talk service platform. It sets a new standard for instant communications by providing PTT service over 4G LTE, 4G HSPA+, Wi-Fi, and 3G." |
| 2533 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) MLXe(R) NetIron(R) Ethernet Routers (Hardware Versions: {[BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-4-MR2-X-DC (80-1006875-03), BR-MLXE-8-MR2-X-AC (80-1007227-03), BR-MLXE-8-MR2-X-DC (80-1007228-03), BR-MLXE-16-MR2-X-AC (80-1006829-04), BR-MLXE-16-MR2-X-DC (80-1006834-04)] with Component P/Ns 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, 80-1005644-03, 80-1007878-02, 80-1007911-02, 80-1007879-02} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a) (When operated in FIPS mode with the tamper evident labels installed as specified in Annex A and configured as specified in Tables 8, 12 and 16 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/12/2016 05/23/2017 | 1/11/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1648, #2154, #2717, #2946, #3030 and #3144); KTS (AES Cert. #2946, key wrapping; key establishment methodology provides 112 bits of encryption strength); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #934 and #2282); RSA (Cert. #1413); HMAC (Certs. #1696 and #2883); DRBG (Certs. #454 and #684); CVL (Certs. #175, #393, #404, #437 and #1050); KBKDF (Cert. #35); ECDSA (Certs. #546 and #593) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-SHA1-96; HMAC-MD5; MD5; DES; Triple-DES (non-compliant); EC Diffie-Hellman (CVL Certs. #437 and #1050, key agreement; key establishment methodology provides between 128 or 192 bits of encryption strength) Multi-Chip Stand Alone "Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density; rich IPv4, IPv6, Multi-VRF, MPLS, and Carrier Ethernet capabilities without compromising performance; and advanced Layer 2 switching. This release introduces a new interface card BR-MLX-10GX4-IPSEC-M, which has built-in capability to negotiate IKEv2 sessions and establish IPSec tunnels to allow Virtual Private Networks to be created within the network. In addition, BR-MLX-10GX4-IPSEC-M has PHY level support for MACSec protocol." |
| 2532 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/13/2016 | 1/12/2021 | Overall Level: 2 Multi-Chip Embedded |
| 2531 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway WG5000 and WG5500 Appliances (Hardware Versions: 5000 with EWG-5000-FIPS-KIT and 5500 with EWG-5500-FIPS-KIT; Firmware Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic." |
| 2530 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) FCX 624/648, ICX (TM) 6610, ICX 6450, ICX 7750, ICX 7450 and SX 800/1600 Series (Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX 6610-24F-I (80-1005350-04), ICX 6610-24F-E (80-1005345-04), ICX 6610-24-I (80-1005348-05), ICX 6610-24-E (80-1005343-05), ICX 6610-24P-I (80-1005349-06), ICX 6610-24P-E (80-1005344-06), ICX 6610-48-I (80-1005351-05), ICX 6610-48-E (80-1005346-05), ICX 6610-48P-I (80-1005352-06), ICX 6610-48P-E (80-1005347-06)], [ICX 6450-24P (80-1005996-04), ICX 6450-24 (80-1005997-03), ICX 6450-48P (80-1005998-04), ICX 6450-48 (80-1005999-04), ICX 6450-C12-PD (80-1007578-01)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007872-01; 80-1007873-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [ICX-7450-24 (80-1008060-01), ICX-7450-24P (80-1008061-01), ICX-7450-48 (80-1008062-01), ICX-7450-48P (80-1008063-01), ICX-7450-48F (80-1008064-01), with Components (123400000829A-R01; 123400000830A-R01; 123400000833A-R01; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008308-01; 80-1008309-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), FI-SX1600-DC (80-1003005-02; 80-1007138-02), with Components (80-1002957-03; 80-1006486-02; 80-1007350-02; 80-1006607-01; 80-1007349-01; 80-1003883-02; 80-1003886-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.20a) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 7, 12 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Certs. #1613, #1614, #1615, #1617 and #1764); AES (Certs. #1197, #1276, #2687, #2688, #2690, #2697, #2981, #2984, #3008, #3133, #3139, #3140, #3141 and #3142); KTS (AES Cert. #2984, key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); KBKDF (Cert. #36) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; Base64; Triple-DES (non-compliant); AES (non-compliant); SHA-1 (non-compliant); DSA (non-compliant) Multi-Chip Stand Alone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX 7450 Switch delivers the performance, flexibility, and scalability required for enterprise Gigabit Ethernet (" |
| 2529 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer-200D (Hardware Version: C4FA20-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/11/2016 | 1/10/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
| 2528 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer-3000D (Hardware Version: C1AA61-03AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923(GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/10/2016 | 1/9/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
| 2527 | Francotyp-Postalia GmbH Prenzlauer Promenade 28 Berlin 13089 Germany Dirk Rosenau TEL: +49-30220-660-616 FAX: +49-30220-660-494 Hasbi Kabacaoglu TEL: +49-30220-660-616 FAX: +49-30220-660-494 CST Lab: NVLAP 200983-0 | Postal mRevenector US 2014 (Hardware Version: Hardware P/N: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; US Application: 90.0036.0216.00/2014472001) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); ECDSA (Cert. #559); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG Multi-Chip Embedded "Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector US 2014 is FP’s latest generation of PSD.The cryptographic module neither relie" |
| 2526 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiAnalyzer 5.2 (Firmware Version: v5.2.4-build0738 150923(GA)) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiAnalyzer-200D with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data." |
| 2525 | CounterTack, Inc. 100 Fifth Ave., First Floor Waltham, MA 02451-1208 USA Aaron Ruby TEL: 855-893-5428 FAX: 703-224-3049 Stan Eramia TEL: 855-893-5428 FAX: 703-224-3049 CST Lab: NVLAP 100432-0 | CounterTack Sentinel Endpoint Module (Software Version: 3.6.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows 7 (64-bit) running on a Sony Vaio Pro (single-user mode) -FIPS Approved algorithms: AES (Cert. #3508); DRBG (Cert. #875); HMAC (Cert. #2241); RSA (Cert. #1803); SHS (Cert. #2893); Triple-DES (Cert. #1972) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-Chip Stand Alone "The Sentinel Endpoint Module installs on target servers and workstations to provide cryptographic functionality for real-time threat detection and response capabilities. Deployed as part of CounterTack's Sentinel platform, the sensor communicates behavioral data to a central cluster, which provides real-time analysis, correlation with external threat intelligence and rapid-response containment that scales even the largest enterprises." |
| 2524 | HyTrust, Inc. 1975 W El Camino Real, Suite 203 Mountain View, CA 94040 USA Bill Hackenberger TEL: 650-681-8120 FAX: 650-681-8101 CST Lab: NVLAP 200802-0 | HyTrust KeyControl (TM) Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FreeBSD 9.2 on VMware vSphere Hypervisor (ESXi) 5.5.0u2 on Dell Inc. PowerEdge R220, Intel Xeon CPU E3-1241v3 @ 3.50GHz (single user mode) -FIPS Approved algorithms: AES (Certs. #3397, #3431 and #3432); DRBG (Cert. #813); HMAC (Cert. #2168); SHS (Cert. #2813) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "HyTrust KeyControl is a key management system that is available in three different formats (ISO, OVA and AMI) and can be run on physical x86 based hardware as a virtual machine and on one of a number of different hypervisor platforms or as a combination of both when running in clustered mode." |
| 2523 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances (Hardware Versions: WBG-5000-C and WBG-5500-C; Firmware Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver comprehensive security for all aspects of Web 2.0 traffic." |
| 2522 | Intel Corporation 2200 Mission College Blvd. Santa Clara, CA 95054-1549 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway Virtual Appliance (Software Version: 7.3.2.3.4) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/05/2016 | 1/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): MLOS v2.2.3 on VMware vSphere Hypervisor 5.0 running on an Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Cert. #3117); CVL (Cert. #379); DRBG (Cert. #628); DSA (Cert. #901); HMAC (Cert. #1954); RSA (Cert. #1588); SHS (Cert. #2573); Triple-DES (Cert. #1788) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. The McAfee Web Gateway Virtual Appliance delivers scalable deployment flexibility and performance. The McAfee Web Gateway Virtual Appliance delivers comprehensive security for all aspects of Web 2.0 traffic." |
| 2521 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type A (Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SRQ384B[2]; Firmware Versions: ZZ00[1], NA00[1][2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 02/12/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2520 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type B (Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SVQ048B[2], A0 with PX04SVQ096B[2], A0 with PX04SVQ192B[2], A2 with PX04SVQ040B[3], A2 with PX04SVQ080B[3], A2 with PX04SVQ160B[3], A2 with PX04SRQ192B[3]; Firmware Versions: ZW00[1], 0501[1][2], MS00[1], MD04[3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 02/25/2016 05/03/2016 | 5/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2519 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Bob Pittman TEL: 978-264-5211 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP FlexFabric 5900CP and 12910 Switch Series (Hardware Versions: HP 12910 and [HP 5900CP with JG719A] with FIPS Kit: JG585A or JG586A; Firmware Version: 7.1.045) (When operated in FIPS mode with opacity shield and tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2016 01/08/2016 | 1/7/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2945, #2985, #2988 and #2989); CVL (Certs. #343 and #364); DRBG (Certs. #548 and #571); DSA (Certs. #877 and #888); HMAC (Certs. #1868, #1891, #1894 and #1895); RSA (Certs. #1548 and #1566); SHS (Certs. #2481, #2506, #2509 and #2510) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The HP FlexFabric 5900CP Switch Series provides a converged, top-of-rack, data center switch architecture that offers wire once for FCoE converged environments. With 48 converged ports that support 1/10GbE and 4/8 FC, the FlexFabric 5900CP delivers versatile convergence for connecting FC, iSCSI and FC SANs. The HP FlexFabric 12910 Switch is a next-generation modular data center core switch designed to support virtualized data centers and the evolving needs of private and public cloud deployments. The FlexFabric 12910 switch delivers unprecedented levels of performance, buffering, scale, and av" |
| 2518 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager-4000D (Hardware Version: C1AA62-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances." |
| 2517 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager-1000D (Hardware Version: C1AA82-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/05/2016 | 1/4/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "FortiManager Network Security Management Appliances were designed to providesecurity management for large enterprise organizations and service providers. Theyenable you to centrally manage any number of Fortinet devices, including FortiManager,FortiWiFi, and FortiCarrier™. FortiManager provides the high performance and scalabilityyou need to efficiently apply policies and distribute content security/firmware updates,regardless of the size of your network." |
| 2515 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiManager 5.2 (Firmware Version: v5.2.4-build0738 150923 (GA)) (When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 12/29/2015 | 12/28/2020 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): FortiManager-4000D with the Fortinet entropy token (part number FTR-ENT-1 ) -FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-Chip Stand Alone "The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances." |
| 2514 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-204 and AP-205 Wireless Access Points (Hardware Versions: AP-204-F1 and AP-205-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2015 01/15/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3176 and #3177); CVL (Cert. #423); DRBG (Cert. #660); ECDSA (Certs. #580 and #581); HMAC (Certs. #2004 and #2005); RSA (Certs. #1613, #1614 and #1615); SHS (Certs. #2629, #2630 and #2631); Triple-DES (Certs. #1812 and #1813) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, the AP 204 & 205 support encrypted management and WPA2 tunneled pass through to Aruba Mobility Controllers. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2511 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco Integrated Services Router (ISR) 4351 and 4331 (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Cisco Integrated Services Router (ISR) 4321 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Versions: ISR 4351 [1], ISR 4331 [2] and ISR 4321 [3] with SM-ES3X-16-P [1,2], SM-ES3X-24-P [1,2], SM-D-ES3X-48-P [1,2], PVDM4-32 [1,2,3], PVDM4-64 [1,2,3], PVDM4-128 [1,2,3] and PVDM4-256 [1,2,3]; Firmware Version: IOS-XE 3.13.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2015 | 12/23/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Certs. #1671 and #1688) -Other algorithms: AES (non-compliant); DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KBKDF (non-compliant); Multi-Chip Stand Alone "The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2510 | Athena SCS, Inc. 16615 Lark Ave. Suite 202 San Jose, CA 95032 USA Stephanie Motre TEL: 408-884-8316 FAX: 408-884-8320 CST Lab: NVLAP 100432-0 | iEngine SSID Applet on Athena SCS IDProtect Duo for SLE78 (Hardware Version: Infineon SLE78CLFX4000P P-MCC8-2-6 package; Firmware Version: Athena IDProtect 0302.0306.0004 with iEngine SSID Applet V1.0.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/23/2015 | 12/22/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3435); DRBG (Cert. #836); ECDSA (Cert. #690); KBKDF (Cert. #59); SHS (Cert. #2835) -Other algorithms: NDRNG Single Chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smartcard operating system with 404KB of Flash. IDProtect is compliant with the latest Java Card 3.0.4 and Global Platform 2.2.1 specifications. IDProtect supports FIPS approved DRBG, SHA-2, AES, ECDSA and ECC key generation. The SSID Java Card applet of iEngine is an applet supporting the latest version of the SSID standard for high-performance government application." |
| 2509 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Nagesh Kuriyavar TEL: 402-885-2812 FAX: 402-758-7332 Paul Rozeboom TEL: 402-885-2698 FAX: 402-758-7332 CST Lab: NVLAP 200658-0 | HP OpenCall HLR Cryptographic Module (Software Version: I-HSS 01.08.01) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/22/2015 | 12/21/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): HP NonStop v J06.18 running on Integrity NonStop BladeSystem NB54000c (single-user mode) -FIPS Approved algorithms: AES (Cert. #3503); DRBG (Cert. #872); HMAC (Cert. #2237); SHS (Cert. #2890) -Other algorithms: N/A Multi-Chip Stand Alone "The HP OpenCall HLR Cryptographic Module provides cryptographic services that allows the HP OpenCall HLR to protect sensitive application and subscriber data at rest and during transit" |
| 2508 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku Tokyo, Tokyo 105-8001 Japan Tohru Iwamoto TEL: +81-45-776-4488 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (AL14SEQ model) (Hardware Versions: A0 with AL14SEQ18EPB, AL14SEQ12EPB, AL14SEQ09EPB, AL14SEQ18EQB, AL14SEQ12EQB, AL14SEQ09EQB; Firmware Version: 0101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/22/2015 | 12/21/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3537 and #3538); DRBG (Cert. #895); RSA (Cert. #1818); SHS (Cert. #2916) -Other algorithms: NDRNG Multi-Chip Embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2507 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Flash Memory Protector V1.0 (Hardware Version: 3.0; Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android Lollipop 5.1.1 running on Samsung Galaxy S6 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3332); HMAC (Cert. #2123); SHS (Cert. #2765) -Other algorithms: N/A Multi-Chip Stand Alone "The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services." |
| 2506 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Drive West Houston, TX 77070 USA Catherine Schwartz CST Lab: NVLAP 200556-0 | HP P-Class Smart Array Gen9 RAID Controllers (Hardware Versions: P244br, P246br, P440, P441, and P741m; Firmware Version: 2.52) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2902 and #2903); DRBG (Certs. #529 and #530); HMAC (Certs. #1837 and #1838); PBKDF (vendor affirmed); SHS (Certs. #2442 and #2443) -Other algorithms: AES (Certs. #2902 and #2903, key wrapping); NDRNG Multi-Chip Embedded "The HP P-Class Smart Array RAID Controllers make up a family of serial-attached SCSI host bus adapters that provide intelligent control for storage array. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest, for the controlled storage arrays." |
| 2505 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco FIPS Object Module (Software Version: 6.0) (When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/21/2015 | 12/20/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 without Octeon Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 with Octeon Linux 2.6 running on an Intel Xeon on a Cisco UCS C22 M3 Android v4.4 running on a Qualcomm Snapdragon Pro APQ8064 ARMv7 on a Google Nexus 4 Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 without PAA Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 with PAA FreeBSD 9.2 running on an Intel Xeon on a Cisco UCS C200 M2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3404 and #3405); CVL (Certs. #504, #505, #506 and #507); DRBG (Certs. #817 and #818); DSA (Certs. #961 and #962); ECDSA (Certs. #678 and #679); HMAC (Certs. #2172 and #2173); KBKDF (Certs. #52 and #53); RSA (Certs. #1743 and #1744); SHS (Certs. #2817 and #2818); Triple-DES (Certs. #1926 and #1927) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2504 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder FIPS Java Module (Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/18/2015 01/22/2016 | 1/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2] Solaris 10 64-bit [1, 2] Red Hat Linux AS 5.5 32-bit [1, 2] Red Hat Linux AS 5.5 64-bit [1, 2] Windows Vista 32-bit [1, 2] Windows Vista 64-bit [1, 2] Windows 2008 Server 64-bit [1, 2] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3] -FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62) -Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
| 2503 | Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA Michael Vickers FAX: 434-455-6851 CST Lab: NVLAP 200996-0 | Harris AES Load Module (Firmware Version: R06A02) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2015 | 12/17/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Blackfin BF707 DSP with Harris BIOS kernel v1 -FIPS Approved algorithms: AES (Cert. #3338); KTS (AES Cert. #3338) Multi-Chip Stand Alone "The Harris AES Load Module is a firmware module which support to secure voice and data communications by providing Advanced Encryption Standard (AES) algorithm encryption/decryption as specified in FIPS 197. It interacts with a Digital Signal Processor (DSP) application executing on the Harris XL family of radios and other terminal products in order to provide its services to those terminals." |
| 2502 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/18/2015 01/22/2016 | 1/21/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2] Solaris 10 64-bit [1, 2] Red Hat Linux AS 5.5 32-bit [1, 2] Red Hat Linux AS 5.5 64-bit [1, 2] Windows Vista 32-bit [1, 2] Windows Vista 64-bit [1, 2] Windows 2008 Server 64-bit [1, 2] CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3] -FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62) -Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; Multi-Chip Stand Alone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerryproducts such as the BlackBerry PlayBook Administration Service, and other BlackBerry products." |
| 2501 | Hewlett Packard Enterprise Development LP 11445 Compaq Center Drive West Houston, TX 77070 USA Julie Ritter TEL: 1-281-514-4087 Fred Bertram TEL: 1-832-502-5916 CST Lab: NVLAP 200928-0 | HP BladeSystem c-Class Virtual Connect Module (Firmware Version: 4.41) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2015 | 12/17/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): HP Virtual Connect Flex-10/10D Blade HP Virtual Connect Flex-10 10Gb Ethernet Blade HP Virtual Connect FlexFabric 10Gb/24-Port Blade HP Virtual Connect FlexFabric 20/40 F8 Blade -FIPS Approved algorithms: AES (Cert. #3334); CVL (Cert. #488); DRBG (Cert. #776); HMAC (Cert. #2125); PBKDF (vendor affirmed); RSA (Cert. #1713); SHS (Cert. #2769); Triple-DES (Cert. #1904) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; OpenSSL md_rand Multi-Chip Embedded "Virtual Connect implements server edge virtualization between the server and data center infrastructure allowing networks to communicate with individual servers or pools of HP BladeSystem server blades. Virtual Connect simplifies the setup and administration of server LAN and SAN connections." |
| 2500 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/18/2015 | 12/17/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone ""Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2499 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/18/2015 | 12/17/2020 | Overall Level: 2 Multi-Chip Stand Alone |
| 2498 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-214, AP-215, AP-274, AP-275, AP-277 and AP-228 Wireless Access Points (Hardware Versions: AP-214-F1, AP-215-F1, AP-274-F1, AP-275-F1, AP-277-F1 and AP-228-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/17/2015 01/15/2016 07/06/2016 10/03/2016 | 10/2/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1648, #1649, #2884 and #2900); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #538, #967, #1818 and #1835); KBKDF (Cert. #32); RSA (Certs. #1517, #1518 and #1528); SHS (Certs. #934, #1446, #2424, #2425 and #2440); Triple-DES (Certs. #758, #1075, #1720 and #1726) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-Chip Stand Alone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2497 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 2504, 7500, 8510 Wireless LAN Controllers and Cisco Catalyst 6807-XL Switch with Wireless Services Module-2 (WiSM2) (Hardware Versions: (2504, 7500, 8510 with CN56XX) and (6807-XL with WiSM2, CN56XX and one Supervisor Blade: [VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL]); Firmware Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Cisco Flex 7500 and the 8500 Series Controllers are highly scalable branch controllers for enterprise, service provider and multisite wireless deployments. The Cisco 2500 Series Wireless Controller are used in small to medium-sized enterprises and branch offices.The Cisco Wireless Service Module-2 (WiSM2) Controller for Cisco Catalyst 6800 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2496 | Dell, Inc. 5450 Great America Parkway Santa Clara, CA 95054 USA Srihari Mandava TEL: 408-571-3522 Jeff Yin TEL: 408-571-3689 CST Lab: NVLAP 200002-0 | Dell OpenSSL Cryptographic Library (Software Versions: 2.3 [1] and 2.4 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/16/2015 08/22/2016 01/30/2017 08/31/2017 | 1/29/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): [1] Dell EMC Networking OS 9.8(0.0) running on a Dell EMC Networking S3048-ON, Dell EMC Networking S4048-ON, Dell Networking S4810, Dell Networking S4820T, Dell EMC Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell EMC Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator [2] Dell EMC Networking OS 9.10(0.1) and Dell EMC Networking OS 9.11(0.0) running on a Dell EMC Networking S3048-ON, Dell EMC Networking S4048-ON, Dell Networking S4810, Dell Networking S4820T, Dell EMC Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell EMC Networking MXL, Dell PowerEdge M I/O Aggregator, Dell PowerEdge FN I/O Aggregator, Dell EMC Networking S3124, Dell EMC Networking S3124F, Dell EMC Networking S3124P, Dell EMC Networking S3148, Dell EMC Networking S3148P, Dell EMC Networking S6100-ON, Dell EMC Networking Z9100-ON, Dell EMC Networking C9010, Dell EMC Networking S4048T-ON, and Dell EMC Networking S6010-ON [2] Dell EMC Networking OS 10.3.1 running on a Dell EMC Networking S3048-ON, Dell EMC Networking S4048-ON, Dell EMC Networking S4048T-ON, Dell EMC Networking S6010-ON, Dell EMC Networking S4128F-ON, Dell EMC Networking S4128T-ON, Dell EMC Networking S4148F-ON, Dell EMC Networking S4148T-ON, Dell EMC Networking S4148FE-ON, and Dell EMC Networking S4148U-ON (single-user mode) -FIPS Approved algorithms: AES (Certs. #3440, #4043, #4320 and #4718); DRBG (Certs. #839, #1210, #1376 and #1607); DSA (Certs. #968, #1094, #1150 and #1256); HMAC (Certs. #2189, #2638, #2853 and #3135); RSA (Certs. #1761, #2075, #2334 and #2571); SHS (Certs. #2840, #3332, #3556 and #3863); Triple-DES (Certs. #1938, #2210, #2334 and #2500) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); Multi-Chip Stand Alone "Dell OpenSSL Cryptographic Library v2.3 and v2.4 is used within various Dell EMC Networking products, including the S and Z-Series. Dell EMC Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell EMC Networking OS." |
| 2495 | Cavium Inc. 2315 N 1st Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 FAX: n/a Tejinder Singh TEL: 408-943-7403 FAX: n/a CST Lab: NVLAP 100432-0 | NITROXIII CNN35XX-NFBE HSM Family (Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Versions: CNN35XX-NFBE-FW-1.0 build 35, CNN35XX-NFBE-FW-1.0 build 38, CNN35XX-NFBE-FW-1.0 build 39, CNN35XX-NFBE-FW-1.0 build 44 or CNN35XX-NFBE-FW-1.0 build 48) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 02/23/2016 06/03/2016 08/19/2016 | 8/18/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE Multi-Chip Embedded "CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers." |
| 2494 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye NX Series: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450 (Hardware Versions: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats." |
| 2493 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye FX Series: FX-5400, FX-8400 (Hardware Versions: FX-5400, FX-8400; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5 Multi-Chip Stand Alone "The FireEye FX series is a group of threat prevention platforms that protect content against attacks originating in a wide range of file types. Web mail, online file transfer tools, the cloud, and portable file storage devices can introduce malware that can spread to file shares and content repositories. The FireEye FX platform analyzes network file shares and enterprise content management stores to detect and quarantine malware brought in by employees and others that bypass next-generation firewalls, IPS, AV, and gateways." |
| 2492 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye EX Series: EX-3400, EX-5400, EX-8400, EX-8420 (Hardware Versions: EX-3400, EX-5400, EX-8400, EX-8420; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5 Multi-Chip Stand Alone "The FireEye EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks." |
| 2491 | FireEye, Inc. 1440 McCarthy Ave. Milipitas, CA 95035 USA CST Lab: NVLAP 201029-0 | FireEye CM Series: CM-4400, CM-7400, CM-9400 (Hardware Versions: CM-4400, CM-7400, CM-9400; Firmware Version: 7.6) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/16/2015 | 12/15/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG Multi-Chip Stand Alone "The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-generated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms." |
| 2490 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2) (Hardware Versions: (6506, 6506-E, 6509 and 6509-E) with WiSM2, CN56XX, WS-X6K-SLOT-CVR-E, WS-SVCWISM2FIPKIT= , [CVPN6500FIPS/KIT=, version D0] and one Supervisor Blade: (VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL); Firmware Version: 8.0) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-Chip Stand Alone "The Cisco Wireless Service Module 2 (WiSM2) Controller for Cisco Catalyst 6500 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2489 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded ""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."" |
| 2488 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded ""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."" |
| 2487 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2486 | SafeNet Assured Technologies, LLC Suite D, 3465 Box Hill Corporate Center Drive Abingdon, Maryland 21009 USA Shawn Campbell TEL: 443-484-7075 Bill Becker TEL: 443-484-7075 CST Lab: NVLAP 200556-0 | Luna® Backup HSM Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2015 | 12/14/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Stand Alone "The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster." |
| 2485 | Chunghwa Telecom Co., Ltd. No.99, Dianyan Road Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiKey PKI Token (Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.0) (With tamper evident seals and security devices installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/14/2015 01/22/2016 | 1/21/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #608); RSA (Cert. #1585); SHS (Cert. #2557); Triple-DES (Cert. #1783) -Other algorithms: NDRNG; Triple-DES (Cert. #1783, key wrapping methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-Chip Stand Alone "The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards." |
| 2484 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/14/2015 | 12/13/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #486) -Other algorithms: N/A Multi-Chip Stand Alone "SUSE StrongSwan is a complete Ipsec implementation for Linux kernel." |
| 2483 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 201029-0 | CryptoComplyTM | Java (Software Version: 2.2-fips) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/11/2015 01/25/2016 | 1/24/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-Chip Stand Alone "CryptoComplyTM | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2482 | Draeger Medical Systems Inc. 6 Tech Drive Andover, MA 01923 USA Michael Robinson TEL: +1 978 379 8000 FAX: +1 978 379 8538 CST Lab: NVLAP 200802-0 | DRAEGER WCM9113 802.11ABGN VG2 (Hardware Version: MS32018 Rev. 02; Firmware Version: VG2 with Bootloader version 1.7) (When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/07/2015 | 12/6/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2058 and #3223); KTS (AES Cert. #3223; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2661); HMAC (Cert. #2026); RSA (Cert. #1639); DRBG (Cert. #908); KBKDF (Cert. #45); CVL (Cert. #440) -Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; DES; HMAC-MD4; HMAC-MD5 Multi-Chip Embedded "The DRAEGER WCM9113 802.11ABGN VG2 is a dual band 802.11n Wireless Communications Module used in a variety of Draeger products for wireless communications." |
| 2481 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5) (This validation entry is a non-security relevant modification to Cert. #1694) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/02/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2480 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5) (This validation entry is a non-security relevant modification to Cert. #1693.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/02/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-Chip Embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2479 | Dell EMC 176 South Street Hopkinton, MA 01748 USA Kerry Bellefontaine CST Lab: NVLAP 200556-0 | VMAX 6 Gb/s SAS I/O Module with Encryption from EMC (Hardware Version: 303-161-101B-05; Firmware Versions: 2.13.39.00, 2.13.43.00) (When installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/01/2015 12/02/2016 | 12/1/2021 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3255); KTS (AES Cert. #3255); HMAC (Cert. #2053); SHS (Cert. #2692) -Other algorithms: N/A Multi-Chip Embedded "Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including the Symmetrix VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 6Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system." |
| 2478 | KONA I Co., Ltd. KONA I, 6F, 30, Eunhaeng-Ro Yeongdeungpo-Gu Seoul 150-872 South Korea (ROK) Irene Namkung TEL: +82 (0)2 2168 7586 FAX: +82 (0)2 3440 4405 CST Lab: NVLAP 100432-0 | KONA N41M0 (Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and PKI Applet v1.3.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/25/2015 | 11/24/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718) -Other algorithms: NDRNG; AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single Chip "The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2." |
| 2476 | KONA I Co., Ltd. KONA I, 6F, 30, Eunhaeng-Ro Yeongdeungpo-Gu Seoul 150-872 South Korea (ROK) Irene Namkung TEL: +82 (0)2 2168 7586 FAX: +82 (0)2 3440 4405 CST Lab: NVLAP 100432-0 | KONA N41M0 (Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and Demonstration Applet v1.2.4) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/20/2015 | 11/19/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single Chip "The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2." |
| 2475 | Red Cocoa II L.L.C. 8200 Cody Drive Suite G-2 Lincoln, NE 68512 USA Andy Lenhart TEL: 402-467-1086 FAX: n/a Mark Nispel TEL: 402-467-1086 FAX: n/a CST Lab: NVLAP 100432-0 | C-ACE (Hardware Version: STM32F405OG; Firmware Version: Bootloader: 0.0.1; Application: 1.0.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/16/2015 | 11/15/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3137); DSA (Cert. #908); SHS (Cert. #2605) -Other algorithms: NDRNG; AES MAC (AES Cert. #3137, vendor affirmed; P25 AES OTAR); AES (Cert. #3137, key wrapping) Single Chip "The C-ACE module is a single-chip cryptographic engine designed to be implemented in a radio compliant with the APCO Project 25 Over-The-Air Rekeying (OTAR) protocol." |
| 2474 | Samsung Electronics Co., Ltd. 129 Samsung-ro Yeongtong-gu Suwon-si, Gyeonggi-do 16677 South Korea Changsup Ahn TEL: +82-2-6147-7088 FAX: N/A Jisoon Park TEL: +82-2-6147-7095 FAX: N/A CST Lab: NVLAP 200658-0 | Samsung CryptoCore Module (Software Version: 0.2.9) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/16/2015 03/22/2016 03/24/2016 | 3/23/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Ubuntu 14.04 running on Lenovo T540p with Intel i7 Tizen 2.3 running on Samsung UN55JU6700 with Samsung Hawk-MU (single-user mode) -FIPS Approved algorithms: AES (Certs. #3459 and #3460); CVL (Certs. #530 and #537); DRBG (Certs. #847 and #848); DSA (Certs. #976 and #977); ECDSA (Certs. #700 and #701); HMAC (Certs. #2205 and #2206); RSA (Certs. #1774 and #1775); SHS (Certs. #2855 and #2856); Triple-DES (Certs. #1950 and #1951) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #530 and #537, key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IBS; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNOW2; NDRNG; RNG Multi-Chip Stand Alone "A multipurpose cryptographic library which provides symmetric/asymmetric cipher, message digest, key agreement, and PRNG services." |
| 2473 | OpenSSL Validation Services 1829 Mount Ephraim Road Adamstown, MD 21710 USA Steve Marquess TEL: 301-874-2571 CST Lab: NVLAP 100432-0 | OpenSSL FIPS Object Module RE (Software Version: 2.0.9 or 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2015 01/25/2016 04/28/2016 01/10/2017 01/20/2017 01/30/2017 03/17/2017 04/25/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2) iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56) iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56) VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56) iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.4.1) FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.4.1) Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) without NEON (gcc Compiler Version 4.8.1) Yocto Linux 3.10 running on Freescale i.MX6 (ARMv7) with NEON (gcc Compiler Version 4.8.1) Linux 4.4 running on ARM926EJS (ARMv5) (gcc Compiler Version 4.8.3) Timesys 2.6 running on PowerPC 440 (PPC) (gcc Compiler Version 4.6.3) uClinux-dist-5.0 running on Marvell Feroceon 88FR131 (ARMv5TE) (gcc Compiler Version 4.8.3) uClinux-dist-5.0 running on Marvell Armada 370 (ARMv7) (gcc Compiler Version 4.8.3) uClibc 0.9 running on ARM926EJS (ARMv5TEJ) (gcc Compiler Version 4.8.1) uClibc 0.9 running on Marvell PJ4 (ARMv7) (gcc Compiler Version 4.8.1) uClibc 0.9 running on ARM922T (ARMv4T) (gcc Compiler Version 4.8.1) LMOS 7.2 running on Intel Xeon E3-1231 (x86) without AES-NI (gcc Compiler Version 4.8.4) LMOS 7.2 running on Intel Xeon E3-1231 (x86) with AES-NI (gcc Compiler Version 4.8.4) Debian 7.9 running on Marvell Mohawk (ARMv5TE) (gcc Compiler Version 4.4.5) Linux 3.16 running on Atmel ATSAMA5D35 (ARMv7) (gcc Compiler Version 4.8.3) Linux 3.16 running on Atmel ATSAM9G45 (ARMv5TEJ) (gcc Compiler Version 4.8.3) Android 4.4 32bit running on Intel Atom Z3735F (x86) (gcc Compiler Version 4.8) Linux 3.14 running on ARM Cortex A9 (ARMv7) without NEON (gcc Compiler Version 4.8.2) Linux 3.14 running on ARM Cortex A9 (ARMv7) with NEON (gcc Compiler Version 4.8.2) LMOS 7.2 under VMware ESXi 6.5 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.8.4) LMOS 7.2 under VMware ESXi 6.5 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.8.4) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3090 and #3264); CVL (Certs. #372 and #472); DRBG (Certs. #607 and #723); DSA (Certs. #896 and #933); ECDSA (Certs. #558 and #620); HMAC (Certs. #1937 and #2063); RSA (Certs. #1581 and #1664); SHS (Certs. #2553 and #2702); Triple-DES (Certs. #1780 and #1853) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-Chip Stand Alone "The OpenSSL FIPS Object Module RE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications." |
| 2472 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSH Client Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/13/2015 | 11/12/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #483) -Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519 Multi-Chip Stand Alone "SUSE client software that provides encrypted network communication using the SSH protocol." |
| 2471 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSH Server Module (Software Version: 1.0) (When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/13/2015 | 11/12/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode) -FIPS Approved algorithms: CVL (Cert. #483) -Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519 Multi-Chip Stand Alone "SUSE server software that provides encrypted network communication using the SSH protocol." |
| 2470 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion, No.9 Xueqing Road Haidian District, Beijing, Beijing 100085 China Peng Jie TEL: +86-010-62304466 FAX: +86-010-62304477 Tibi Zhang TEL: +(86)010-62304466 FAX: +(86)010-62304477 CST Lab: NVLAP 100432-0 | FT-JCOS (Feitian Java Card Platform) (Hardware Versions: P/Ns SLE78CLFX4000PM [1], SLE77CLFX2400PM [2] and SLE78CLUFX5000PHM [3]; Firmware Versions: 1.0.0 [1], 1.0.1 [2] and 1.0.2 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2015 | 11/4/2020 | Overall Level: 3 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2357, #2358, #3182, #3183, #3184 and #3185); DRBG (Certs. #300, #664 and #665); KBKDF (Certs. #9, #42 and #43); RSA (Certs. #1216, #1617 and #1623); SHS (Cert. #2030); Triple-DES (Certs. #1474, #1814 and #1815); Triple-DES MAC (Triple-DES Certs. #1474, #1814 and #1815, vendor affirmed) -Other algorithms: NDRNG; AES (Certs. #2357, #3182 and #3183, key wrapping; key establishment methodology provides 256 bits of encryption strength) Single Chip "The FT-JCOS (Feitian Java Card Platform) cryptographic module, validated to FIPS 140-2 overall Level 3, is a single chip smartcard module implementing the JavaCard and Global Platform operational environment, with Card Manager also considered as Issuer Security Domain (ISD), a demonstration Applet used to demonstrate the cryptographic functions of the module, and a supplementary security domain that is also considered as Applet Provider Security Domain (APSD).The FT-JCOS exposes PKI and MoC APIs and is designed for high performance Government, Enterprise and Financial smartcard applications." |
| 2469 | RSA, the Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200997-0 | RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module (Software Versions: 6.2 and 6.2.1.1) (When operated in FIPS Mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 04/12/2016 01/24/2017 02/09/2017 | 1/23/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15 Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012) OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3263); CVL (Certs. #471 and #1024); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (AES Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852) -Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman (CVL Cert. #1024, key agreement); EC Diffie-Hellman (CVL Cert. #1024, key agreement); ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant) Multi-Chip Stand Alone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2468 | RSA, the Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200997-0 | RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module (Software Versions: 6.2 and 6.2.1.1) (When operated in FIPS Mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 04/12/2016 01/24/2017 02/09/2017 | 1/23/2022 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15 Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012) OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode) -FIPS Approved algorithms: AES (Cert. #3263); CVL (Certs. #471 and #1024); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (AES Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852) -Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman (CVL Cert. #1024, key agreement); EC Diffie-Hellman (CVL Cert. #1024, key agreement); ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant) Multi-Chip Stand Alone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2467 | Pure Storage, Inc. 650 Castro Street, Suite 400 Mountain View, CA 94041 USA Marco Sanvido TEL: 800-379-7873 FAX: 650-625-9667 Ethan Miller TEL: 800-379-7873 FAX: 650-625-9667 CST Lab: NVLAP 100432-0 | Purity Encryption Module (Hardware Version: Intel Xeon x64 CPU E5-2670 v2; Software Version: 1.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Purity Operating Environment 4 running on a Dell PowerEdge R620 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3488); DRBG (Cert. #862); HMAC (Cert. #2227); KTS (Cert. #3488); SHS (Cert. #2881) -Other algorithms: NDRNG Multi-Chip Stand Alone "Purity Encryption Module is a standalone cryptographic module for the Purity Operating Environment (POE). POE powers Pure Storage's FlashArray family of products witch provide economical all-flash storage. Purity Encryption Module enables FlashArray to support always-on, inline encryption of data with an internal key management scheme that requires no user intervention." |
| 2466 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009-1699 USA Savitha Naik TEL: 760-476-7416 FAX: 760-929-3941 David Suksumrit TEL: 760-476-2306 FAX: 760-929-3941 CST Lab: NVLAP 100432-0 | Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1, 1091552 Version 1, and 1047117; Firmware Version: 02.07.02 or 02.07.04) (The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/30/2015 12/14/2015 11/08/2016 | 11/7/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #3448, #3449 and #3450); CVL (Certs. #454 and #455); DRBG (Cert. #844); ECDSA (Cert. #697); HMAC (Cert. #2196); KAS (Cert. #60); KTS (AES Cert. #3448; key establishment methodology provides 192 or 256 bits of encryption strength); SHS (Certs. #2689, #2690 and #2846) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant); DSA (non-compliant); RSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); PBKDF (non-compliant); HMAC MD5; MD5; DES Multi-Chip Embedded "The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions." |
| 2465 | Silent Circle 4210 Fairfax Corner West Ave. Suite 215 Fairfax, VA 22033 USA Eric Carter Allen Stone CST Lab: NVLAP 201029-0 | Mobile Application Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 02/11/2016 06/20/2016 03/13/2017 | 6/19/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-Chip Stand Alone "The Silent Circle Mobile Application Cryptographic Module provides cryptographic functions for Silent Circle mobile applications, including Silent Phone Silent Text, Silent World, Silent VPN, and Silent Manager." |
| 2464 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3433 and #3434); DRBG (Certs. #831, #832, #833 and #834); DSA (Cert. #967); ECDSA (Cert. #689); HMAC (Certs. #2183, #2184, #2185 and #2186); RSA (Cert. #1757); SHS (Certs. #2831, #2832, #2833 and #2834); Triple-DES (Cert. #1936) -Other algorithms: AES (Certs. #3433 and #3434, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM (non-compliant); ARC4; Blowfish; Camellia; CAST5; CRC32; DES; EC-Gost; EdDSA; ElGamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPE-MD 160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Salsa20; SEED; Serpent; Scrypt; Tiger; Twofish; Whirlpool Multi-Chip Stand Alone "SUSE Libgcrypt is a general purpose cryptographic library based on the code from GnuPG." |
| 2463 | Accellion, Inc. 1804 Embarcadero Road, Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_4_0_1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/30/2015 | 10/29/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Red Hat Enterprise Linux 5 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2317, #2318, and #3326); CVL (Certs. #481 and #482); DRBG (Cert. #772); ECDSA (Cert. #655); HMAC (Certs. #2117 and #2118); RSA (Cert. #1707); SHS (Certs. #2758 and #2759); Triple-DES (Cert. #1898) -Other algorithms: NDRNG; AES (Cert. #3326, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); PKCS #3 Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-Chip Stand Alone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2462 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Module (Hardware Versions: P/N: 3289094-A(BS12GE) Version: B/D4, B/D5, B/D4a, B/D5a, B/D6, B/D7 or B/D8; Firmware Versions: 03.07.49.00, 03.07.54.00, 03.07.56.00) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/29/2015 02/25/2016 04/07/2016 08/04/2017 | 4/6/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); KTS (AES Cert. #3305); SHS (Cert. #2738) -Other algorithms: N/A Multi-Chip Embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Module provides high speed data at rest encryption for Hitachi storage." |
| 2461 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3 (Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2460 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2 (Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 01/30/2017 | 1/29/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single Chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2459 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/27/2015 04/11/2017 | 10/26/2020 | Overall Level: 2 Multi-chip standalone |
| 2458 | Barracuda Networks 3175 Winchester Boulevard Campbell, CA 95008 USA Andrea Cannon TEL: 703-743-9068 FAX: 408-342-1061 CST Lab: NVLAP 200423-0 | Barracuda Cryptographic Software Module (Software Version: 1.0.1.8) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/22/2015 12/08/2016 | 12/7/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Barracuda OS v2.3.4 running on a BNHW003 without PAA Barracuda OS v2.3.4 running on a BNHW003 with PAA Barracuda OS v2.3.4 running on a BNHW002 without PAA Barracuda OS v2.3.4 running on a BNHW008 with PAA Barracuda NextGen Firewall and Control Center OS 7 under Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 with PAA Barracuda NextGen Firewall and Control Center OS 7 under Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3165 and #4144); CVL (Certs. #414 and #948); DRBG (Certs. #651 and #1258); DSA (Certs. #911 and #1125); ECDSA (Certs. #576 and #953); HMAC (Certs. #1993 and #2716); RSA (Certs. #1603, #1690 and #2259); SHS (Certs. #2618 and #3412); Triple-DES (Certs. #1803 and #2264) -Other algorithms: EC Diffie-Hellman (shared secret computation); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-Chip Stand Alone "The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic functions for applications in Barracuda security products that require FIPS 140-2 approved cryptographic functions." |
| 2457 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba 7XXX Series Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 7005-F1, Aruba 7005-USF1, Aruba 7010-F1, Aruba 7010-USF1, Aruba 7024-F1, Aruba 7024-USF1, Aruba 7030-F1, Aruba 7030-USF1, Aruba 7205-F1 and Aruba 7205-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/22/2015 01/14/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2477, #2884, #2900 and #3014); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #1520, #1818, #1835 and #1906); KBKDF (Cert. #32); RSA (Certs. #1266, #1517, #1518, #1528 and #1573); SHS (Certs. #2096, #2424, #2425, #2440 and #2522); Triple-DES (Certs. #1516, #1720, #1726 and #1770) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-Chip Stand Alone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2456 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200928-0 | Acme Packet 3820 and Acme Packet 4500 (Hardware Version: A1; Firmware Versions: ECx6.4.1 and ECx6.4.1M1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/21/2015 | 10/20/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #928 and #1555); CVL (Certs. #480 and #498); DRBG (Certs. #762 and #791); HMAC (Certs. #519, #907, #2107 and #2143); RSA (Certs. #1697 and #1724); SHS (Certs. #912, #1378, #2748 and #2788); Triple-DES (Certs. #745 and #1019) -Other algorithms: DES; ARC4; HMAC-MD5; SNMP KDF (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "The Acme Packet 3820 and 4500 are one rack unit (1U) platforms that feature Oracle's purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications - voice, video, and application data sessions - across Internet Protocol (IP) network borders." |
| 2455 | SiCore Technologies Inc. 200 Finn Court Farmingdale, NY 11735 USA Godfrey Vassallo TEL: 631-327-2019 CST Lab: NVLAP 100432-0 | SHIELD Secure Coprocessor (Hardware Version: SHIELD Secure CoProcessor V1.0; Firmware Versions: MFF V1.0, FPGA V1.0, SC V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/14/2015 | 10/13/2020 | Overall Level: 3 -Design Assurance: Level 4 -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2195); RSA (Cert. #1131); SHS (Cert. #1901) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-Chip Embedded "A secure co-processor with a PCI Express Interface" |
| 2454 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm FIPS Object Module (Software Version: 6.3.4) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2015 05/05/2016 | 5/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0) Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0) Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00) uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1) Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1) HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0) Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4) Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00) Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3) Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0) Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0) VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2) Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2) Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2) Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2) Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3) Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3) Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2) Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2) CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2) Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6) Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6) Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3) Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1) Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM) Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM) Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0) DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13) Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3) NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3) NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3) Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64) Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6) Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3) Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2) Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3) QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1) eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)1 Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3) Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)2 iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)3 Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1) AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2) Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5) Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5) ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2) FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3) FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1) QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1) Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1) Microsoft Windows Server 2008 R2 running on an Intel Xeon E5-2420 (x64) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3363); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #497); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #790); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #953); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #666); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2142); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581 and #1723); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2787); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1913) -Other algorithms: EC Diffie-Hellman; RNG; RSA (encrypt/decrypt) Multi-chip standalone "The LogRhythm FIPS Object Module 6.3.4 is a general purpose cryptographic module. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modification." |
| 2453 | Palo Alto Networks 4401 Great America Pkwy Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | Panorama M-100 (Hardware Versions: P/Ns 910-000030 Version 00D, 910-000092 Version 00D, FIPS Kit P/N 920-000140 Version 00A; Firmware Version: 6.1.3) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 04/21/2016 | 4/20/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3180); RSA (Cert. #1616); HMAC (Cert. #2006); SHS (Cert. #2632); DRBG (Cert. #662); CVL (Cert. #425) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "Panorama on the M-100 provides centralized management and visibilty of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. Using Panorama for policy and device management increases operational effeciency in managing and maintaining distributed network of firewalls." |
| 2452 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 650-265-3634 FAX: n/a CST Lab: NVLAP 100432-0 | Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N AJ558-2102A; Firmware Versions: Loader Version 0.67, PSMCU Version 2.13) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 01/25/2016 | 1/24/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3234); DRBG (Cert. #695); RSA (Cert. #1644); SHS (Cert. #2674) -Other algorithms: NDRNG Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing, key management, and storage capabilities." |
| 2451 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Su-Chen Lin TEL: 408-839-9840 Seyed Safaish TEL: 408-745-8158 CST Lab: NVLAP 100432-0 | Juniper Networks RE1800 and RE2600 Routing Engines Cryptographic Modules (Hardware Versions: P/Ns RE-S-1800X2-XXG, RE-S-1800X4-XXG, RE-S-EX9200-1800X4-XXG, RE-DUO-C1800-16G, RE-B-1800X1-4G, RE-A-1800X2-XXG, RE-DUO-C2600-16G, 520-052564; Firmware Version: Junos 14.1R4 with Junos FIPS mode utilities 14.1R4) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2015 | 9/29/2020 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1879 and #1880); AES (Cert. #3296); SHS (Certs. #2734, #2735 and #2736); HMAC (Certs. #2092 and #2094); ECDSA (Cert. #639); RSA (Cert. #1685); CVL (Cert. #470); DRBG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of strength); HMAC-SHA-1-96 (HMAC Certs. #2092 and #2094); NDRNG Multi-chip embedded "The Juniper Networks RE1800 and RE2600 Routing Engines, are multi-chip embedded cryptographic modules that control a router or switch's interfaces, system management, and user access to the device. The RE runs Junos 14.1R4 with the FIPS mode package. The RE is compatible with the Juniper Networks MX Series 3D Universal Edge Routers, EX Series Switches, T Series Routers, M Series Multiservice Edge Routers, and PTX Series Packet Transport Routers. These devices provide dedicated high-performance flow processing and integrate advanced security capabilities." |
| 2450 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series (Hardware Versions: MZILS920HCHP-000H9 [1, 2], MZILS960HCHP-000H9 [1, 2], MZILS1T9HCHP-000H9 [1, 2], MZILS3T8HCJM-000H9 [1, 2], MZILS400HCGR-000C6 [3], MZILS800HCHP-000C6 [3], MZILS1T6HCHP-000C6 [3] and MZILS3T2HCJM-000C6 [3]; Firmware Versions: 3P00 [1], 3P02 [2] and EXP2 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/23/2015 03/21/2016 | 3/20/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121) -Other algorithms: NDRNG Multi-chip standalone |
| 2449 | Cobham TCS Limited The Cobham Centre - Solent Fusion 2 1100 Parkway Solent Business Park Whiteley, Hampshire PO15 7AB United Kingdom Graham Foord TEL: +44 (0) 1489 566750 FAX: +44 (0) 1489 880538 Neil McSparron TEL: +44 (0) 1489 566750 FAX: +44 (0) 1489 880538 CST Lab: NVLAP 200928-0 | Cobham AES Cryptographic Firmware-Hybrid Module (Hardware Version: Freescale ColdFire MCF54453; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 09/23/2015 | 9/22/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cobham D1705D TX with FreeRTOS Operating System version 6.0.5 -FIPS Approved algorithms: AES (Cert. #3211); SHS (Cert. #2658); HMAC (Cert. #2024) -Other algorithms: DES; CRC32 Multi-chip standalone "The Cobham AES Cryptographic Firmware-Hybrid Module is used in Cobham’s products to provide secure AES Encryption such as in the NETNode IP Mesh radio to protect data transmitted over the NETNode high capacity ad-hoc multi-radio mesh network." |
| 2448 | Vectra Networks 550 South Winchester Blvd, Suite 200 Bin 007 San Jose, CA 95128 USA Jason Kehl CST Lab: NVLAP 201029-0 | Vectra Networks Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/17/2015 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Vectra Networks Cryptographic Module provides cryptographic functions for the Vectra X-Series platforms software, which delivers a new class of advanced persistent threat (APT) defense delivering real-time detection and analysis of active network breaches." |
| 2447 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSH Client Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/16/2015 04/28/2016 | 4/27/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Certs. #526 and #527) -Other algorithms: N/A Multi-chip standalone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2446 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 Jaroslav Reznik TEL: +420 532 294 111 FAX: +420 541 426 177 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSH Server Cryptographic Module (Software Version: 3.1) (When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/16/2015 04/28/2016 | 4/27/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode) -FIPS Approved algorithms: CVL (Certs. #526 and #527) -Other algorithms: N/A Multi-chip standalone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 2445 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion kiteworks Cryptographic Module (Software Version: KWLIB_2_0_2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/15/2015 | 9/14/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3212); CVL (Certs. #434 and #435); DRBG (Cert. #683); ECDSA (Cert. #592); HMAC (Certs. #1791 and #2025); RSA (Cert. #1636); SHS (Certs. #2393 and #2659); Triple-DES (Cert. #1828) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-chip standalone "Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2444 | Lexmark International, Inc. 740 W. New Circle Road Lexington, KY 40550 USA Sean Gibbons TEL: 859-232-2000 CST Lab: NVLAP 200416-0 | Lexmark™ Crypto Module (Firmware Version: 2.10) (No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 09/14/2015 | 9/13/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Lexmark MX811de with Lexmark(TM) Linux version 3.0.0 -FIPS Approved algorithms: SHS (Certs. #2049 and #2050); HMAC (Certs. #1479 and #1480); AES (Cert. #2380) -Other algorithms: N/A Multi-chip standalone "The Lexmark™ Crypto Module is a firmware option for Lexmark™ and Dell® Multi-Function Printers that permit the transfer, storage and printing of encrypted print jobs. Using the Lexmark™ Crypto Module, a printer is capable of encrypting and decrypting data input to and output from the module crypto kernel using the AES (FIPS 197) encryption algorithm." |
| 2443 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA Dave Riley TEL: 203-796-3208 FAX: 203-617-6060 CST Lab: NVLAP 200983-0 | Pitney Bowes MS1 X4 Postal Security Device (PSD) (Hardware Version: Part # 4W84001 Rev AAA; MAX32590 Secure Microcontroller Revision B4; Firmware Version: Device Abstraction Layer (DAL) Version 01.01.00F4; PB Bootloader Version 00.00.0016; PSD Application Version 21.04.807E) (When operated in FIPS Mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/09/2015 | 9/8/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Cert. #871); ECDSA (Cert. #529); CVL (Cert. #254); SHS (Cert. #2369); AES (Certs. #2826); DRBG (Cert. #487); HMAC (Cert. #1769); KAS (Cert. #49); Triple-DES (Cert. #1690); RSA (Cert. #1539); KTS (AES Cert. #2936); Triple-DES MAC (Triple-DES Cert. #1690, Vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG Single-chip "The MS1 X4 PSD is a single chip cryptographic module using the Maxim MAX32590 hardware that provides security services to support the creation of digital postage evidence in the form of an indicium." |
| 2442 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender Elite300 (Hardware Versions: P/Ns KDFE300-4G-Green [1, 2], KDFE300-4G-Black [1, 2], KDFE300-4G-Red [1, 2], KDFE300-4G-Silver [1, 2], KDFE300-8G-Green [1, 2], KDFE300-8G-Black [1, 2], KDFE300-8G-Red [1, 2], KDFE300-8G-Silver [1, 2], KDFE300-16G-Green [1, 2], KDFE300-16G-Black [1, 2], KDFE300-16G-Red [1, 2], KDFE300-16G-Silver [1, 2], KDFE300-32G-Green [1, 2], KDFE300-32G-Black [1, 2], KDFE300-32G-Red [1, 2], KDFE300-32G-Silver [1, 2], KDFE300-64G-Green [1, 2], KDFE300-64G-Black [1, 2], KDFE300-64G-Red [1, 2], KDFE300-64G-Silver [1, 2], KDFE300-128G-Green [1, 2], KDFE300-128G-Black [1, 2], KDFE300-128G-Red [1, 2], KDFE300-128G-Silver [1, 2], KDFE300-8G-PRO-Green [2], KDFE300-8G-PRO-Black [2], KDFE300-8G-PRO-Red [2], KDFE300-8G-PRO-Silver [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/09/2015 06/21/2016 | 6/20/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender Elite300 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device." |
| 2441 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Ann Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 Steve Grubb TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.6 OpenSSL Module, Red Hat Enterprise Linux 7.1 OpenSSL Module (Software Versions: 3.0, 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/08/2015 01/27/2016 02/16/2016 12/21/2016 | 12/20/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 with PAA Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 without PAA Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode) -FIPS Approved algorithms: AES (Certs. #3104, #3105, #3106, #3107, #3108, #3109, #3110, #3111, #3112, #3113, #3114, #3119, #3634, #3635, #3636, #3637, #3638, #3639, #3640, #3641, #3642, #3651 and #3696); Triple-DES (Certs. #1784, #1785, #1786, #1790, #2027, #2028, #2029, #2044 and #2059); RSA (Certs. #1583, #1584, #1586, #1590, #1875, #1876, #1877, #1878, #1886 and #1902); DSA (Certs. #897, #898, #899, #903, #1013, #1014, #1015, #1016, #1023 and #1038); ECDSA (Certs. #560, #561, #562, #564, #755, #756, #757, #759 and #775); DRBG (Certs. #610, #611, #612, #613, #614, #615, #616, #617, #618, #619, #620, #621, #622, #623, #624, #625, #626, #629, #630, #631, #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969, #970, #971, #982 and #1003); SHS (Certs. #2547, #2563, #2564, #2565, #2566, #2567, #2568, #2569, #2570, #2574, #2575, #2577, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3069 and #3095); HMAC (Certs. #1931, #1944, #1945, #1946, #1947, #1948, #1949, #1950, #1951, #1955, #1956, #1958, #2385, #2386, #2388, #2389, #2390, #2391, #2392, #2393, #2394, #2401 and #2427); CVL (Certs. #374, #375, #376, #377, #380, #381, #654, #655, #656, #657, #658, #661 and #662) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RNG; Camellia; CAST; DES; IDEA; J-PAKE; MD2; MD4; MDC2; RC2; RC4; RC5; RIPEMD; Whirlpool Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of theOpenSSL library." |
| 2440 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 781-442-0451 Tyrone Stodart TEL: +44-1189-240402 FAX: +44-1189-240402 CST Lab: NVLAP 200636-0 | Java Card Platform for Infineon on SLE 78 (SLJ 52GxxyyyzR) (Hardware Version: M7892 B11; Firmware Version: 1.0f) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/03/2015 | 9/2/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2941); Triple-DES (Cert. #1747); Triple-DES MAC (Triple DES Cert. #1747; vendor affirmed); DSA (Cert. #873); RSA (Cert. #1544); ECDSA (Cert. #532); SHS (Cert. #2477); DRBG (Cert. #544) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Single-chip "The cryptographic module consists of M7892B11 security controller by Infineon Technologies together with embedded software providing a secure execution environment consisting of a Java Card Runtime, Java Card Virtual Machine, Java Card API and Global Platform Card Manager along with native cryptographic library calls made available to applets through Java Card APIs. It is compliant with Java Card specifications version 3.0.1 Classic Edition and the Global Platform card specification version 2.2. In particular, it implements the GlobalPlatform ID Configuration 1.0." |
| 2438 | Alcatel-Lucent 600 March Road Ottawa, ON K2K 2E6 Canada Naren V. Patel TEL: 978-952-7274 CST Lab: NVLAP 200556-0 | Alcatel-Lucent 1830 Photonic Service Switch (PSS) (Hardware Versions: WOCUATAUAB / 3KC12841AA 02 [1], WOM3P00CRC / 8DG59859AA 03 [2], WOMNW00ERB / 8DG59319AA 02 [3], EC PSS-4 (3KC-12828-ABAC) [1], E4PFDCAK [1], 11QPEN4 [1-3], 10G MR XFP [1-3], 10GBASE-SR XFP [1-3], 1AB396080001 [1-3], X8FCLC-L [1-3], X8FCSN-I [1-3], XL-64TU XFP [1-3], EC PSS-16/PSS-32 (8DG59241AD) [2,3], PF (-48V DC) PSS-16, 20A [2], 8DG-59418-AA [1-3], PF (-48V DC) PSS-32, 20A [3], 8DG-61258-GAAA-TSZZA [3], with FIPS Kits 3KC-13452-AAAA [1], 3KC-13453-AAAA [1], 8DG-62678-AAAA [2] and 8DG-62677-AAAA [3]; Firmware Version: 1.3.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/03/2015 | 9/2/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2828, #2829 and #2830); CVL (Certs. #255 and #256); SHS (Certs. #2370 and #2371) -Other algorithms: MD5; AES (Certs. #2829 and #2830, key wrapping) Multi-chip standalone "The 1830 PSS is a scalable, next-generation Dense Wave Division Multipexer (DWDM) platform that supports data center aggregation for Ethernet, Fiber Channel (FC) and other protocols. Multiprotocol services can then be dynamically and flexibly transported over metro and long-haul spans, using Tunable and Reconfigurable Optical Add-Drop Multiplexers (T-ROADMs) for optical wavelengths. The 1830 PSS enables transparent L2 Ethernet or FC and L3 IP services over the optical link." |
| 2435 | SUSE, LLC 10 Canal Park, Suite 200 Cambridge, Massachusetts 02141 USA Thomas Biege TEL: +49 911 74053 500 Michael Hager TEL: +49 911 74053 80 CST Lab: NVLAP 200658-0 | SUSE Linux Enterprise Server 12 - OpenSSL Module (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/20/2015 | 8/19/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #3197, #3198 and #3199); Triple-DES (Cert. #1823); DSA (Cert. #915); RSA (Cert. #1628); ECDSA (Cert. #586); SHS (Certs. #2645, #2646 and #2648); HMAC (Certs. #2014, #2015 and #2016); DRBG (Certs. #674, #675 and #676); CVL (Certs. #430 and #431) -Other algorithms: Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); MD2; MD4; MD5; MDC-2; HMAC-MD5; Blowfish; Camellia; CAST; DES; IDEA; JPAKE; RC2; RC4; RC5; RIPEMD160; SEED; TLS-SRP; Whirlpool Multi-chip standalone "OpenSSL is an open-source library of various cryptographic algorithms written mainly in C." |
| 2434 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | ProtectServer Internal Express 2 (PSI-E2) (Hardware Versions: VBD-05, Version Code 0200; Firmware Version: 5.00.02) (When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/20/2015 11/24/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #3118); DRBG (Cert. #428); DSA (Cert. #902); ECDSA (Cert. #563); HMAC (Cert. #1957); KAS (Cert. #51); RSA (Cert. #1589); SHS (Cert. #2576); Triple-DES (Certs. #1137 and #1789); Triple-DES MAC (Triple-DES Cert. #1789, vendor affirmed) -Other algorithms: AES (Cert. #3118, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1789, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-chip embedded "The SafeNet PSI-E 2 is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE 2 appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-E 2 also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC." |
| 2433 | Forcepoint 10240 Sorrento Valley Road San Diego, CA 92121 USA Matt Sturm TEL: 858-320-9444 Paul Lee TEL: 858-320-9369 CST Lab: NVLAP 100432-0 | Websense Java Crypto Module (Software Version: 2.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/19/2015 04/11/2016 | 4/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode) -FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine Multi-chip standalone "The Websense Java Crypto Module provides cryptographic functions for a variety of security solutions from Forcepoint." |
| 2432 | VASCO Data Security International, Inc. Koningin Astridlaan 164 Wemmel 1780 Belgium Frederik Mennes TEL: +32 2 609 97 00 FAX: +32 2 609 97 09 CST Lab: NVLAP 100432-0 | DIGIPASS GO-7 (Hardware Version: DIGIPASS GO-7 FIPS 140-2; Firmware Version: 0355) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2015 | 8/18/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3216 and #3217); KBKDF (Cert. #44) -Other algorithms: N/A Multi-chip standalone "DIGIPASS GO-7 is a 'one-button' strong authentication hardware device, based on VASCO's proven DIGIPASS technology. With a single press of a button, DIGIPASS GO-7 generates and displays a dynamic one-time password every time the user wants to log onto an application, website or network." |
| 2431 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 (0)20 8991 6260 FAX: +44 (0)20 8991 6277 CST Lab: NVLAP 200802-0 | iStorage datAshur SSD 3.0 Cryptographic Module (Hardware Version: RevD; Firmware Version: 6.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2015 | 8/18/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip standalone "iStorage datAshur SSD 3.0 Cryptographic Module" |
| 2430 | Samsung Electronics Co., Ltd. R5 416, Maetan 3-dong Yeongton-gu Suwon-si, Gyeonggi 443-742 Korea Bumhan Kim TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC1.6) (When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/14/2015 09/04/2015 | 9/3/2020 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Lollipop 5.0.2 running on Samsung Galaxy S6 Android Lollipop 5.1 running on Samsung Galaxy Tab S2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3292 and #3461); SHS (Certs. #2731 and #2857); Triple-DES (Certs. #1877 and #1952); HMAC (Certs. #2090 and #2207); DRBG (Certs. #750 and #849) -Other algorithms: DES; Twofish; MD5; ansi_cprng; krng; ANSI X9.31 RNG; ARC4; Pcompress; CRC32c; Deflate; LZO; AES-GCM (non-compliant); RFC4106-AES-GCM (non-compliant); RFC4543-AES-GCM (non-compliant); AES-CTR (non-compliant); Triple-DES-CTR (non-compliant); GHASH; GF128MUL; 2-key Triple-DES Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2429 | SafeNet, Inc. 20 Colonnade Road Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® Backup HSM Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster." |
| 2428 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/18/2015 10/26/2015 12/15/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2427 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA (Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/30/2015 10/26/2015 12/15/2015 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 2426 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2425 | wolfSSL Inc. 10016 Edmonds Way Suite C-300 Edmonds, WA 98020 USA Todd Ouska TEL: 503-679-1859 Larry Stefonic TEL: 206-369-4800 CST Lab: NVLAP 100432-0 | wolfCrypt (Software Versions: 3.6.0, 3.6.1, 3.6.6 and 3.11.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/11/2015 09/15/2015 09/30/2015 11/18/2015 06/23/2016 08/11/2017 08/25/2017 | 6/22/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 3.13.0 (Ubuntu) running on a HP EliteBookiOS 8.1 running on an iPhone 6Android 4.4 running on a Samsung Galaxy S5FreeRTOS 7.6 running on uTrust TS ReaderWindows 7 (64-bit) running on Sony Vaio ProLinux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSignLinux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge r630™Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630Android Dalvik 4.2.2 running on a MXT-700-NC 7” Touch PanelLinux 4.1.15 running on a NX-1200 NetLinx NX Integrated ControllerDebian 8.8 running on CA PAM 304L Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #3157, #3330, #3417, #3490, #3508, #4635 and #4643); DRBG (Certs. #650, #775, #821, #863, #875, #1561 and #1566); HMAC (Certs. #1990, #2121, #2175, #2228, #2241, #3068 and #3075); RSA (Certs. #1602, #1710, #1749, #1791, #1803, #2530 and #2534); SHS (Certs. #2614, #2763, #2823, #2882, #2893, #3799 and #3806); Triple-DES (Certs. #1800, #1901, #1928, #1966, #1972, #2465 and #2470) -Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5 Multi-chip standalone "wolfCrypt module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency." |
| 2423 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, CA 92121 USA Lu Xiao TEL: 858-651-5477 CST Lab: NVLAP 200658-0 | QTI Cryptographic Module on Crypto 5 Core (Hardware Version: Snapdragon 810; Software Version: 5.f3-64) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 08/11/2015 12/03/2015 | 12/2/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 5.0 running on Snapdragon 810 (single-user mode) -FIPS Approved algorithms: DRBG (Cert. #655); Triple-DES (Cert. #1802); HMAC (Cert. #1992); AES (Cert. #3164); SHS (Cert. #2617) -Other algorithms: HWRNG; DES; AEAD; kasumi; snow-3g Multi-chip standalone "This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A." |
| 2422 | Nimble Storage Inc. 211 River Oaks Parkway San Jose, CA 95134 USA Kent Peacock TEL: 408-514-3452 CST Lab: NVLAP 200427-0 | Nimble Storage FIPS Object Module (Software Version: 2.0.9) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/11/2015 03/01/2016 06/07/2016 07/25/2016 | 7/24/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Linux 2.6 running on a Nimble Storage CS300 with PAA Linux 2.6 running on a Nimble Storage CS500 with PAA Linux 2.6 running on a Nimble Storage CS700 with PAA Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without PAA Linux 2.6 running on a Nimble Storage AF3000 with PAA Linux 2.6 running on a Nimble Storage AF5000 with PAA Linux 2.6 running on a Nimble Storage AF7000 with PAA Linux 2.6 running on a Nimble Storage AF9000 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2484 and #3351); CVL (Certs. #85 and #496); DRBG (Certs. #342 and #784); DSA (Certs. #764 and #950); ECDSA (Certs. #413 and #664); HMAC (Certs. #1526 and #2134); RSA (Certs. #1273 and #1718); SHS (Certs. #2102 and #2778); Triple-DES (Certs. #1522 and #1912) -Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt) Multi-chip standalone "The Nimble Storage FIPS Object Module 2.0.9 is a general purpose cryptographic module built from the OpenSSL FIPS Object Module 2.0.9 source code, which is validated under certificate #1747. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit." |
| 2421 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Aironet 1142, 1262, 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points (Hardware Versions: {1142[2], 1262[3], 1532e[6], 1532i[6], 1552e[3], 1552i[3], 1572[5], 1602e[4], 1602i[4], 1702[5], 2602e[5], 2602i[5], 2702e[5], 2702i[5], 3502e[3], 3502i[3], 3602e[1,5], 3602i[1,5], 3602p[1,5], 3702e[1,5], 3702i[1,5] and 3702p[1,5] with AIR-RM3000M[1], Marvell 88W8363P[2], Marvell 88W8364[3], Marvell 88W8763C[4], Marvell 88W8764C[5] and Qualcomm Atheros AES-128w10i[6]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 with IC2M v2.0) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/06/2015 | 8/5/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2334, #2335, #2336, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441) -Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant) Multi-chip standalone "Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments." |
| 2420 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Alex Hennekam TEL: +61 7-5552-4045 FAX: +61 7-5571-0420 Peter Waltenburg TEL: +61 7- 5552-4016 FAX: +61 7-5571-0420 CST Lab: NVLAP 200658-0 | IBM® Crypto for C (Software Version: 8.4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/05/2015 | 8/4/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on S2600CP with PAA Microsoft Windows Server 2008® 64-bit running on S2600CP without PAA AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 with PAA AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 without PAA Solaris® 11 64-bit running on Netra SPARC T4-1 Server with PAA Solaris® 11 64-bit running on Netra SPARC T4-1 Server without PAA Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP with PAA Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP without PAA Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 with PAA Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 without PAA Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 with PAA Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 without PAA SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 with CPACF SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 without CPACF (single-user mode) -FIPS Approved algorithms: AES (Certs. #3226, #3227, #3228, #3229, #3230, #3231, #3232, #3233, #3235, #3236, #3237, #3238, #3239, #3240, #3241, #3242, #3243, #3244, #3245, #3246, #3247, #3248, #3249, #3250, #3251 and #3252); Triple-DES (Certs. #1832, #1833, #1834, #1835, #1836, #1837, #1838, #1839, #1840, #1841, #1842, #1843 and #1844); DSA (Certs. #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929, #930 and #931); RSA (Certs. #1640, #1641, #1642, #1643, #1645, #1646, #1647, #1648, #1649, #1650, #1651, #1652, #1653, #1654 and #1655); ECDSA (Certs. #596, #597, #598, #599, #600, #601, #602, #603, #604, #605, #606, #607, #608, #609 and #610); SHS (Certs. #2666, #2667, #2668, #2669, #2670, #2671, #2672, #2673, #2675, #2676, #2677, #2678, #2679, #2680, #2681, #2682, #2683, #2684, #2685, #2686, #2687 and #2688); DRBG (Certs. #687, #688, #689, #690, #691, #692, #693, #694, #696, #697, #698, #699, #700, #701, #702, #703, #704, #705, #706, #707, #708, #709, #710, #711, #712 and #713); HMAC (Certs. #2030, #2031, #2032, #2033, #2034, #2035, #2036, #2037, #2038, #2039, #2040, #2041, #2042, #2043, #2044, #2045, #2046, #2047, #2048, #2049, #2050 and #2051); CVL (Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC-MD5; DES; CAST; Camellia; Blowfish; Password based encryption; RC4; RC2; TRNG; KBKDF (non-compliant); DSA (non-compliant) Multi-chip standalone "The IBM Crypto for C v8.4.0.0 (ICC) cryptographic module is implemented in the Cprogramming language. It is packaged as dynamic (shared) libraries usable byapplications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. TheICC allows these applications to access cryptographic functions using an ApplicationProgramming Interface (API) provided through an ICC import library and based on theAPI defined by the OpenSSL group." |
| 2419 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Intrusion Prevention System (Hardware Versions: 2600NX, 5200NX, 6200NX, 7100NX, and 7500NX with HP FIPS Security Enclosure: Part# JC856A; Firmware Version: 3.8.2) (When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/05/2015 08/14/2015 12/09/2015 01/06/2016 | 1/5/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2417 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center (Hardware Versions: FWE-C1015 with FIPS Kit: FWE-CC-FIPS-KIT1, FWE-C2050 with FIPS Kit: FWE-CC-FIPS-KIT2, FWE-C3000 with FIPS Kit: FWE-CC-FIPS-KIT2; Firmware Version: 5.3.2 Patch 6) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/30/2015 07/31/2015 | 7/30/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2972 and #3116); Triple-DES (Certs. #1761 and #1787); SHS (Certs. #2498 and #2572); HMAC (Certs. #1884 and #1953); DRBG (Cert. #566); DRBG (Cert. #627); RSA (Certs. #1561 and #1587); DSA (Certs. #885 and #900); CVL (Cert. #378) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 2416 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center Virtual Appliance (Software Version: 5.3.2 Patch 6) (When installed, initialized and configured as specified in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/30/2015 | 7/29/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with MLOS v2.2.3 on VMware vSphere 5.0 running on a Intel SR2625URLX (single-user mode) -FIPS Approved algorithms: AES (Certs. #2973 and #3117); Triple-DES (Certs. #1762 and #1788); SHS (Certs. #2499 and #2573); HMAC (Certs. #1885 and #1954); DRBG (Cert. #567); DRBG (Cert. #628); RSA (Certs. #1562 and #1588); DSA (Certs. #886 and #901); CVL (Cert. #379) -Other algorithms: Diffie-Hellman (key wrapping; key establishment methodology provides 112 bitsof encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 2415 | Morpho 18 avenue chaussée Jules César Osny 95520 France Omar Derrouazi TEL: +33158116971 FAX: +33158113566 CST Lab: NVLAP 200901-0 | IDeal Citiz™ v2.0 Open (Hardware Versions: SLE78CFX3000P, SLE78CLFX3000P, SLE78CLFX3000PM, SLE78CFX4000P, SLE78CLFX4000P, SLE78CLFX4000PM; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/28/2015 | 7/27/2020 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1689); Triple-DES MAC (Triple-DES Cert. #1689, vendor affirmed); AES (Cert. #2818); RSA (Cert. #1472); SHS (Cert. #2362); KBKDF (Cert. #62) -Other algorithms: AES (Cert. #2818, key wrapping, key establishment methodology provides 128 - 256 bits of encryption strength); Triple-DES (Cert. #1689, key wrapping, key establishment methodology provides 112 bits of encryption strength); TRNG Single-chip "The IDeal Citiz™ v2.0 Open is a single chip cryptographic module, which combines an implementation of the Sun Java Card Version 3.0.2 Classic Edition and GlobalPlatform Version 2.1.1 specifications on a dual interface chip (ISO 7816 contact and ISO 14443 contactless interface communication protocols).The module aims to host applets written in Java programming language and relying on cryptographic services and biometric features available at platform level. In particular, Ideal Citiz™ v2.0 Open allows third party developers to implement the biometric "Match On Card" user authentication." |
| 2414 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 FAX: n/a CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2015 | 7/22/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2413 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Intrusion Prevention System (Hardware Versions: S660N and S1400N; Firmware Version: 3.8.2) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2015 08/14/2015 12/09/2015 01/06/2016 | 1/5/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2411 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA OS X 10.10 running on Mac mini with i5 CPU without PAA OS X 10.10 running on iMac with i7 CPU with PAA OS X 10.10 running on iMac with i7 CPU without PAA OS X 10.10 running on MacPro with Xeon CPU with PAA OS X 10.10 running on MacPro with Xeon CPU without PAA OS X 10.10 running on MacBook with Core M CPU with PAA OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1895, #1896, #1897 and #1921); AES (Certs. #3066, #3067, #3068, #3069, #3070, #3071, #3072, #3073, #3102, #3323, #3324, #3325, #3382, #3383, #3384 and #3385); RSA (Certs. #1704, #1705, #1706 and #1737); SHS (Certs. #2543, #2544, #2545, #2546, #2579, #2580, #2581, #2582, #2583, #2584, #2585, #2586, #2755, #2756, #2757, #2800, #2801, #2802, #2803 and #2804); ECDSA (Certs. #652, #653, #654 and #673); HMAC (Certs. #1927, #1928, #1929, #1930, #1960, #1961, #1962, #1963, #1964, #1965, #1966, #1967, #2114, #2115, #2116, #2155, #2156, #2157, #2158 and #2159); DRBG (Certs. #598, #599, #600, #601, #602, #609, #769, #770, #771, #805, #806 and #816); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); DES; Triple-DES (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-Compliant); SP800-56C KDF; MD2; MD4; MD5; RIPEMD; ed25519; CAST5; Blowfish; RC2; RC4; OMAC; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves Multi-chip standalone "The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2410 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model NA02) (Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160; Firmware Versions: NA02, NA04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/22/2015 08/31/2016 | 8/30/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2409 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | Cisco ASR 1001, 1001-X, 1002, 1002-X, 1004, 1006 and 1013 (Hardware Versions: ASR1001, ASR1001-X, ASR1002, ASR1002-X, ASR1004, ASR1006 and ASR1013; Embedded Services Processors: ASR1000-ESP5, ASR1000-ESP10, ASR1000-ESP20, ASR1000-ESP40, ASR1000-ESP100 and ASR1000-ESP200; Route Processors: ASR-1000-RP1 and ASR-1000-RP2; Linecards: ASR1000-6TGE and ASR1000-2T+20X1GE; Firmware Version: IOS XE 3.13) (When operated in FIPS mode. When installed, initialized and configured as specified in Section 9 of the Security Policy and with the configurations in Table 1 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #333, #2346, #2783 and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Certs. #137, #1455 and #1764); RSA (Cert. #1471); SHS (Certs. #408, #2023, #2338 and #2361); Triple-DES (Certs. #397, #1469, #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SHA-1 (non-compliant) Multi-chip standalone "The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments." |
| 2408 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA OS X 10.10 running on Mac mini with i5 CPU without PAA OS X 10.10 running on iMac with i7 CPU with PAA OS X 10.10 running on iMac with i7 CPU without PAA OS X 10.10 running on MacPro with Xeon CPU with PAA OS X 10.10 running on MacPro with Xeon CPU without PAA OS X 10.10 running on MacBook with Core M CPU with PAA OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1847, #1848, #1849, #1850, #1851, #1855, #1922 and #1923); AES (Certs. #3042, #3043, #3044, #3045, #3046, #3047, #3048, #3049, #3051, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3062, #3063, #3064, #3065, #3121, #3257, #3259, #3260, #3261, #3262, #3266, #3386, #3387, #3388, #3389, #3390, #3391, #3392, #3393, #3394 and #3395); RSA (Certs. #1658, #1659, #1660, #1661, #1662, #1666, #1738 and #1739); SHS (Certs. #2535, #2536, #2537, #2538, #2539, #2540, #2541, #2542, #2588, #2589, #2590, #2591, #2592, #2593, #2594, #2595, #2596, #2597, #2695, #2697, #2698, #2699, #2700, #2704, #2805,# 2806, #2807, #2808, #2809, #2810, #2811 and #2812); ECDSA (Certs. #614, #615, #616, #617, #618, #622, #674 and #675); HMAC (Certs. #1919, #1920, #1921, #1922, #1923, #1924, #1925, #1926, #1969, #1970, #1971, #1972, #1973, #1974, #1975, #1976, #1977, #1978, #2056, #2058, #2059, #2060, #2061, #2065, #2160, #2161, #2162, #2163, #2164, #2165, #2166 and #2167); DRBG (Certs. #586, #587, #588, #589, #590, #591, #592, #593, #594, #595, #596, #597, #716, #718, #719, #720, #721, #725, #807, #808, #809, #810, #811 and #812); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; DES; TDES (non-compliant); MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; RC2; RC4; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); OMAC (One-Key CBC MAC); KBKDF (non-compliant); ed25519; RFC6637 KDF; ANSI X9.63 KDF Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2407 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis TEL: (669)227-3579 FAX: (866)315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | 7/21/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU iOS 8.0 running on iPhone5 with Apple A6 CPU iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU iOS 8.0 running on iPad (4th generation) with Apple A6X CPU iOS 8.0 running on iPhone5S with Apple A7 CPU iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1889, #1890, #1891, #1892, #1893, #1894 and #1919); AES (Certs. #3096, #3097, #3098, #3099, #3100, #3101, #3317, #3318, #3319, #3320, #3321, #3322, #3371 and #3380); RSA (Certs. #1698, #1699, #1700, #1701, #1702, #1703 and #1735); SHS (Certs. #2558, #2559, #2560, #2561, #2562, #2587, #2749, #2750, #2751, #2752, #2753, #2754, #2795 and #2798); ECDSA (Certs. #646, #647, #648, #649, #650, #651 and #671); HMAC (Certs. #1939, #1940, #1941, #1942, #1943, #1968, #2108, #2109, #2110, #2111, #2112, #2113, #2150 and #2153); DRBG (Certs. #763, #764, #765, #766, #767, #768 and #803); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); MD2; MD4; MD5; RIPEMD; Ed25519; CAST5; ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-compliant); SP800-56C KDF; Blowfish; RC2; RC4; CMAC AES 128; OMAC; HMAC DRBG (non-compliant); Hash DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2405 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/08/2015 02/03/2016 | 2/2/2021 | Overall Level: 2 Multi-Chip Stand Alone |
| 2404 | Digital Defence Ltd 400 Pavilion Drive Northampton Business Park Northampton NN4 7PA United Kingdom Ben Earl TEL: +44-1604-521-108 Heinrich Van Der Westhuizen TEL: +44-1604-521-108 CST Lab: NVLAP 200636-0 | Secure Mobile (Software Version: 11.1.0.0) (When operated with the Microsoft Windows CE, Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #560 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/06/2015 | 7/5/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Mobile 6.5 running on Motorola MC65 (Single-user mode) -FIPS Approved algorithms: AES (Certs. #2851 and #2852); HMAC (Certs. #1792 and #1793); KBKDF (Cert. #26); SHS (Certs. #2394 and #2395) -Other algorithms: N/A Multi-chip standalone "Secure Mobile Cryptographic Module provides core cryptographic functionality in a Windows Embedded Handheld environment. It supports XTS-AES-128 cipher mode for storage encryption, KDF acc. to NIST SP 800-108 to derive the storage encryption key, and HMAC-SHA-256 for integrity protection of its binaries and settings. For generation of XTS tweak values a validated RNG (Cert. #286) contained in "Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH)" , which is a FIPS 140-2 certified cryptographic software module contained in the platform." |
| 2403 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/11/2015 09/04/2015 10/26/2015 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 2402 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 x72921 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Tool Kit (Software Versions: 6.0, 6.0.2 and 6.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/01/2015 03/16/2016 06/03/2016 | 6/2/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): QNX Neutrino 6.6 QNX Neutrino 6.5 Red Hat Linux AS 5.6 Windows 7 Enterprise 64 bit Windows Phone 8.0 Android 4.4.2 Android 4.0.4 iOS version 6.1.4 Android 5.0.1 iOS 8.0 Windows 7 Enterprise 32 bit CentOS Linux Release 7.1 64-bit Mac OS X Yosemite 10.10.4 Mac OS X El Capitan 10.11.4 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1159, #1773 and #2164); AES (Certs. #1789, #3029 and 3946); SHS (Certs. #1571, #2530 and #3256); HMAC (Certs. #1054, #1914 and #2571); DRBG (Certs. #127, #579 and #1151); DSA (Certs. #563, #891 and #1076); ECDSA (Certs. #242, #553 and #866); RSA (Certs. #894, #1574 and #2017); KAS (Certs. #25, #50 and #79); CVL (Certs. #7, #367 and #789) -Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant) Multi-chip standalone "The BlackBerry Cryptographic Tool Kit is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The BlackBerry Cryptographic Tool Kit, part of the suite of BlackBerry cryptographic modules, provides application developers with a means to expand the secure capabilities and features BlackBerry is known for, to devices running operating systems other than BlackBerry OS." |
| 2401 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender 3000 (Hardware Versions: P/Ns KDF3000-4G [1, 2], KDF3000-8G [1, 2], KDF3000-16G [1, 2], KDF3000-32G [1, 2], KDF3000-64G [1, 2], KDF3000-128G [1, 2], KDF3000-8G-PRO [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/30/2015 06/21/2016 | 6/20/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 3000 is a 256-bit AES hardware encrypted USB flash drive used primarily to secure data at rest. The device can also be used as a secure platform for remote access and virtualized applications run directly from the drive. The Kanguru Defender line of secure USB solutions is remotely manageable through the Kanguru Remote Management Console (KRMC)." |
| 2400 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600 (Hardware Versions: P/Ns 101-500380-71, Rev. A (SM 9600), 101-500361-70, Rev. A (SM 9400), 101-500363-70, Rev. A (SM 9200), 101-500364-66, Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.0.10-15n) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/29/2015 03/22/2016 06/15/2017 | 3/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2756); CVL (Cert. #226); DRBG (Cert. #466); DSA (Cert. #843); HMAC (Cert. #1727); RSA (Cert. #1444); SHS (Cert. #2322); Triple-DES (Cert. #1657) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG Multi-chip standalone "The SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance." |
| 2398 | OpenSSL Validation Services 1829 Mount Ephraim Road Adamstown, MD 21710 USA Steve Marquess TEL: 301-874-2571 CST Lab: NVLAP 100432-0 | OpenSSL FIPS Object Module SE (Software Versions: 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15 or 2.0.16) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/24/2015 12/17/2015 02/08/2016 08/15/2016 12/30/2016 01/10/2017 01/30/2017 03/13/2017 05/23/2017 06/01/2017 08/22/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2) iOS 8.1 64bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56) iOS 8.1 64bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56) VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) iOS 8.1 32bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56) iOS 8.1 32bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2) AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1) DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without AES-NI (gcc Compiler Version 4.7.2) DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with AES-NI (gcc Compiler Version 4.7.2) AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1) AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1) Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3) Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3) Linux 3.10 32-bit running on Intel Atom E3845 (x86) without AES-NI (gcc Compiler Version 4.8.1) Linux 3.10 32-bit running on Intel Atom E3845 (x86) with AES-NI (gcc Compiler Version 4.8.1) AIX 7.1 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.1 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.1 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.1 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1) AIX 7.2 32-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1) AIX 7.2 64-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1) ExtremeXOS-Linux 3.1 running on Cavium Octeon II (MIPS)(gcc Compiler Version 4.9.2) SurfWare 7.2 running on TI c64 DSP (TMS320C6x Compiler Version 6.0.19) ExtremeXOS-Linux 3.18 running on Cavium Octeon II (MIPS) (gcc Compiler Version 4.9.2) ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) with PAA (gcc Compiler Version 4.9.2) ExtremeXOS-Linux 3.18 32-bit running on Intel Atom C2558 (x86) without PAA (gcc Compiler Version 4.9.2) (single-user mode) -FIPS Approved algorithms: AES (Certs. #3090, #3264, #3451, #3751, #3990, #4141, #4391 and #4469); CVL (Certs. #372, #472, #534, #699, #814, #947, #1094 and #1181); DRBG (Certs. #1027, #607, #723, #845, #1182, #1256, #1414 and #1451); DSA (Certs. #1040, #896, #933, #970, #1085, #1124, #1170 and #1195); ECDSA (Certs. #558, #620, #698, #801, #886, #952, #1050 and #1091); HMAC (Certs. #1937, #2063, #2197, #2452, #2605, #2714, #2918 and #2966); RSA (Certs. #1581, #1664, #1766, #1928, #2048, #2258, #2374 and #2444); SHS (Certs. #2553, #2702, #2847, #3121, #3294, #3411, #3620 and #3681); Triple-DES (Certs. #1780, #1853, #1942, #2086, #2190, #2263, #2366 and #2399) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-chip standalone "The OpenSSL FIPS Object Module SE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications." |
| 2397 | WatchData Technologies Pte Ltd 7F QiMing International Building 101 Lize Middle Park Chaoyang District Beijing, Beijing 100102 People's Republic of China Fan Nannan TEL: +86-180-01226917 FAX: +86-010-64365760 Wang Xuelin TEL: +86-180-01226735 FAX: +86-010-64365760 CST Lab: NVLAP 200658-0 | WatchKey ProX USB Token Cryptographic Module (Hardware Versions: Smart Card Chip AS518 and K023314A; Firmware Version: 36410101) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2015 | 6/22/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Cert. #2647); Triple-DES (Cert. #1822); AES (Cert. #3196); RSA (Cert. #1630); DRBG (Cert. #673); ECDSA (Cert. #585) -Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The WatchKey ProX USB Token is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user’s private and public key pairs can be generated and stored on the embedded chip." |
| 2396 | Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA Shawn Geddis TEL: (669) 227-3579 FAX: (866) 315-1954 CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module v5.0 (Software Version: 5.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/23/2015 | 6/22/2020 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU with AES hardware accelaration iOS 8.0 running on iPhone4S with Apple A5 CPU without AES hardware accelaration iOS 8.0 running on iPhone5 with Apple A6 CPU with AES hardware accelaration iOS 8.0 running on iPhone5 with Apple A6 CPU without AES hardware accelaration iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware accelaration iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware accelaration iOS 8.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware accelaration iOS 8.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware accelaration iOS 8.0 running on iPhone5S with Apple A7 CPU iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1856, #1857, #1858, #1859, #1860, #1861, #1862, #1863, #1910 and #1920); AES (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3024, #3025, #3034, #3035, #3036, #3037, #3038, #3039, #3040, #3074, #3075, #3267, #3268, #3269, #3270, #3271, #3272, #3273, #3274, #3355, #3376, #3377, #3378, #3379 and #3381); RSA (Certs. #1667, #1668, #1669, #1670, #1671, #1672, #1673, #1674, #1734 and #1736); ECDSA (Certs. #623, #624, #625, #626, #627, #628, #629, #630, #670 and #672); SHS (Certs. #2523, #2524, #2525, #2526, #2527, #2532, #2533, #2534, #2705, #2706, #2707, #2708, #2709, #2710, #2711,#2712, #2781, #2796, #2797 and #2799); HMAC (Certs. #1907, #1908, #1909, #1910, #1911, #1916, #1917, #1918, #2066, #2067, #2068, #2069, #2070, #2071, #2072, #2073, #2137, #2151, #2152 and #2154); DRBG (Certs. #575, #576, #577, #581, #582, #583, #584, #585, #726, #727, #728, #729, #730, #731, #732, #733, #800, #801, #802 and #804); PBKDF (vendor affirmed) -Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; Ed25519; AES (key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); KBKDF (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; DES; TDES (non-compliant); CAST5; RC2; RC4; MD2; MD4; MD5; RIPEMD; Blowfish; OMAC (One-Key CBC MAC); Hash-DRBG (non-compliant); HMAC-DRBG (non-compliant); RSA (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2395 | Syn-Tech Systems, Inc. 100 Four Points Way Tallahassee, FL 32305 USA Brian Pietrodangelo TEL: 850-878-2558 FAX: 850-877-9327 CST Lab: NVLAP 100432-0 | ProFLEX01-R2 (Hardware Versions: 450-0139 and 450-0140; Firmware Version: 4.20) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2015 | 6/22/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3126, #3127, #3128 and #3129); KTS (AES Certs. #3127 and #3129) -Other algorithms: N/A Multi-chip embedded "Syntech's custom designed ProFLEX01-R2 encryption module is embedded into the foundation of the FuelMaster line of AIM Titanium products. This technology propels FuelMaster to the forefront in secure, automated fleet and fuel management systems. Trusting in NIST-Validated encryption for data-in-transit and data-at-rest, Information Assurance Managers can depend on knowing their data is protected to the highest standards of the US Government." |
| 2394 | Hewlett-Packard TippingPoint 14231 Tandem Blvd. Austin, TX 78728 USA Freddy Mercado TEL: 512-432-2947 Russ Meyers TEL: 512-432-2948 CST Lab: NVLAP 200427-0 | HP TippingPoint Crypto Core NSS (Software Version: 3.12.9.1) (When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. For Red Hat Linux 6.2, Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. For CentOS 5.6 the module is compiled from source available from Mozilla. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/15/2015 | 6/14/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system without PAA Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with PAA CentOS 5.6 64-bit running on an Intel Xeon E5-2620v3 CentOS 5.6 64-bit running on an Intel Xeon E5-2690v3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1908 and #3285); DRBG (Certs. #165 and #743); DSA (Certs. #602 and #942); HMAC (Certs. #1145 and #2082); RSA (Certs. #979 and #1682); SHS (Certs. #1675 and #2723); Triple-DES (Certs. #1240 and #1872) -Other algorithms: AES (Certs. #1908 and #3285, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1240 and #1872, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP TippingPoint Crypto Core NSS is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for HP TippingPoint security products." |
| 2393 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Integrated Services Router (ISR) 4451-X (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Integrated Services Router (ISR) 4431 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Versions: ISR 4451-X [1] and ISR 4431 [2] with SM-ES3X-16-P [1], SM-ES3X-24-P [1], SM-D-ES3X-48-P [1], PVDM4-32 [1,2], PVDM4-64 [1,2], PVDM4-128 [1,2] and PVDM4-256 [1,2]; Firmware Version: IOS-XE 3.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/15/2015 | 6/14/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1275, #2345 and #2817); CVL (Cert. #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Router are a highly scalable WAN and Internet Edge router platform that delivers embedded hardware acceleration for multiple Cisco IOS XE Software services without the need for separate service blades. The Routers are designed for business-class resiliency, featuring redundant Route and Embedded Services Processors, as well as software-based redundancy." |
| 2392 | Oberthur Technologies 4250 Pleasant Valley Rd Chantilly, VA 20151 USA Christophe Goyet TEL: 703-322-8951 FAX: n/a Said Boukyoud TEL: +33-1-78-14-72-58 FAX: +33-1-78-14-70-20 CST Lab: NVLAP 100432-0 | ID-One PIV on Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5) PIV Certificate #37 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/15/2015 | 6/14/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "ID-One PIV on Cosmo V8 is the next generation of FIPS 201-2 compliant Smart card. Performances have been optimized to allow a FICAM authentication in less than a second." |
| 2391 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Crypto Core OpenSSL (Software Version: 2.0.8) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/11/2015 12/24/2015 | 12/23/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0) Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0) Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00) uCLinux 0.9.29 (gcc Compiler Version 4.2.1) Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1) HP-UX 11i (32 bit) (HP C/aC++ B3910B) HP-UX 11i (64 bit) (HP C/aC++ B3910B) Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3) Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3) Android 3.0 (gcc Compiler Version 4.4.0) Linux 2.6.27 (gcc Compiler Version 4.2.4) Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00) Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3) Linux 2.6.33 (gcc Compiler Version 4.1.0) Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0) VxWorks 6.8 (gcc Compiler Version 4.1.2) Linux 2.6 (gcc Compiler Version 4.3.2) Linux 2.6.32 (gcc Compiler Version 4.3.2) Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3) Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3) Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2) Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2) CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5) CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5) Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2) Oracle Linux 6 (gcc Compiler Version 4.4.6) Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6) Oracle Solaris 11 (32 bit) (Sun C Version 5.12) Oracle Solaris 11 (64 bit) (Sun C Version 5.12) Android 4.0 (gcc Compiler Version 4.4.3) Apple iOS 5.1 (gcc Compiler Version 4.2.1) Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM) Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM) Linux 2.6 (gcc Compiler Version 4.1.0) DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13) Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3) NetBSD 5.1 (gcc Compiler Version 4.1.3) Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with PAA (Microsoft « C/C++ Optimizing Compiler Version 16.00 for x64) Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6) Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6) Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3) Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2) Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3) QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1) eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3) Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1) Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1) AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2) Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5) Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5) ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2) FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3) FreeBSD 10.0 running on Xeon E5-2430L (x86) with PAA (clang Compiler Version 3.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AESNI (gcc Compiler Version 4.5.1) QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) CentOS 5.6 64-bit running on Intel Xeon E5-2620v3 (gcc Compiler Version 4.1.2) CentOS 5.6 64-bit running on Intel Xeon E5-2690v3 (gcc Compiler Version 4.1.2) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929 and #3281); CVL (Certs. #10, #12, #24, #260, #331, #36, #464, #49, #53, #71 and #85); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540 and #739); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870 and #938); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528 and #634); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856 and #2078); RSA (Certs. #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1678 and #960); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465 and #2719); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742 and #1868) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-chip standalone "The TippingPoint Crypto Core OpenSSL is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for TippingPoint security products." |
| 2390 | SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131 USA William Sandberg-Maitland TEL: 613-298-3416 FAX: 408-392-0319 CST Lab: NVLAP 200802-0 | SPYCOS® 3.0 QFN (Hardware Version: 742100004F; Firmware Version: 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/19/2015 12/09/2015 | 12/8/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Cert. #3028); KTS (Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications." |
| 2389 | INSIDE Secure Eerikinkatu 28 Helsinki 00180 Finland Serge Haumont TEL: +358 40 5808548 Marko Nippula TEL: +358 40 762 9394 CST Lab: NVLAP 200427-0 | SafeZone FIPS Cryptographic Module (Software Version: 1.1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/02/2015 | 6/1/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 3.10 running on a Raspberry Pi < t-base 300 running on an Arndale Android 4.4 running on a Samsung Galaxy Note 3 Android 4.2 running on a Samsung Galaxy Tab 3 10.1 iOS 7.1 running on a iPad Mini with Retina Display (32-bit) iOS 7.1 running on a iPad Mini with Retina Display (64-bit) Linux kernel 3.13 running on an ASUS Transformer (x86) with PAA Linux kernel 3.13 running on an ASUS Transformer (x64) without PAA Linux kernel 3.13 running on an ASUS Transformer (x64) with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3123); CVL (Certs. #384 and #385); DRBG (Certs. #634 and #637); DSA (Cert. #905); ECDSA (Cert. #567); HMAC (Cert. #1980); KBKDF (Certs. #37, #38, #39 and #40); KTS (AES Cert. #3123, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #1593); SHS (Cert. #2599); Triple-DES (Cert. #1793) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength) Multi-chip standalone "SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices." |
| 2388 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 201029-0 | IOS Common Cryptographic Module (IC2M) Rel5 (Firmware Version: Rel 5) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 05/28/2015 | 5/27/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cisco ASR1K RP2 with processor Intel Xeon on IOS XE3.13 Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.13 Cisco ISR 2951 with processor Freescale 8752E on IOS 15.4 Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.4 Cisco ISR 2921 with processor Cavium CN5220 on IOS 15.4 Cisco ISR 891 with processor MPC8358E on IOS 15.4 ESR 5940 with processor MPC8572C on IOS 15.4 -FIPS Approved algorithms: AES (Certs. #2783, #2817 and #3278); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); KBKDF (cert. #49); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 128 bits of encryption strength); KTS (AES cert. #3278; key establishment methodology provides 128 and 256 bits of strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEAL Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 2387 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Mondher Razouane TEL: +1(916)785-1894 FAX: +1(916)209-9495 Kris Meert TEL: +34-960-022029 FAX: +1(916)209-9495 CST Lab: NVLAP 200835-0 | HPE XP7 Encryption Ready Disk Adapter (eDKA) Level1 (Hardware Version: R800L1 or R800L1a; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/22/2015 01/28/2016 02/18/2016 02/23/2016 03/07/2016 08/04/2017 | 3/6/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775) -Other algorithms: AES (Cert. #3341, key wrapping) Multi-chip embedded "The HP XP7 Encryption Ready Disk Adapter (eDKA) Level1 provides high speed data at rest encryption for HP storage." |
| 2386 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Virtual Storage Platform (VSP) Encryption Engine (Hardware Version: R800L1 or R800L1a; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/22/2015 01/28/2016 02/18/2016 08/04/2017 | 2/17/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Certs. #1748 and #1889); SHS (Certs. #2344 and #2504) -Other algorithms: AES (Cert. #2787, key wrapping) Multi-chip embedded "The Hitachi Virtual Storage Platform (VSP) Encryption Engine provides high speed data at rest encryption for Hitachi storage." |
| 2385 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | µMACE (Hardware Version: P/N AT58Z04; Firmware Version: R01.07.01) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/22/2015 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1876, #2146 and #3089); SHS (Cert. #1619); HMAC (Cert. #1313); KAS (Cert. #28); ECDSA (Cert. #263) -Other algorithms: AES MAC (AES Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #1876, key wrapping); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
| 2382 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Chung-chih Lin TEL: 408-717-7689 FAX: 408-717-9494 Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar 7K6000 TCG Enterprise HDDs (Hardware Versions: P/Ns HUS726020AL4215 (0001) [1, 2, 4, 6, 7, 9]; HUS726020AL5215 (0001) [1, 2, 4, 9]; HUS726020ALS215 (0001) [3, 4, 9]; HUS726030AL4215 (0001) [1, 2, 4, 9]; HUS726030AL5215 (0001) [1, 2, 4, 9]; HUS726030ALS215 (0001) [3, 4, 9]; HUS726040AL4215 (0001) [1, 2, 4, 6, 7, 9]; HUS726040AL5215 (0001) [1, 2, 4, 9]; HUS726040ALS215 (0001) [3, 4 ,5, 9]; HUS726050AL4215 (0001) [1, 2, 4, 9]; HUS726050AL5215 (0001) [1, 2, 4, 9]; HUS726060AL4215 (0001) [1, 2, 4, 5, 6, 8, 9]; HUS726060AL5215 (0001) [1, 2, 4, 5, 9]; Firmware Versions: R519 [1], R7J0 [2], R7J7 [3], R907 [4], R9E0 [5], R910 [6], R930 [7], R9L0 [8] or RD05 [9]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 07/23/2015 10/14/2015 05/11/2016 08/30/2016 08/11/2017 | 8/29/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037) -Other algorithms: NDRNG Multi-Chip Embedded "HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar 7K6000 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs." |
| 2381 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024C-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02)} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.7.00) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density." |
| 2380 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-701 Korea Jisoo Kim TEL: 82-31-3096-2832 FAX: 82-31-8000-8000(+62832) CST Lab: NVLAP 200802-0 | Samsung UFS (Universal Flash Storage) Shark SED (Hardware Versions: KLUAG2G1BD-B0B2, KLUBG4G1BD-B0B1, KLUCG8G1BD-B0B1; Firmware Version: 0102) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2966); ECDSA (Cert. #544); SHS (Cert. #2494); DRBG (Cert. #563) -Other algorithms: NDRNG Single-chip "Samsung UFS Shark SED is a high-performance embedded storage that provides on-the-fly encryption/decryption of user data without performance loss and supports SSP (Secure Storage Protocol) v1.0. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and Hash_DRBG for key generation." |
| 2379 | Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | Ciena 6500 Packet-Optical Platform 4x10G (Hardware Version: 1.0; Firmware Version: 1.10) (When installed, initialized and configured as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 | 5/20/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2963 and #2964); Triple-DES (Cert. #1759); SHS (Cert. #2493); HMAC (Cert. #1880); DRBG (Cert. #562); RSA (Cert. #1559); ECDSA (Cert. #543); CVL (Cert. #357) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering." |
| 2377 | Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA Kathryn Kriese TEL: 650-527-8000 CST Lab: NVLAP 200802-0 | Symantec PGP Cryptographic Engine (Software Version: 4.3) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/21/2015 07/06/2015 | 7/5/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Apple Mac OS X 10.7 with PAA running on Apple MacBook Pro Apple Mac OS X 10.7 without PAA running on Apple MacBook Pro Microsoft Windows 7 32-bit with PAA running on Dell M6600 Microsoft Windows 7 32-bit without PAA running on Dell M6400 Microsoft Windows 7 64-bit with PAA running on Dell M6600 Microsoft Windows 7 64-bit without PAA running on Dell M6400 Red Hat Enterprise Linux (RHEL) 6.2 32-bit with PAA running on Dell M6600 Red Hat Enterprise Linux (RHEL) 6.2 32-bit without PAA running on Dell M6400 Red Hat Enterprise Linux (RHEL) 6.2 64-bit with PAA running on Dell M6600 Red Hat Enterprise Linux (RHEL) 6.2 64-bit without PAA running on Dell M6400 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1675, #1676, #1683, #1684, #1711, #1712, #1713, #1714, #1715 and #1716); AES (Certs. #2766, #2786, #2799, #2805, #2866, #2867, #2868, #2869, #2870 and #2871); SHS (Certs. #2342, #2343, #2351, #2353, #2408, #2409, #2410, #2411, #2412 and #2413); HMAC (Certs. #1746, #1747, #1755, #1756, #1805, #1806, #1807, #1808, #1809 and #1810); RSA (Certs. #1459, #1465, #1466, #1468, #1503, #1504, #1505, #1508, #1509 and #1510); DSA (Certs. #846, #847, #848, #849, #859, #860, #861, #862, #863 and #864); ECDSA (Certs. #487, #488, #489, #490, #509, #510, #511, #512, #513 and #514); CVL (Certs. #240, #241, #248, #249, #302, #303, #304, #305, #306 and #307); DRBG (Certs. #473, #474, #478, #479, #510, #511, #512, #513, #514 and #515) -Other algorithms: AES EME2 (non-compliant); AES PlumbCFB (non-compliant); AESMixCBC (non-compliant); MD5; RIPEMD160; MD2; KECCEK; RC2; ARC4; IDEA; CAST5; TwoFish; BlowFish; El Gamal; PBKDF2 (non-compliant); KBKDF (non-compliant); OpenPGP S2K Iterated salted; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Symantec PGP Cryptographic Engine is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for Symantec Encryption products. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations." |
| 2376 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-4404 CST Lab: NVLAP 200802-0 | Aegis Secure Key 3.0 Cryptographic Module (Hardware Version: RevD; Firmware Versions: 6.5 and 6.5.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2015 02/02/2016 06/01/2016 | 5/31/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip standalone "The Aegis Secure Key 3.0 is a USB 3.0 portable encrypted memory key. Completely contained within a small footprint/boundary, the module is designed to allow simple, software free integration into various secure storage systems requiring a FIPS 140-2 validated encryption boundary." |
| 2375 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Drive West Houston, TX 77070 USA Catherine Schwartz CST Lab: NVLAP 200556-0 | HP P-Class Smart Array RAID Controllers (Hardware Versions: P230i, P430, P431, P731m, P830, and P830i; Firmware Version: 1.66) (When installed, initialized and configured as specified in the Security Policy Section Secure Operation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/20/2015 | 5/19/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2902, #2903 and #2904); DRBG (Certs. #529, #530 and #531); HMAC (Certs. #1837, #1838 and #1839); SHS (Certs. #2442, #2443 and #2444); PBKDF (vendor affirmed) -Other algorithms: AES (Cert. #2902, key wrapping); NDRNG Multi-chip embedded "The HP P-Class Smart Array RAID Controllers are a family of serial-attached SCSI host bus adapters that provide intelligent storage array control. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest." |
| 2374 | Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA Edwin Wong TEL: 408-496-3517 FAX: 408-496-3481 CST Lab: NVLAP 100432-0 | Avaya WLAN 9100 Access Points (Hardware Versions: P/Ns WAO912200-E6GS [1], WAP913200-E6GS [2], WAP913300-E6GS [2], WAP917300-E6GS [2]; Enclosure (Form Factor): WAO912200-E6GS [1], WAB910003-E6 [2]; SKU WLB910001-E6; Firmware Version: AOS-7.1 or AOS-7.2.6) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/08/2015 08/07/2015 | 8/6/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5 Multi-chip standalone "Wireless LAN 9100 Access Points" |
| 2373 | Neopost Technologies, S.A. 113 Rue Jean Marin Naudin Bagneux 92220 France Nathalie TORTELLIER TEL: +33 1 45 36 30 72 FAX: +33 1 45 36 30 10 CST Lab: NVLAP 200983-0 | Neopost Postal Security Device (PSD) (Hardware Versions: A0014227-B, A0014227-C; Firmware Version: a30.00; P/N: A0038091-A) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/05/2015 06/21/2016 | 6/20/2021 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: ECDSA (Cert. #517); AES (Certs. #2874 and #2875); SHS (Cert. #2416); CVL (Cert. #310); RSA (Cert. #1513); DRBG (Cert. #518); HMAC (Cert. #1813) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Hardware RNG Multi-chip embedded "The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access." |
| 2372 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-5140B Chassis with FortiGate/FortiSwitch 5000 Series Blades (Hardware Versions: Chassis: P09297-01; Blades: P4CJ36-04, P4EV74, C4LG17 and P4EX84; AMC Component: P4FC12; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305, 141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/05/2015 | 5/4/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1996, #1997 and #1999); SHS (Certs. #2619, #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1806, #1807 and #1808); RSA (Certs. #1604, #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2371 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-3600C and FortiGate-3950B (Hardware Versions: C4MH12, [C4DE23 with P06698-02] with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2370 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiOS™ 5.0 (Firmware Versions: 5.0, build0305, 141216) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 05/04/2015 | 5/3/2020 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate-300C with the Fortinet entropy token (part number FTR-ENT-1) -FIPS Approved algorithms: AES (Certs. #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1997 and #1999); SHS (Certs. #2622 and #2624); Triple-DES (Certs. #1807 and #1808); RSA (Cert. #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 2369 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1500D and 3700D (Hardware Versions: C1AA64 [1] and C1AA92 [2] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,2]; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2368 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1000C, FortiGate-1240B, FortiGate-3140B and FortiGate-3240C (Hardware Versions: C4HR40 [1], C4CN43 [2], C4XC55 [3] and C4KC75 [4] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3,4] or FIPS-SEAL-BLUE [2]; Firmware Versions: FortiOS 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2367 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-100D, FortiGate-200B, FortiGate-200D, FortiGate-300C, FortiGate-600C and FortiGate-800C (Hardware Versions: C4LL40 [1], C4CD24 [2], C4KV72 [3], C4HY50 [4], C4HZ51 [5] and C4LH81 [6] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [2] or FIPS-SEAL-RED [1,3,4,5,6]; Firmware Versions: 5.0, build0305,141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1996, #1997 and #1999); SHS (Certs. #2619, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1806, #1807 and #1808); RSA (Certs. #1604, #1606, and #1607); CVL (Certs. #415 and #416) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2366 | Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-60C/60D/80C and FortiWiFi-60C/60D (Hardware Versions: C4DM93 [1], C1AB28 [2], C4BC61[3], C4DM95 [4], and C1AB32 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [3] or FIPS-SEAL-RED [1,2,4,5]; Firmware Versions: 5.0, build0305, 141216) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/04/2015 | 5/3/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #3166, #3167, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1997 and #1999); SHS (Certs. #2619, #2620, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1807 and #1808); RSA (Certs. #1604, #1605, and #1607); CVL (Certs. #415 and #416) -Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2365 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 5508 Wireless LAN Controller (Hardware Versions: 5508 with 5508 FIPS kit (AIR-CT5508FIPSKIT=) and CN56XX; Firmware Versions: 8.0 with SNMP Stack v15.3, OPENSSL-0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPTO-7.0.0) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/04/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906 ); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438) -Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant) Multi-chip standalone "The Cisco 5500 Series Wireless Controller, is a highly scalable and flexible platform that enables system-wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments." |
| 2364 | Dell, Inc. 5450 Great America Parkway Santa Clara, CA 95054 USA Srihari Mandava TEL: 408-571-3522 Jeff Yin TEL: 408-571-3689 CST Lab: NVLAP 200002-0 | Dell OpenSSL Cryptographic Library (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/28/2015 | 4/27/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Dell Networking OS 9.6(0.0) running on a Dell Networking S4810, Dell Networking S4820T, Dell Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell Networking Z9000 , Dell Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator (single-user mode) -FIPS Approved algorithms: AES (Cert. #2971); DRBG (Cert. #565); DSA (Cert. #884); HMAC (Cert. #1883); RSA (Cert. #1560); SHS (Cert. #2497); Triple-DES (Cert. #1760) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); ANSI X9.31 RNG (non-compliant); Triple-DES CMAC (non-compliant); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant) Multi-chip standalone "Dell OpenSSL Cryptographic Library v2.1 is used within various Dell Networking products, including the S and Z-Series. Dell Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell Networking OS." |
| 2363 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Systems 5760 Wireless LAN Controller (Hardware Version: Cisco Systems 5760 Wireless LAN Controller; Firmware Version: IOS XE 03.06.00aE) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/27/2015 | 4/26/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 5760 Wireless Controller is an industry-leading platform designed for 802.11ac networks with maximum performance and services at scale, combined with high availability for mission-critical wireless networks." |
| 2362 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Nick Goble TEL: 978-318-7544 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV1800-C [1], SV1800-F [2] and SV2800 [3]; 090-03061 [1], 080-03560 [1], 090-03062 [2], 080-03561 [2], 090-03063 [3] and 080-03562 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/23/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305 Multi-chip standalone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2361 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Nick Goble TEL: 978-318-7544 CST Lab: NVLAP 200928-0 | SSL Visibility Appliance (Hardware Versions: SV3800; 090-03064 and 080-03563 with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/23/2015 09/04/2015 | 9/3/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305 Multi-chip standalone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2360 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | IPCryptR2 (Hardware Version: BLN1306A; Firmware Version: R06.01.00) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/13/2015 01/30/2017 | 1/29/2022 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Certs. #1292 and #2381); ECDSA (Cert. #498); CVL (Certs. #262 and #263); HMAC (Cert. #1780) -Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (Cert. #1424, key wrapping; key establishment provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG Multi-chip standalone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems." |
| 2358 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 FAX: n/a CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/13/2015 | 4/12/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 2357 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2356 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/30/2015 05/29/2015 05/02/2017 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Cert. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) -Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography." |
| 2356 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17042) (When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/19/2015 05/29/2015 05/02/2017 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Cert. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692) -Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; Dual-EC DRBG (non-compliant); HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)." |
| 2355 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/17/2015 05/18/2015 05/02/2017 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. #2373) -Other algorithms: MD5 Multi-chip standalone "Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk." |
| 2354 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro,Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series (Software Versions: 6.3.9600 and 6.3.9600.17031) (When installed, initialized and configured as specified in the Security Policy Section 2 with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry, Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/23/2015 05/29/2015 | 5/28/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832) -Other algorithms: N/A Multi-chip standalone "The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file." |
| 2353 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | BitLocker® Windows Resume (winresume) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/23/2015 05/18/2015 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. #2373 and #2396) -Other algorithms: MD5 Multi-chip standalone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state." |
| 2352 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | BitLocker® Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3; Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/10/2015 05/18/2015 05/02/2017 | 5/17/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396) -Other algorithms: MD5; NDRNG Multi-chip standalone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files." |
| 2351 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Mike Grimm TEL: 800-642-7676 CST Lab: NVLAP 200427-0 | Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2 (Software Versions: 6.3.9600 and 6.3.9600.17031) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/12/2015 04/10/2015 05/02/2017 | 4/9/2020 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Tested Configuration(s): Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3 Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2 Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1 Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1 Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA Microsoft Windows 8.1 Pro (x64) running on an Intel i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 Azure StorSimple Virtual Array Windows Server 2012 R2 on Hyper-V 6.3 on Windows Server 2012 R2 (x64) running on a Dell Precision Tower 5810 with PAA Azure StorSimple Virtual Array Windows Server 2012 R2 on VMware Workstation 12.5 on Windows Server 2012 R2 (x64) running on a Dell XPS 8700 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. #2373 and #2396) -Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) Multi-chip standalone "The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it." |
| 2350 | Canon Inc. 30-2 Shimomaruko 3-chome Ohta-ku, Tokyo 146-8501 Japan Yoichi Toyokura TEL: +81-3-3758-2111 FAX: +81-3-3758-1160 CST Lab: NVLAP 200822-0 | Canon MFP Security Chip (Hardware Versions: FK4-1731A, FK4-1731B; Firmware Versions: 2.10, 2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate JCMVP Cert. #J0021 Security Policy | Hardware | 04/20/2015 01/31/2017 | 1/30/2022 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2907); SHS (Cert. #2601); DRBG (Cert. #638) -Other algorithms: NDRNG Multi-chip embedded "The Canon MFP Security Chip handles cryptography for the storage device of the Canon MFP/printer. The Canon MFP Security Chip realizes high-speed data encryption/decryption through a serial ATA interface, using AES CBC mode. This allows the Canon MFP/printer's storage device to be protected against the risk of information leakage, without compromising objectives such as extensibility, flexibility, usability, and high performance." |
| 2349 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/15/2015 04/14/2016 | 4/13/2021 | Overall Level: 2 Multi-chip standalone |
| 2348 | HGST, a Western Digital company 3403 Yerba Buena Road San Jose, CA 95135 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar He8 TCG Enterprise HDDs (Hardware Versions: HUH728080AL5205 (0001) [1, 2, 3, 4, 7, 9, 10, 11], HUH728060AL5205 (0001) [1, 2, 3, 4, 10], HUH728080AL4205 (0001) [1, 2, 3, 4, 5, 6, 7, 8, 10] and HUH728060AL4205 (0001) [1, 2, 3, 4, 10]; Firmware Versions: R515 [1], R55B [2], R7J0 [3], R907 [4], R920 [5], R9D0 [6], R9E2 [7], R9L0 [8], RAG1 [9], RD05 [10] or RD51 [11]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/17/2015 05/08/2015 07/23/2015 04/28/2016 06/24/2016 05/02/2017 05/23/2017 08/04/2017 08/11/2017 | 6/23/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DRBG (Cert. #302); AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar He8 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs." |
| 2343 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Peter Tsai TEL: (408) 433-6000 FAX: (408) 844-8638 Peter Henschied TEL: (408) 433-6000 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Encryption Expert Cryptographic Module (Software Version: 5.1.3) (When operated in FIPS mode. When operating on Windows 8 R2, requires module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/24/2015 | 3/23/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 2008 R2 64-bit running on a Lenovo Thinkpad T61 HPUX 11i v3 64-bit running on an HP Server rx7620 AIX 6.1 64 bit running on an AIX IBM P7 8233 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1168 and #2807); Triple-DES (Certs. #846 and #1685); SHS (Certs. #2355 and #2390); HMAC (Certs. #1758 and #1788) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services." |
| 2342 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Peter Tsai TEL: (408) 433-6000 FAX: (408) 844-8638 Peter Henschied TEL: (408) 433-6000 FAX: (408) 844-8638 CST Lab: NVLAP 200002-0 | Vormetric Encryption Expert Cryptographic Module (Hardware Version: E5-2670; Software Version: 5.1.3) (When operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 03/24/2015 | 3/23/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 running on a Supermicro X9DR7, SUSE Linux Enterprise Server 11 SP 2 running on a Supermicro X9DR7 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2807); Triple-DES (Cert. #1685); SHS (Cert. #2355); HMAC (Cert. #1758) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services." |
| 2341 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 3850 Series Switches and Cisco Catalyst 3650 Series Switches (Hardware Versions: Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches [1] and Cisco Field Replaceable Uplink Network Modules [1]; Firmware Version: IOS XE 03.06.00aE) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2015 | 3/19/2020 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688) -Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5, MD5, RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 3650 and 3850 Series family is the next generation of enterprise-class standalone and stackable access/aggregation layer switches that provide full convergence between wired and wireless on a single platform." |
| 2340 | Veritas Technologies LLC 500 East Middlefield Road Mountain View, CA 94043 USA Mohit Goyal TEL: 612- 310-8283 CST Lab: NVLAP 100432-0 | Veritas NetBackup Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/20/2015 02/11/2016 04/22/2016 04/27/2016 | 4/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell Optiplex 755 CentOS 6.3 on a Dell Optiplex 755 SUSE Linux Enterprise 11SP2 on a Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Veritas NetBackup Cryptographic Module provides cryptographic functions for Veritas NetBackup." |
| 2338 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS Combi PKI Native Smart Card (Hardware Versions: RS46X and RS47X; Firmware Versions: HardMask: 2.3 and SoftMask: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/16/2015 | 3/15/2020 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1616); SHS (Cert. #2262); RSA (Cert. #1393); DRBG (Cert. #441) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1616, key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength) Single-chip "The HiCOS Combi PKI native smart card module is a single chip implementation of a cryptographic module that supports ISO-7816 contact interface and ISO-14443 contactless interface. The HiCOS Combi PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, the contactless faceplate, and the electronic connectors between the chip and contact pad/antenna, all contained within an epoxy substrate." |
| 2336 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-636M-HSE CyberFence Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.0) (When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/11/2015 03/29/2016 05/27/2016 | 5/26/2021 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2060 and #2078); CVL (Cert. #285); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); KTS (AES Cert. #2060 and HMAC Cert. #1253; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1491); SHS (Certs. #1801 and #1807) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); SNMPv3 KDF (non-compliant) Multi-Chip Embedded "3e-636-HSE module provides high speed low latency dedicated Layer 2 data encryption for enhanced network security and performance. It supports multiple VLANs with bypass mode. Each VLAN uses its own data encryption key for data privacy and per data packet integrity." |
| 2333 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Osamu Kawashima TEL: +81-90-6171-0253 FAX: +81-45-890-2492 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (Hardware Versions: A0 with AL13SXQ300NB, AL13SXQ450NB or AL13SXQ600NB; Firmware Version: 0101) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/03/2015 | 3/2/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2877); SHS (Cert. #2418); RSA (Cert. #1515); DRBG (Cert. #519) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2330 | Protegrity USA Inc. 5 High Ridge Park 2nd Fl. Stamford, Connecticut 06905 USA Yigal Rozenberg TEL: 203-428-4526 FAX: 203-348-1251 Raul Ortega TEL: 203-428-4713 FAX: 203-569-4013 CST Lab: NVLAP 200658-0 | Protegrity Cryptographic Module (Software Version: 1.0) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/03/2015 | 3/2/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux SLES 11 64-bit running on IBM x3550 model 7978 IBM z/OS 2.1 running on IBM zEC12 Microsoft Windows Server 2008 64-bit running on IBM x3550 model 7978 (single user mode) -FIPS Approved algorithms: AES (Certs. #2922, #2923 and #2926); Triple-DES (Certs. #1735, #1736 and #1739); HMAC (Certs. #1849, #1850 and #1853); SHS (Certs. #2458, #2459 and #2462) -Other algorithms: DTP2-AES; DTP2-TDES; DTP2-HMAC-SHA1; CUSP-AES; CUSP-TDES; MD5; HMAC-MD5 Multi-chip standalone "The Protegrity Cryptographic Module is a software module that provides FIPS validated cryptographic services for Protegrity Data Security products." |
| 2329 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/12/2015 | 2/11/2020 | Overall Level: 3 Multi-chip standalone |
| 2328 | Zebra Technologies Corporation 475 Half Day Road, Suite 500 Lincolnshire, IL 60069 USA Erv Comer TEL: 480-628-7901 Tom McKinney TEL: 631-738-3586 CST Lab: NVLAP 100432-0 | Fusion Wireless LAN Cryptographic Module for WM/CE (Hardware Versions: P/Ns WL1283CYFVR (Rev C), WL1273LYFVR, WL1273BYFVR, WL1271BYFVR, WL1270BYFVR; Firmware Version: 1.01; Software Version: X_2.02.0.0.4) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/10/2015 02/19/2016 | 2/18/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Mobile 6.5 running on MC67 Windows CE7.0 running on WT41 Windows CE7 running on MC18 Windows Mobile 6.5 running on MC55N0 Windows CE6 running on MC2180 Windows CE6 running on SB1 Windows CE 6.0 running on 7528x Windows Embedded Handheld 6.5 running on 7528x (single-user mode) -FIPS Approved algorithms: AES (Certs. #2997, #2998, #2999, #3000 and #3001); HMAC (Cert. #1898); SHS (Cert. #2512) -Other algorithms: N/A Multi-chip standalone "The Fusion module secures the WLAN radio for numerous deviceson the Windows Mobile and CE operating systems. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government." |
| 2327 | Giesecke+Devrient Mobile Security GmbH Prinzregentenstrasse 159 Munich D-81677 Germany Steffen Heinrich TEL: +49-89/4119-2453 CST Lab: NVLAP 100432-0 | Sm@rtCafé Expert 7.0 (Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/10/2015 07/03/2017 08/04/2017 | 2/9/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2720 and #2721); CVL (Certs. #177, #1192 and #1193); DSA (Cert. #837); DRBG (Cert. #455); ECDSA (Cert. #476); KBKDF (Cert. #18); RSA (Certs. #1506 and #1507); SHS (Certs. #2288, #2289 and #2890); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed) -Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides 128 to 256 bits of encryption strength); TRNG Single-chip "Sm@rtCafé Expert 7.0 is a Smart Card based on Java Card and GlobalPlatform Technology. Sm@rtCafé Expert 7.0 conforms to Java Card Classic Platform Specification 3.0.4 and GlobalPlatform Card Specification Version 2.2.1 supporting Secure Channel Protocol 03, Card Specification V2.2 Amendment D. The product is suitable for government and corporate identification, payment and banking, health care, and authentication" |
| 2326 | HGST, a Western Digital company 5601 Great Oaks Parkway San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C10K1800 TCG Enterprise HDDs (Hardware Versions: HUC101818CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101818CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21], HUC101818CS4205 (3), [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21], HUC101812CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101812CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20, 21], HUC101890CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20, 21], HUC101860CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101845CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101845CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20, 21], HUC101845CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20, 21], HUC101812CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101812CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101890CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101860CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101830CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101830CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21], HUC101830CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20, 21]; Firmware Versions: R1A0 [1], R3B0 [2], R3F0 [3], R3R0 [4], R3R2 [5], R3T0 [6], R3X0 [7], R3X2 [8], R703 [9], R770 [10], R7R1 [11], NA00 [12], NE00 [13], R801 [14], NE02 [15], R7G2 [16], R904 [17], R920 [18], R940 [19], R990 [20] and RA01 [21]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/10/2015 03/13/2015 07/23/2015 11/19/2015 11/27/2015 01/28/2016 04/19/2016 12/19/2016 | 12/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C10K1800 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2322 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches (Hardware Versions: [BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8-BND-AC, BR-VDX8770-8-BND-DC] w/ Field Replaceable Units (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 & 80-1006429-01) BR-VDX6710-54-F, BR-VDX6710-54-R, BR-VDX6720-16-F (80-1004566-07 & 80-1006701-02) BR-VDX6720-16-R (80-1004567-07 & 80-1006702-02) BR-VDX6720-24-F (80-1004564-07 & 80-1006699-02) BR-VDX6720-24-R (80-1004565-07 & 80-1006700-02) BR-VDX6720-40-F (80-1004570-07 & 80-1006305-02) BR-VDX6720-40-R (80-1004571-07 & 80-1006306-02) BR-VDX6720-60-F (80-1004568-07 & 80-1006303-02) BR-VDX6720-60-R (80-1004569-07 & 80-1006304-02) BR-VDX6730-16-F (80-1005649-03 & 80-1006709-02) BR-VDX6730-16-R (80-1005651-03 & 80-1006711-02) BR-VDX6730-24-F (80-1005648-03 & 80-1006708-02) BR-VDX6730-24-R (80-1005650-03 & 80-1006710-02) BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-40-F (80-1005680-03 & 80-1006719-02) BR-VDX6730-40-R (80-1005681-03 & 80-1006720-02) BR-VDX6730-60-F (80-1005679-03 & 80-1006718-02) BR-VDX6730-60-R (80-1005678-03 & 80-1006717-02) BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64-ALLSW-F, BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F & BR-VDX6740T-64-ALLSW-R w/ FIPS Kit P/N Brocade XBR-000195; Firmware Version: Network OS (NOS) v4.0.0 (P/N 63-1001271-01)) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3, 4, 5, 6 and 7 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2015 | 2/1/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #1965 and #1966); RSA (Certs. #1174, #1175, #1280 and #1282) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; NDRNG; Triple-DES (non-compliant); AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; 3DES; BLOWFISH-CBC; CAST128; ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments." |
| 2319 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | McAfee NGFW Cryptographic Library (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 01/28/2015 | 1/27/2020 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320 Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955); Triple-DES (Certs. #1752, #1753, #1754, #1755, #1756 and #1757); DSA (Certs. #878, #879, #880, #881, #882 and #883); RSA (Certs. #1549, #1550, #1551, #1552, #1553 and #1554); ECDSA (Certs. #537, #538, #539, #540, #541 and #542); DRBG (Certs. #549, #550, #551, #552, #553, #554, #555 and #556); SHS (Certs. #2482, #2483, #2484, #2485, #2486 and #2487); HMAC (Certs. #1869, #1870, #1871, #1872, #1873 and #1874); CVL (Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355) -Other algorithms: Diffie-Hellman (CVL Certs. #344, #346, #348, #350, #352 and #354, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip standalone "The McAfee NGFW Cryptographic Library is a software module thatprovides cryptographic services required by the McAfee NGFW product." |
| 2318 | Symantec Corporation 303 2nd Street 1000N San Francisco, CA 94107 USA Rajesh Devadasan CST Lab: NVLAP 200556-0 | Symantec DLP Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/28/2015 06/28/2016 | 6/27/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 on a Dell OptiPlex 755 Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 Apple Mac OS X 10.7 (64-bit) on a MacBook Air Apple Mac OS X 10.7 (32-bit) on a MacBook Air (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1495); AES (Cert. #2397); DSA (Cert. #749); ECDSA (Cert. #395); RSA (Cert. #1240); SHS (Cert. #2060); DRBG (Cert. #318); HMAC (Cert. #1490) -Other algorithms: PRNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual_EC_DRBG; RSA (key wrapping; key establishment provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The module, the Symantec DLP Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the Symantec Data Loss Prevention solution." |
| 2317 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module (Hardware Versions: ST6000NM0114 [1,2,3,4,5,6,7,8,9], ST4000NM0114 [1,2,3,4,5,6,7,8,9], ST2000NM0114 [1,2,3,4,5,6,7,8,9], ST6000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST4000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST2000NM0104 [10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29], ST6000NM0094 [30], ST4000NM0094 [30], ST2000NM0094 [30], ST6000NM0084 [31,32], ST4000NM0084 [31,32], ST2000NM0084 [31,32], ST8000NM0125 [33,34,35,36,37,38,39,40,41,42,43,44,45], ST8000NM0135 [46,47,48,49,50,51,52,53,54,55,56,57,58,59,60], ST8000NM0145 [61,62], ST8000NM0155 [63,64], ST6000NM0255 [65,66], ST4000NM0135 [67,68,69,70,71,72,73,74,75,76,77], ST3000NM0045 [78,79,80,81,82,83,84,85,86,87,88], ST6000NM0285 [89,90,91,92,93,94,95,96,97,98,99], ST4000NM0235 [100,101,102,103,104,105,106,107,108,109,110], ST6000NM0265 [111,112], ST4000NM0105 [113], ST3000NM0055 [114], ST6000NM0275 [115,116,117], ST4000NM0225 [118,119], ST600MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST450MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST300MP0025 [120,121,122,123,124,125,126,127,128,129,130,131,132], ST600MP0085 [133,134], ST450MP0085 [133,134], ST300MP0085 [133,134], ST600MP0055 [135,136], ST450MP0055 [135,136], ST300MP0055 [135,136], ST600MX0102 [137,138,139,140], ST600MX0072 [141,142], ST1800MM0048 [143,144,145,146,147,148,149,150], ST1200MM0048 [143,144,145,146,147,148,149,150], ST900MM0048 [143,144,145,146,147,148,149,150], ST600MM0048 [143,144,145,146,147,148,149,150], ST1800MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST1200MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST900MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST600MM0078 [151,152,153,154,155,156,157,158,159,160,161], ST1200MM00108 [162,163,164,165,166,167,168,169,170,171,172,173], ST600MM00108 [162,163,164,165,166,167,168,169,170,171,172,173], ST1800MM0118 [174,175,176], ST1200MM0118 [174,175,176], ST900MM0118 [174,175,176], ST600MM0118 [174,175,176], ST1800MM0158 [177,178], ST1200MM0158 [177,178], ST900MM0158 [177,178], ST600MM0158 [177,178], ST2000NX0333 [179,180,181,182,183,184,185], ST2000NX0353 [186,187,188,189,190,191,192,193,194,195], ST2000NX0453 [196,197] and ST1000NX0483 [198,199]; Firmware Versions: KF01[1], MT13[2], MF14[3], MF15[4], ETB1[5], MF17[6], KF05[7], MF18[8], KFH5[9], EF01[10], MEE4[11], HP00[12], MEE5[13], MEE6[14], MEE8[15], NE01[16,160], MSE1[17], MEE9[18], NE02[19], 3P00[20,49,161], 3P01[21,54], 3P02[22,58], NA00[23,98,109], EF05[24], MEEA[25], 3P03[26], NA01[27], MEEB[28], MEEC[29], NF05[30], ZZZZ[31], SF05[32], KFF1[33], PF11[34], PF12[35], UJ80[36], KF02[37,143,174,179], UV01[38], UJ81[39], PF13[40], KF03[41,65,133,137,183], PF14[42], UV05[43], UJ83[44], PF15[45], EFF1[46], PSE1[47], EF02[48,116,118,151,177,186], PSE3[50], FC70[51], NE03[52], FC71[53], EF03[55,93,104,135,141,190], FCD2[56], FC72[57], FCD3[59], FC73[60], NF01[61], NF02[62,69,80,112,162], SF01[63,111,115], SF02[64], DF12[66], DSF1[67,78], FK80[68,79], FK81[70,81], BE05[71,82], BF82[72,83], NF03[73,84,120,167], DSF2[74,85], DEC1[75,86], FK82[76,87], FK83[77,88], DEE2[89,100], DEE3[90,101], FC80[91,102], FC81[92,103], PSE4[94,105], DEE4[95,106], FC82[96,107], NE00[97,108], FC83[99,110], TF02[113,114], SF03[117,119], VSC4[121], VEC3[122], VEC4[123], VEC5[124], VSC5[125], VEC7[126], VEC8[127], VEC9[128], NF04[129,172,197,199], VSC6[130], VECA[131], VECB[132], KF04[134,140,148,176,184], ED04[136], VT13[138], VT14[139], EF04[142,159,178,193], TF12[144], TF13[145], TF16[146], 4201[147], TF17[149], TF18[150], TEE3[152], TEE4[153], TEE5[154], TEE8[155], TSE1[156], TEE9[157], TEEA[158], TSC4[163], TEC3[164], TEC4[165], TEC5[166], TSC5[168], TEC7[169], TEC8[170], TEC9[171], TSC6[173], TT13[175], NT17[180], NF13[181], NF14[182], NF15[185], NEE3[187], NEE4[188], NEE5[189], FD30[191], FD31[192], NEE6[194], FD32[195] and NSF1[196,198]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/21/2015 02/13/2015 03/13/2015 05/08/2015 06/09/2015 07/23/2015 09/30/2015 12/22/2015 01/04/2016 04/19/2016 06/03/2016 07/27/2016 10/13/2016 12/02/2016 12/20/2016 03/13/2017 04/03/2017 06/22/2017 | 12/19/2021 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343, #2803, #2841, #2842 and #2947); DRBG (Cert. #62); HMAC (Cert. #1597); PBKDF (vendor affirmed); RSA (Cert. #1021); SHS (Certs. #1225, #2352 and #2383) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Enterprise Capacity® HDD v4 Self-Encrypting Drives model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2316 | Cavium Networks 2315 N First Street San Jose, CA 95131 USA Phanikumar Kancharla TEL: 408-943-7496 Tasha Castaneda TEL: 408-943-7380 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1610-NFBE1-3.0-FW-2.2-G, CN1620-NFBE1-3.0-FW-2.2-G, CN1620-NFBE3-3.0-FW-2.2-G, CN1610-NFBE1-2.0-FW-2.2-G, CN1620-NFBE1-2.0-FW-2.2-G, CN1620-NFBE3-2.0-FW-2.2-G and FN1620‐NFBE2‐G; Firmware Versions: CN16XX-NFBE-FW-2.2-130013 and CN16XX-NFBE-FW-2.2-130014) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/21/2015 07/23/2015 12/04/2015 06/10/2016 06/24/2016 | 6/23/2021 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265, #1266 and #2899); CVL (Cert. #166); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #801, #1166 and #1379); Triple-DES (Cert. #898) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 9000 RSA 2k-bit operations per second and 5 Gbps of bulk crypto." |
| 2315 | Software House, a brand of Tyco Security Products 6 Technology Park Drive Westford, MA 01886 USA Lou Mikitarian TEL: 978-577-4125 Rick Focke TEL: 978-577-4266 CST Lab: NVLAP 200928-0 | iSTAR Ultra Door Controller (Hardware Versions: USTAR008, USTAR016 and USTAR-GCM-2U with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/15/2015 | 1/14/2020 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293) -Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG Multi-chip standalone "The iSTAR Ultra door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Ultra controls up to 32 doors. The iSTAR Ultra records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Ultra can be deployed individually or in clusters. The iSTAR Ultra features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster." |
| 2313 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200416-0 | Acme Packet 4500 (Hardware Version: A1; Firmware Version: C6.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1373 and #1378); HMAC (Certs. #519, #900 and #907); RSA (Cert. #753); DRBG (Cert. #68) -Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG Multi-chip standalone "The Acme Packet 4500 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders." |
| 2312 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Nikhil Suares TEL: (781) 538-7568 CST Lab: NVLAP 200416-0 | Acme Packet 3820 (Hardware Version: A1; Firmware Version: C6.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1372 and #1378); HMAC (Certs. #519, #899 and #907); RSA (Cert. #754); DRBG (Cert. #67) -Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG Multi-chip standalone "The Acme Packet 3820 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders." |
| 2311 | SecuTech Solutions PTY LTD Suite 514, 32 Delhi Road North Ryde, NSW 2113 Australia Fujimi Bentley TEL: 00612-98886185 FAX: 00612-98886185 Joseph Sciuto TEL: 00612-98886185 FAX: 00612-98886185 CST Lab: NVLAP 200658-0 | UniMate USB/TRRS PKI Token (Hardware Version: 2.11; Firmware Version: 5.1.6) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/09/2015 | 1/8/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2836); Triple-DES (Cert. #1696); RSA (Cert. #1478); SHS (Cert. #2377); DRBG (Cert. #492); HMAC (Cert. #1777) -Other algorithms: HW RNG Multi-chip standalone "The UniMate USB/TRRS (Audio Port) PKI token is a hardware cryptographic module. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user's private and public key pairs can be generated and stored on the embedded chip within the UniMate cryptographic module. The private key can never be exported. UniMate provides the USB interface and audio port (TRRS) that can connect the module to a computer and smart mobile device. The UniMate implements type A USB 1.1 specifications and USB CCID protocol." |
| 2310 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX ™ 6610, ICX 6450, ICX 6650, ICX 7750 and SX 800/1600 Series (Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-C12-PD (P/N 80-1007578-01), FI-SX800-S (P/N 80-1003050-03; 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02; 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02; 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-FI-2XGMR-XL (P/N 80-1006607-01), SX-FI-2XGMR-XL-PREM6 (P/N 80-1007349-01), Filler Panels (P/N 11456-005; 11457-006; 18072-004), ICX6650-32-E-ADV (P/N 80-1007115-02), ICX6650-32-I-ADV (P/N 80-1007116-02), ICX6650-40-E-ADV (P/N 80-1007179-03), ICX6650-40-I-ADV (P/N 80-1007181-03), ICX6650-48-E-ADV (P/N 80-1007180-03), ICX6650-48-I-ADV (P/N 80-1007182-03), ICX6650-56-E-ADV (P/N 80-1007117-03), ICX6650-56-I-ADV (P/N 80-1007118-03), ICX6650-80-E-ADV (P/N 80-1007119-03), ICX6650-80-I-ADV (P/N 80-1007120-03), ICX7750-48F (P/N 80-1007607-01), ICX7750-48C (P/N 80-1007608-01) and ICX7750-26Q (P/N 80-1007609-01)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.10) (When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 12 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/08/2015 | 1/7/2020 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1612, #1613, #1614, #1615 and #1617); AES (Certs. #2686, #2687, #2688, #2690 and #2697); SHS (Certs. #2257, #2258, #2259, #2260 and #2265); HMAC (Certs. #1673, #1674, #1675, #1676 and #1679); DRBG (Certs. #436, #437, #438, #439 and #442); RSA (Certs. #1386, #1387, #1388, #1391 and #1396); CVL (Certs. #154, #155, #156, #159 and #161) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); MD5; DES; NDRNG; HMAC-MD5; DSA (non-compliant) Multi-chip standalone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch." |
| 2309 | Software House, a brand of Tyco Security Products 6 Technology Park Drive Westford, MA 01886 USA Lou Mikitarian TEL: 978-577-4125 Rick Focke TEL: 978-577-4266 CST Lab: NVLAP 200928-0 | iSTAR Edge Door Controller (Hardware Versions: ESTAR001, ESTAR001-POE1, ESTAR002, ESTAR002-POE1, ESTAR004 with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 01/13/2015 | 1/12/2020 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293) -Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG Multi-chip standalone "The iSTAR Edge door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Edge controls up to four doors. The iSTAR Edge records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Edge can be deployed individually or in clusters. The iSTAR Edge features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster." |
| 2308 | SAP AG Albert-Einstein-Allee 3 Bensheim 64625 Germany Stephan André TEL: +49-6251-708-1730 FAX: +49-6227-78-55975 Thomas Rothe TEL: +49-6251-708-2339 FAX: +49-6227-78-55989 CST Lab: NVLAP 200636-0 | SAP NW SSO 2.0 Secure Login Library Crypto Kernel (Software Version: 2.0.0.1.32) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/06/2015 | 1/5/2020 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with AIX 5.1 64-bit running on a Fujitsu Esprimo P5925 AIX 5.2 64-bit running on a IBM eServer pSeries 630 Model 6C4 AIX 6.1 64-bit on Vmware ESX 4.1.0 running on a IBM Power 770 HP-UX 11.00 64-bit running on a HP 9000 L3000 HP-UX 11.11 64-bit running on a HP 9000 rp5470 HP-UX 11.23 64-bit running on a HP Integrity rx5670 HP-UX 11.31 64-bit running on a HP 9000 rp3440 HP-UX 11.31 64-bit running on a HP Integrity rx6600 Linux 2.4.18 running on a IBM eServer xSeries 235 Linux 2.4.19 running on a HP Integrity rx2600 Linux 2.4.21 running on a Fujitsu Primergy TX300 Linux 2.6.16 on Vmware ESX 4.1.0 running on a IBM Power 595 Linux 2.6.16 running on a HP ProLiant DL385 G2 Linux 2.6.27 on Vmware ESX 4.1.0 running on a IBM eServer xSeries 235 Linux 2.6.32 on Vmware ESX 5.0.0 running on a IBM Power 770 Linux 2.6.32 running on a Fujitsu Esprimo P9900 E-Star5 with PAA Linux 2.6.32 running on a IBM eServer xSeries 3655 without PAA Linux 2.6.5 on Vmware ESX 4.1.0 running on a IBM S/390 Linux 2.6.5 on Vmware ESX 5.0.0 running on a IBM System p5 595 Linux 2.6.5 running on a HP Integrity rx5670 Linux 2.6.5 running on a IBM System x3755 Linux 2.6.5 running on a IBM eServer xSeries 250 Mac OS X 10.7 64-bit running on a MacPro Solaris 5.10 64-bit running on a Fujitsu PrimePower 650 Solaris 5.10 64-bit running on a Sun Fire X4150 Solaris 5.8 64-bit running on a Fujitsu GP7000F400R Solaris 5.9 64-bit running on a Sun Fire V880 Tru64 Unix 5.1 running on a Compaq AlphaServer ES40 Windows 7 Enterprise SP1 64-bit running on a Lenovo ThinkCentre M90P with PAA Windows Server 2008 R2 on Vmware ESX 4.1.0 running on a IBM System x3755 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2370, #2371 and #2372); Triple-DES (Certs. #1481, #1482 and #1483); DSA (Certs. #741, #742 and #743); RSA (Certs. #1225, #1226 and #1227); HMAC (Certs. #1472, #1473 and #1474); DRBG (Certs. #306, #307 and #308); SHS (Certs. #2042, #2043 and #2044) -Other algorithms: IDEA; RC2; RC5-32; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "SAP NW SSO 2.0 Secure Login Library Crypto Kernel v2.0.0.1.32 is a shared library, i.e. it consists of software only. SAP NW SSO 2.0 Secure Login Library Crypto Kernel provides an API in terms of C++ methods for key management and operation of cryptographic functions." |
| 2307 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | DataTraveler DT4000 G2 Series USB Flash Drive (Hardware Versions: DT4000 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/06/2015 11/20/2015 | 11/19/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); RSA (Cert. #1480); SHS (Cert. #2379); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Kingston's DataTraveler DT4000 G2 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen." |
| 2306 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module (Hardware Version: 1.0; Firmware Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/06/2015 06/03/2016 | 6/2/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1611 and #2060); SHS (Cert. #1801); RSA (Cert. #1491); ECDSA (Cert. #303); DRBG (Cert. #822); CVL (Cert. #285) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip embedded "3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module provides secured ISA 100.11a wireless communication services. Acting as industrial access point, it enables connectivity between remote field devices to securely relay process monitoring, automation, and network data securely back to the network." |
| 2304 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion kiteworks Cryptographic Module (Software Version: KWLIB_1_0_1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/24/2014 | 12/23/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2850); CVL (Cert. #286); DRBG (Cert. #503); HMAC (Certs. #1790 and #1791); RSA (Cert. #1492); SHS (Certs. #2392 and #2393); Triple-DES (Cert. #1703) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand() Multi-chip standalone "Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2303 | Oberthur Technologies 402 rue d'Estienne d'Orves Colombes 92700 France Christophe Goyet TEL: 703-322-8951 FAX: n/a Said Boukyoud TEL: +33-1-78-14-72-58 FAX: +33-1-78-14-70-20 CST Lab: NVLAP 100432-0 | ID-One PIV-C on Cosmo V8 (Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2014 | 12/23/2019 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727) -Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "ID-One Cosmo V8 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.1 and GlobalPlatform 2.2.1 chip with Built-in PIV application, Opacity Secure messaging and fingerprint On-Card-Comparison (OCC)." |
| 2302 | SecureMetric Technology Sdn. Bhd. 2-2, Incubator 2, Technology Park Malaysia, Lebuhraya Sg. Besi - Puchong, Bukit Jalil Kuala Lumpur 57000 Malaysia Nioo Yu Siong TEL: +603-8996 8225 FAX: +603-8996 7225 Edward Law TEL: +603-8996 8225 FAX: +603-8996 7225 CST Lab: NVLAP 100432-0 | ST3 ACE Token (Hardware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/09/2015 05/08/2015 | 5/7/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "ST3 ACE Token is a USB token containing SECUREMETRIC¦s own SECUREMETRIC-FIPS-COS cryptographic operating system. The SECUREMETRIC -FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support SECUREMETRIC¦s USB token. ST3 ACE Token is a secure microprocessor smart chip based USB token that work as a miniature cryptography computer designed for strong 2-Factor Authentication (2FA) and identification to support network login, secure online transaction, digital signatures and sensitive data protection." |
| 2301 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | IOS Common Cryptographic Module (IC2M) (Firmware Version: Rel 3(1.5.2)) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/18/2014 06/12/2015 | 6/11/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: Cisco ASR1K 1NG, Cisco ISR 4451-X, Cisco ISR 4441, Cisco ASR1K RP2 and Cisco ASR1K 2KP (kingpin) with processor Intel Xeon on IOS XE3.10 Cisco ISR 3925E and Cisco ISR 3945E with processor Intel Xeon on IOS 15.3 Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.10 Cisco ISR c2951, Cisco ISR c3925 and Cisco ISR c3945 with processor Freescale 8752E on IOS 15.3 Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.3 Cisco ISR 1941 and Cisco ISR 2900 with processor Cavium CN5220 on IOS 15.3 Cisco Catalyst 4K with processor MPC8572C on IOS XE 3.6 Cisco Catalyst 3750x and Cisco Catalyst 3560x with processor Power-PC 405 on IOS 15.2 Cisco Catalyst 3650 with processor AMCC PowerPC 405EX on IOS XE3.6 Cisco Catalyst 2960 with processor Cavium CN5230 on IOS 15.2 -FIPS Approved algorithms: AES (Certs. #2783 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688) -Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SEAL Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 2300 | RSA 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Versions: 4.1 [1], 4.1.0.1 [2], 4.1.2 [3] and 4.1.3.2 [4]) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/16/2014 12/21/2015 01/19/2016 01/22/2016 02/12/2016 01/18/2017 08/11/2017 | 1/17/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay without PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without PAA [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with PAA [1] Mac OS X 10.8 running on an Apple MacBook6,1 without PAA [1] Mac OS X 10.8 running on an Apple Mac Pro 5.1 with PAA [1] Solaris 10 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3] Solaris 11 running on a Oracle SPARC T4-2 without PAA [1][3] Solaris 11 running on a Oracle SPARC T4-2 with PAA [1][3] Solaris 10 on ESXi 4.1 running on a Dell M610 without PAA [1] Solaris 10 on ESXi 4.1 running on a Dell M610 with PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 without PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 with PAA [1] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Ubuntu 12.04 LTS running on a Beagle dev board [1][3] Fedora Core 17 running on a Beagle dev board [1] Android 4.0.3 running on a Motorola RAZR I [1] Android 2.3.6 running on a Samsung Galaxy S2 [1] Android 4.1.2 running on a Google Nexus 7 iOS 7.1 running on an Apple iPad 3 [1] iOS 7.1 running on an Apple iPad 4 [1] VxWorks 6.4 running on a MVME6100 [1][3] VxWorks 6.7 running on a MVME6100 [1][3] VxWorks 6.8 running on a MX31 Lite Kit [1][3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3] Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3] SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3] Fedora Core 20 running on a Wandboard Quad [3] Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3] Android 4.1 running on a Motorola RAZR I [3] Android 4.4 running on a Google Nexus 7 Tablet [3] Android 5.1 running on a Google Nexus 5 [3] Android 5.1 running on a Google Nexus 9 Tablet [3] CentOS 6.6 running on a Dell R730xd [3] Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] CentOS 7.2 running on a Dell Latitude E6420 with PAA [3] CentOS 7.2 running on a Dell Latitude E6420 without PAA [3] Timesys Linux 4.2.8 running on a ARMv7 Cortex A53 [4] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2859 [1], #3596 [3], #3767 [2] and #4665 [4]); CVL (Certs. #296 [1], #297 [1], #298 [1], #299 [1], #300 [1], #618 [3], #619 [3], #620 [3], #621 [3], #622 [3], #714 [2], #715 [2], #716 [2], #717 [2], #740 [2], #1311 [4], #1314 [4], #1315 [4], #1316 [4] and #1317 [4]); DRBG (Certs. #507 [1], #931 [3], #1037 [2] and #1577 [4]); DSA (Certs. #858 [1], #999 [3], #1047 [2] and #1236 [4]); ECDSA (Certs. #507 [1], #733 [3], #810 [2] and #1149 [4]); HMAC (Certs. #1799 [1], #2293 [3], #2467 [2] and #3089 [4]); KTS (AES Certs. #3596 [3] and #4665 [4]; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1499 [1], #1850 [3], #1938 [2] and #2545 [4]); SHS (Certs. #2402 [1], #2958 [3], #3137 [2] and #3822 [4]); Triple-DES (Certs. #1706 [1], #2003 [3], #2095 [2] and #2482 [4]) -Other algorithms: AES (Certs. #2859 [1] and #3767 [2], key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; EC Diffie-Hellman; HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Camellia; DES; DESX; DES40; ECAES (non-compliant); ECIES; GOST; MD2; MD4; PRNG; RC2; RC4; RC5; SEED Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2299 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2014 03/20/2015 | 3/19/2020 | Overall Level: 2 Multi-chip embedded |
| 2298 | Ultra Electronics AEP Knaves Beech Business Centre Loud Water High Wycombe Buckinghamshire HP10 9UT United Kingdom Rob Stubbs CST Lab: NVLAP 200556-0 | Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module (Hardware Version: 2870-G1; Firmware Versions: 2r3 and 2r4) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2015 05/29/2015 | 5/28/2020 | Overall Level: 4 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #2255 and #2782); HMAC (Certs. #1671 and #2138); RSA (Cert. #1384); DSA (Cert. #813); ECDSA (Cert. #470); Triple-DES (Cert. #1610); Triple-DES MAC (Triple-DES Cert. #1610, vendor affirmed); AES (Cert. #2684); DRBG (Certs. #434 and #786) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); XOR_BASE_AND_DATA KDF (non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); SPKM KDF (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 KDF (non-compliant); Triple-DES KDF (Triple-DES Cert. #1610; non-compliant) Multi-chip embedded "The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications." |
| 2295 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch and 7800 Extension Switch (Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.0 (P/N 63-1001405-01)) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/12/2014 | 12/11/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Certs. #749 and #1408); RSA (Certs. #1048, #1049, #1279 and #1281) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; NDRNG; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); Triple-DES (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; ARCFOUR BLOWFISH-CBC; CAST128; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96; HMAC-MD5-96 Multi-chip standalone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2294 | RSA 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Versions: 4.1 [1], 4.1.0.1 [2], 4.1.2 [3] and 4.1.3.2 [4]) (When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/12/2014 12/21/2015 01/19/2016 01/22/2016 02/12/2016 01/18/2017 08/11/2017 | 1/17/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1] Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1] Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1] Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1] Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1] Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1] Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without PAA [1] Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay without PAA [1] Windows 8.1 Enterprise running on an Intel Mahobay with PAA [1] Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1] Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1] Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without PAA [1] SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with PAA [1] Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1] SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without PAA [1] FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with PAA [1] Mac OS X 10.8 running on an Apple MacBook6,1 without PAA [1] Mac OS X 10.8 running on an Apple Mac Pro 5.1 with PAA [1] Solaris 10 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC T4-2 [1][3] Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3] Solaris 11 running on a Oracle SPARC T4-2 without PAA [1][3] Solaris 11 running on a Oracle SPARC T4-2 with PAA [1][3] Solaris 10 on ESXi 4.1 running on a Dell M610 without PAA [1] Solaris 10 on ESXi 4.1 running on a Dell M610 with PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 without PAA [1] Solaris 10 running on a Oracle Sun Fire X2100 with PAA [1] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP 9000/800/RP3410 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] HPUX 11.31 running on a HP RX2620 [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1] Ubuntu 12.04 LTS running on a Beagle dev board [1][3] Fedora Core 17 running on a Beagle dev board [1] Android 4.0.3 running on a Motorola RAZR I [1] Android 2.3.6 running on a Samsung Galaxy S2 [1] Android 4.1.2 running on a Google Nexus 7 iOS 7.1 running on an Apple iPad 3 [1] iOS 7.1 running on an Apple iPad 4 [1] VxWorks 6.4 running on a MVME6100 [1][3] VxWorks 6.7 running on a MVME6100 [1][3] VxWorks 6.8 running on a MX31 Lite Kit [1][3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3] Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3] SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without PAA [3] Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3] Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3] Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3] Fedora Core 20 running on a Wandboard Quad [3] Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3] Android 4.1 running on a Motorola RAZR I [3] Android 4.4 running on a Google Nexus 7 Tablet [3] Android 5.1 running on a Google Nexus 5 [3] Android 5.1 running on a Google Nexus 9 Tablet [3] CentOS 6.6 running on a Dell R730xd [3] Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] CentOS 7.2 running on a Dell Latitude E6420 with PAA [3] CentOS 7.2 running on a Dell Latitude E6420 without PAA [3] Timesys Linux 4.2.8 running on a ARMv7 Cortex A53 [4] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2859 [1], #3596 [3], #3767 [2] and #4665 [4]); CVL (Certs. #296 [1], #297 [1], #298 [1], #299 [1], #300 [1], #618 [3], #619 [3], #620 [3], #621 [3], #622 [3], #714 [2], #715 [2], #716 [2], #717 [2], #740 [2], #1311 [4], #1314 [4], #1315 [4], #1316 [4] and #1317 [4]); DRBG (Certs. #507 [1], #931 [3], #1037 [2] and #1577 [4]); DSA (Certs. #858 [1], #999 [3], #1047 [2] and #1236 [4]); ECDSA (Certs. #507 [1], #733 [3], #810 [2] and #1149 [4]); HMAC (Certs. #1799 [1], #2293 [3], #2467 [2] and #3089 [4]); KTS (AES Certs. #3596 [3] and #4665 [4]; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1499 [1], #1850 [3], #1938 [2] and #2545 [4]); SHS (Certs. #2402 [1], #2958 [3], #3137 [2] and #3822 [4]); Triple-DES (Certs. #1706 [1], #2003 [3], #2095 [2] and #2482 [4]) -Other algorithms: AES (Certs. #2859 [1] and #3767 [2], key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; EC Diffie-Hellman; HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Camellia; DES; DESX; DES40; ECAES (non-compliant); ECIES; GOST; MD2; MD4; PRNG; RC2; RC4; RC5; SEED Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2293 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2015 | 1/7/2020 | Overall Level: 2 Multi-chip standalone |
| 2291 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 100432-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module (Hardware Versions: P/Ns 1HN162 and 1M2162; Firmware Versions: 0002SDM7, 0002LIM7 and 0002SED7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/10/2014 | 12/9/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343, #2803, #2804 and #2947); SHS (Certs. #1225 and #2352); DRBG (Cert. #62); RSA (Cert. #650); HMAC (Cert. #1597); PBKDF (vendor affirmed) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 2290 | Green Hills Software 30 West Sola Street Santa Barbara, CA 93101 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-2915 CST Lab: NVLAP 100432-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 2.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/08/2014 | 12/7/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Green Hills Software INTEGRITY Multivisor v4 for ARM running on a Samsung Galaxy Note II (single-user mode) -FIPS Approved algorithms: AES (Certs. #2745, #2748, #2749, #2750 and #2753); CVL (Cert. #185); DRBG (Cert. #464); ECDSA (Cert. #482); HMAC (Cert. #1724); RSA (Cert. #1441); SHS (Cert. #2319); PBKDF (vendor affirmed) -Other algorithms: AES (Cert. #2745, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (encrypt/decrypt); Diffie-Hellman; EC Diffie-Hellman; Triple-DES (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "Green Hills Software ISS ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems." |
| 2286 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches (Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02) } with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.6.00aa) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/03/2014 | 12/2/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density." |
| 2284 | whiteCryption Corporation 920 Stewart Drive Suite #100 Sunnyvale, CA 94085 USA Dan Zenchelsky TEL: 408-616-1600 FAX: 408-616-1626 CST Lab: NVLAP 100432-0 | whiteCryption Secure Key Box 4.6.0 Crypto Module (Software Version: 4.6.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/03/2014 | 12/2/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.2.2 running on a Google Nexus Phone (single-user mode) -FIPS Approved algorithms: AES (Certs. #2451, #2452, #2453, #2454, #2455, #2456, #2457, #2458, #2459, #2460, #2461, #2462, #2463, #2464, #2465, #2466, #2467, #2470 and #2471); CVL (Certs. #79, #80, #83, #84 and #94); DRBG (Cert. #335); ECDSA (Certs. #403 and #404); HMAC (Certs. #1516 and #1517); KBKDF (Cert. #11); RSA (Cert. #1263); SHS (Certs. #2084, #2085, #2086, #2087, #2088, #2089 and #2090) -Other algorithms: RSA (non-compliant) Multi-chip standalone "whiteCryption Secure Key Box (SKB) is a C/C++ library that provides cryptographic algorithms. SKB's unique white-box implementation is specifically designed to hide and protect cryptographic keys at all times. It allows safe deployment in insecure environments." |
| 2282 | Infotecs 41 Madison Avenue New York, NY 10010 USA Andrey Krasikov TEL: 678-431-9502 Andrew Mikhaylov TEL: +7 495 737 6192 x5277 FAX: +7 495 737 7278 CST Lab: NVLAP 200928-0 | ViPNet Common Crypto Core (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 9) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/14/2014 | 11/13/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 8.1 64-bit running on a Dell Inspiron 5537 Android v4.4 running on a Samsung Galaxy Note 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2822 and #2823); SHS (Certs. #2366 and #2367); HMAC (Certs. #1766 and #1767); DRBG (Certs. #483 and #484); KBKDF (Certs. #21 and #22) -Other algorithms: AES (Certs. #2822 and #2823, key wrapping) Multi-chip standalone "The ViPNet Common Crypto Core Library is a software library that provides cryptographic services to a number of ViPNet applications such as ViPNet Network Manager, ViPNet Client for Windows, ViPNet Client for Android, ViPNet Coordinator for Windows, ViPNet Coordinator for Linux, ViPNet Coordinator HW/VA. It is available in user space and kernel driver implementations on a wide range of operational systems. User space library and kernel library use the same base source code." |
| 2281 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers, Brocade NetIron CES 2000 Series Ethernet Switches (Hardware Versions: [BR-MLXE-4-MR-M-AC (80-1006853-01), BR-MLXE-4-MR-M-DC (80-1006854-01), BR-MLXE-8-MR-M-AC (80-1004809-04), BR-MLXE-8-MR-M-DC (80-1004811-04), BR-MLXE-16-MR-M-AC (80-1006820-02), BR-MLXE-16-MR-M-DC (80-1006822-02), BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02) with Blade 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (80-1003769-07), NI-CER-2048F-ADVPREM-DC (80-1003770-08), NI-CER-2048FX-ADVPREM-AC (80-1003771-07), NI-CER-2048FX-ADVPREM-DC (80-1003772-08), NI-CER-2024F-ADVPREM-AC (80-1006902-02), NI-CER-2024F-ADVPREM-DC (80-1006904-02), NI-CER-2024C-ADVPREM-AC (80-1007032-02), NI-CER-2024C-ADVPREM-DC (80-1007034-02), NI-CER-2048C-ADVPREM-AC (80-1007039-02), NI-CER-2048C-ADVPREM-DC (80-1007040-02), NI-CER-2048CX-ADVPREM-AC (80-1007041-02), NI-CER-2048CX-ADVPREM-DC (80-1007042-02), BR-CER-2024F-4X-RT-DC (80-1007212-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024C-4X-RT-AC (80-1006530-01), NI-CER-2024-2X10G (80-1003719-03), RPS9 (80-1003868-01), RPS9DC (80-1003869-02), BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02) with FIPS Kit XBR-000195]; Firmware Version: Multi-Service IronWare R05.5.00ca) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Certs. #798, #799 and #800); SHS (Certs. #2221, #2222 and #2223) -Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; NDRNG; HMAC-MD5; HMAC-SHA1-96 (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); RSA (non-compliant); SSHv2 KDF (non-compliant); TLSv1.0 KDF (non-compliant); DES; MD2; RC2; RC4 Multi-chip standalone "The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. These fixed-form 10 GbE-capable 1U switches offer deep buffers and are ideal for Carrier Ethernet service delivery at the network ed" |
| 2280 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | KDH3000-CM (Hardware Version: 1.0; Firmware Version: V01.04.0000.0000) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1623); SHS (Cert. #2144); DRBG (Cert. #376) -Other algorithms: NDRNG Multi-chip embedded "The module is a ruggedized, opaque, tamper-resistant USB disk encryption/file encryption device that connects to an external general purpose computer (GPC) outside of its cryptographic boundary to service as a secure peripheral storage device for the GPC. The module is a self-contained device that automatically encrypts and decrypts data copied to and from the drive from the externally connected GPC." |
| 2279 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 4083330480 FAX: 4083338101 CST Lab: NVLAP 200802-0 | Brocade® FCX 624/648, ICX™ 6610, ICX 6450, ICX 6650 and SX 800/1600 Series (Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-C12-PD (P/N 80-1007578-01), ICX6650-32-E-ADV (P/N: 80-1007115-02), ICX6650-32-I-ADV (P/N: 80-1007116-02), ICX6650-40-E-ADV (P/N: 80-1007179-03), ICX6650-40-I-ADV (P/N: 80-1007181-03), ICX6650-48-E-ADV (P/N: 80-1007180-03), ICX6650-48-I-ADV (P/N: 80-1007182-03), ICX6650-56-E-ADV (P/N: 80-1007117-03), ICX6650-56-I-ADV (P/N: 80-1007118-03), ICX6650-80-E-ADV (P/N: 80-1007119-03), ICX6650-80-I-ADV (P/N: 80-1007120-03), FI-SX800-S (P/N 80-1003050-03 and 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02 and 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02 and 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-ACPWR-SYS (P/N 80-1003883-02) and SX-DCPWR-SYS (P/N 80-1003886-02)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.01) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 4, 10 and 11 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: DSA (Certs. #668, #801, #802 and #803); SHS (Certs. #2224, #2225, #2226 and #2227) -Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; SSHv2 KDF (non-compliant); HWRNG; HMAC-MD5; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); TLSv1.0 KDF (non-compliant); RSA (non-compliant); DES; MD2; RC2; RC4 Multi-chip standalone "The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density." |
| 2278 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 4451-X Integrated Services Router (ISR) (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) (Hardware Version: ISR 4451-X with FIPS kit ISR4451-FIPS-Kit; Firmware Version: IOS-XE 3.10.2) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/14/2014 | 11/13/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2345 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2276 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | McAfee NGFW Cryptographic Kernel Module (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/07/2014 | 11/6/2019 | Overall Level: 1 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320 Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with PAA Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2914, #2915, #2916, #2917, #2918, #2919, #2920 and #2921); Triple-DES (Certs. #1729, #1730, #1731, #1732, #1733 and #1734); SHS (Certs. #2452, #2453, #2454, #2455, #2456 and #2457); HMAC (Certs. #1843, #1844, #1845, #1846, #1847 and #1848) -Other algorithms: N/A Multi-chip standalone "The McAfee NGFW Cryptographic Kernel Module is a software modulethat provides cryptographic services required by the McAfee NGFW product." |
| 2275 | Xirrus, Inc. 2101 Corporate Center Drive Thousand Oaks, CA 91320 USA Mike de la Garrigue TEL: 805-262-1655 CST Lab: NVLAP 100432-0 | Xirrus XR Series Wi-Fi Products (Hardware Versions: XR-520 [1], XR-520H-FIPS [2], XR-620-FIPS [1], XR-630-FIPS [1], XR-2425H-FIPS [3], XR-2225 [1], XR-2235 [1], XR-2425 [1], XR-2435 [1], XR-2226 [1], XR-2236 [1], XR-2426 [1], XR-2436 [1], XR-4420 [1], XR-4430 [1], XR-4820 [1], XR-4830 [1], XR-4426 [1], XR-4436 [1], XR-4826 [1], XR-4836 [1], XR-6820 [1], XR-6830 [1], XR-6836 [1], XR-7220 [1], XR-7230 [1], XR-7620 [1], XR-7630 [1] and XR-7636 [1]; Enclosure (Form Factor): XE-6000-TBAR [1], XR-520H-FIPS [2] and XR-2425H-FIPS [3]; Firmware Version: AOS-7.1) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/04/2014 | 11/3/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5 Multi-chip standalone "Wireless networking equipment." |
| 2273 | Qualcomm Technologies, Inc. 5775 Morehouse Dr San Diego, California 92121 USA Lu Xiao TEL: 858-651-5477 CST Lab: NVLAP 200658-0 | QTI Cryptographic Module on Crypto 5 Core (Hardware Version: Snapdragon 805; Software Version: 5.f1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/04/2014 | 11/3/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.4 running on Snapdragon 805 (single-user mode) -FIPS Approved algorithms: DRBG (Cert. #501); Triple-DES (Cert. #1701); HMAC (Cert. #1786); AES (Cert. #2839); SHS (Cert. #2388) -Other algorithms: HW RNG; DES; AEAD; kasumi; snow-3g Multi-chip standalone "This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A." |
| 2272 | INSIDE Secure Arteparc Bachasson, Bât A Rue de la carrière de Bachasson, CS70025 Meyreuil, Bouches-du-Rhône 13590 France Bob Oerlemans TEL: +31 736-581-900 FAX: +31 736-581-999 CST Lab: NVLAP 200658-0 | VaultIP (Hardware Version: 1.1.4; Firmware Version: 1.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/24/2014 | 10/23/2019 | Overall Level: 2 -Physical Security: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: KBKDF (Cert. #25); KAS (Cert. #46); CVL (Cert. #269); DRBG (Cert. #500); ECDSA (Cert. #502); RSA (Cert. #1488); Triple-DES (Cert. #1702); HMAC (Cert. #1787); SHS (Cert. #2389); AES (Cert. #2847) -Other algorithms: DES; AES (Cert. #2847, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES (non-compliant); NDRNG Single-chip "VaultIP is a Silicon IP Security Module which includes a complete set of high- and low-level cryptographic functions. It offers key management and crypto functions needed for platform and application security such as Content Protection and Mobile Payment, and can be used stand-alone or as a 'Root of Trust' to support a TEE-based platform." |
| 2270 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) (Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, 15454-M-WSE-K9 and 10X10G-LC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8.1.2 or 9.8.1.3) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/22/2014 06/09/2015 | 6/8/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2886 and #2887); CVL (Certs. #316 and #317); DRBG (Certs. #521 and #522); HMAC (Certs. #1820 and #1821); KBKDF (Cert. #29); RSA (Certs. #1526 and #1527); SHS (Certs. #2427 and #2428); Triple-DES (Cert. #1721) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions." |
| 2267 | Yubico Inc. 228 Hamilton Avenue 3rd Floor Palo Alto, CA 94301 USA Jakob Ehrensvard TEL: 408-774-4064 CST Lab: NVLAP 200427-0 | Yubico YubiKey Standard and YubiKey Nano (Hardware Version: 1.6; Firmware Version: 2.5.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/14/2014 | 10/13/2019 | Overall Level: 1 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2811); HMAC (Cert. #1762); SHS (Cert. #2359) -Other algorithms: N/A Single-chip "The YubiKey and YubiKey Nano are two-factor authentication devices supporting OATH-HOTP as well as the Yubico OTP algorithm. The devices are connected via the USB ports and emulate a generic USB keyboard to allow a true driver-less installation." |
| 2264 | HGST, a Western Digital company 5601 Great Oaks Parkway Building 50-3/D393 San Jose, CA 95119 USA Michael Williamson TEL: 408-717-8458 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C15K600 TCG Enterprise HDDs (Hardware Versions: HUC156060CS4205 (1) [1, 2, 3, 4, 5], HUC156060CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156045CS4205 (1) [1, 2, 3, 4, 5], HUC156045CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156030CS4205 (1) [1, 2, 3, 4, 5], HUC156030CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156060CSS205 (1) [1, 2, 3, 4, 5], HUC156060CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156045CSS205 (1) [1, 2, 3, 4, 5], HUC156045CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9], HUC156030CSS205 (1) [1, 2, 3, 4, 5], and HUC156030CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9]; Firmware Versions: R3A0 [1], R3F0 [2], R3R0 [3], R3X0 [4], R3X2 [5], R703 [6], R7G2 [7], R904 [8] or RA01 [9])) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/10/2014 02/20/2015 08/07/2015 04/04/2016 12/19/2016 | 12/18/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2263 | Utimaco IS GmbH Germanusstraße 4 Aachen 52080 Germany Dr. Gesa Ott TEL: +49 241-1696-200 FAX: +49 241-1696-190 CST Lab: NVLAP 100432-0 | SafeGuard® CryptoServer Se (Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 3.0.2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/07/2014 05/04/2016 | 5/3/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2739); DRBG (Cert. #459); ECDSA (Cert. #840); HMAC (Cert. #1717); RSA (Certs. #1435 and #1436); SHS (Certs. #2308, #2309 and #2310); Triple-DES (Cert. #1649); Triple-DES MAC (Triple-DES Cert. #1649, vendor affirmed); CVL (Cert. #749) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2739, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1649, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (non-compliant); ECIES; MD5; MDC-2; RIPEMD-160; DES; Retail-TDES MAC; AES MAC (AES Cert. #2739; non-compliant); PIN generation/PIN verification (e.g., VISA/MasterCard); KDF_ENC_DATA; KDF_HASH; KDF_ECDH; KDF_DH; KDF_XOR_BASE_AND_DATA; KDF_CAT_BASE_AND_KEY; KDF_CAT_BASE_AND_DATA; KDF_CAT_DATA_AND_BASE; KDF_EXTRACT_KEY_FROM_KEY Multi-chip embedded "SafeGuard® CryptoServer Se is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions." |
| 2262 | Toshiba Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Akihiro Kimura TEL: +81-45-890-2856 FAX: +81-45-890-2593 CST Lab: NVLAP 200822-0 | Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) (Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160 [1], A0 with PX02SSU010, PX02SSU020, PX02SSU040, or PX02SSQ080 [2], A0 with PX03SNU020, PX03SNU040, PX03SNU080, or PX03SNQ160 [3]; Firmware Versions: NA00 [1], NA01 [1], 0502 [1], AJ01 [1], AK01 [2], and AL01 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/01/2014 01/09/2015 | 1/8/2020 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397) -Other algorithms: NDRNG Multi-chip embedded "The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download." |
| 2261 | CipherCloud, Inc. 99 Almaden Blvd., Suite 500 San Jose, CA 95113 USA Andy Loong TEL: 408-663-5093 CST Lab: NVLAP 200968-0 | Cryptographic Module for CipherCloud Gateway (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/01/2014 05/03/2016 | 5/2/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 with Java JRE 1.6.0 running on IBM 3620 M3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2339); SHS (Cert. #2017); HMAC (Cert. #1449); DRBG (Cert. #303); PBKDF (vendor affirmed) -Other algorithms: AES-PCBC (non-compliant); AES-CTR (non-compliant); AES-CTS (non-compliant); AES-OFB (non-compliant); AES-OFB8 (non-compliant); AES-OFB128 (non-compliant); ARC4; Blowfish; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); RC2; RSA (encrypt/decrypt); Triple-DES (non-compliant); PBEWithMD5AndDES; PBEWithMD5AndTripleDES; PBEWithSHA1AndDESede; PBEWithSHA1AndRC2_40; MD2; MD5; SHA-384 (non-compliant); HMAC-MD5; HMAC SHA-384 (non-compliant); HMAC SHA-512 (non-compliant) Multi-chip standalone "The Cryptographic Module enables all cryptographic operations performed by the CipherCloud Gateway. The CipherCloud Gateway is a software solution that organizations deploy within their network boundaries or delegate operation to a trusted third party. CipherCloud interfaces with clients (e.g., web browsers, mobile applications, APIs, etc.), and leverages format and operations preserving encryption technology to secure sensitive information in real time, before it's sent to cloud applications (e.g. web servers, API services, databases, etc.), without impacting usability or performance." |
| 2260 | Zebra Technologies Corporation 3 Overlook Point Lincolnshire, IL 60069 USA Erv Comer TEL: 480-628-7901 Tom McKinney TEL: 631-738-3586 CST Lab: NVLAP 100432-0 | Fusion Wireless LAN Cryptographic Module for Android (Hardware Version: WL1283CYFVR (Rev C); Firmware Version: 1.01; Software Versions: 1.02 and 1.03) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 09/30/2014 08/14/2015 | 8/13/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1.1 running on a MC40N0 Android KitKat 4.4.4 running on a MC40N0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2812 and #3462); HMAC (Certs. #1763 and #2208); SHS (Certs. #2360 and #2858) -Other algorithms: N/A Multi-chip standalone "The Fusion WLAN cryptomodule secures the WLAN radio for Android Jelly Bean based devices (e.g., MC40, MC67, MC32, and ET1) and Android KitKat based devices (e.g., MC40 and MC92). These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government." |
| 2259 | Cavium Networks 2315 N First Street San Jose, CA 95131 USA Albert Harnois TEL: 408-943-7641 FAX: 408-557-1992 Tony Tran TEL: 408-943-7128 FAX: 408-577-1992 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Version: P/N FN1620-NFBE2-G; Firmware Version: CN16XX-NFBE-FW-2.1-110020) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2014 01/11/2017 | 1/10/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #1266); CVL (Cert. #166); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #801, #1166 and #1379); Triple-DES (Cert. #898) -Other algorithms: AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBE; RC4 Multi-chip embedded "The FN1620-NFBE2-G HSM adapter delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0 via an SFF-8639 connector. The adapter offers up to 30,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets." |
| 2258 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CS Series Encryptors (Hardware Versions: CS10 Ethernet Encryptor: A4201B [O] and A4201B [Y]; CS100 Ethernet Encryptor: A4203B [O] and A4203B [Y]; Firmware Version: 2.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/23/2014 | 9/22/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2585 and #2588); Triple-DES (Cert. #1561); RSA (Cert. #1323); SHS (Cert. #2176); HMAC (Cert. #1600); DRBG (Cert. #390); CVL (Cert. #114) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CS Series is a high performance encryption platform designed to secure data transmitted over 10 and 100Mbps Ethernet networks. The CS10 is a cost-effective, small form factor, encryptor for branch or remote office applications. The CS100 is a 19' rack mounted device suitable for point to point or multipoint connections and is ideally suited for central office operations. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 2257 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG S500-10 [1] and S500-20 [2] (Hardware Versions: 080-03549 [1], 080-03551 [1], 090-02998 [1], 080-03552 [1], 090-02999 [1], 080-03553 [2], 080-03555 [2], 090-03000 [2], 080-03556 [2], 090-03001 [2] with FIPS Security Kit (Part Number: 085-02870); Firmware Version: 6.5.2.9 build 144008) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2256 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG S400-20 [1], S400-30 [2] and S400-40 [3] (Hardware Versions: 080-03568 [1], 080-03570 [1], 090-03075 [1], 080-03571 [1], 090-03076 [1], 080-03572 [2], 080-03574 [2], 090-03079 [2], 080-03575 [2], 090-03080 [2], 080-03576 [3], 080-03578 [3], 090-03083 [3], 080-03579 [3], 090-03084 [3] with FIPS Security Kit (Part Number: 085-02891); Firmware Version: 6.5.2.9 build 144008) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2255 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | Secure Web Gateway Virtual Appliance-V100 (Software Version: 6.5.2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 with PAA SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2737); Triple-DES (Cert. #1648); DRBG (Cert. #458); HMAC (Certs. #1715 and #1716); SHS (Certs. #2306 and #2307); RSA (Cert. #1427); CVL (Certs. #182 and #328) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG; ANSI X9.31 PRNG (non-compliant); CAST-128; DES; RC2; RC4; Camellia; MD2; HMAC-MD5; RIPE-MD-160 Multi-chip standalone "Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2254 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | Oracle StorageTek T10000D Tape Drive (Hardware Version: P/N 7042136; Firmware Version: 4.07.107) (When operated in FIPS mode. The protocol SSH shall not be used when operated in the FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2760, #2761, #2762, #2763 and #2764); DRBG (Cert. #467); HMAC (Certs. #1729 and #1730); SHS (Certs. #2324 and #2325); RSA (Cert. #1445); CVL (Cert. #230) -Other algorithms: AES (Cert. #2763, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SSH KDF (non-compliant); AES (non-compliant); SHS (non-compliant); HMAC (non-compliant); RSA (non-compliant); DRBG (non-compliant) Multi-chip standalone "The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution." |
| 2251 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 01/26/2016 01/30/2017 | 1/29/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA." |
| 2250 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 01/25/2016 01/30/2017 | 1/29/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA." |
| 2249 | Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 USA Lajuana Johnson TEL: 240-686-3300 CST Lab: NVLAP 200427-0 | Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto) (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/22/2014 | 9/21/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 on qemu-kvm-0.12.1.2-2 on Red Hat Enterprise Linux 6 running on a Dell R900 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2355); HMAC (Cert. #1461); SHS (Cert. #2029); Triple-DES (Cert. #1473) -Other algorithms: DES Multi-chip standalone "libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code, and Triple-DES." |
| 2248 | Accellion, Inc. 1804 Embarcadero Road, Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: 65-6244-5670 FAX: 65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_3_0_1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/19/2014 | 9/18/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2317, #2318, and #2844); CVL (Cert. #268); HMAC (Certs. #1436 and #1783); RSA (Cert. #1485); SHS (Certs. #2004 and #2385); Triple-DES (Cert. #1700) -Other algorithms: AES (Cert. #2844, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1700, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5 Multi-chip standalone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 2246 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco ASA Service Module (SM) (Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/12/2014 10/23/2014 01/15/2016 06/29/2016 | 6/28/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2050, #2444 and #2482); DRBG (Certs. #332 and #341); ECDSA (Cert. #411); HMAC (Certs. #1247 and #1524); RSA (Certs. #1066 and #1271); SHS (Certs. #1794 and #2100); Triple-DES (Certs. #1321 and #1520) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Service Module (SM) Adaptive Security Appliance provides comprehensive security, performance, and reliability for network environments of all sizes." |
| 2245 | EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA Marshall Schiring TEL: 402-479-8375 FAX: 402-479-8472 Josh Johnson TEL: 402-479-8459 FAX: 402-479-8472 CST Lab: NVLAP 100432-0 | Subscriber Encryption Module (Hardware Version: R023-5000-980; Firmware Version: 5.28) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2640); DRBG (Cert. #411); HMAC (Cert. #1632); RSA (Cert. #1351); SHS (Cert. #2213) -Other algorithms: AES (Cert. #2640, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. 2640, vendor affirmed; P25 AES OTAR); DES; NDRNG Multi-chip embedded "The EFJohnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the EFJohnson Technology VP600 series radio with secure encrypted voice communication. The SEM supports AES, RSA, HMAC, DRBG and SHA-256 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security." |
| 2244 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5921 Embedded Services Router (ESR) (Software Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS Linux 6.4 running on an Intel Desktop Board D2500CC (single-user mode) -FIPS Approved algorithms: AES (Cert. #2785); CVL (Cert. #237); DRBG (Cert. #472); ECDSA (Cert. #486); HMAC (Cert. #1744); RSA (Cert. #1457); SHS (Cert. #2340); Triple-DES (Cert. #1673) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco ESR 5921 Embedded Services Router is a software product that runs IOS 15.2(4)GC in an x86-based Linux host environment. The binary is a Router application which allows Linux software connections with virtual and physical Linux interfaces on the host hardware. The Cisco 5921 Embedded Services Router provides a secure, manageable device which meets FIPS 140-2 Level 1 requirements." |
| 2243 | WideBand Corporation 401 W. Grand St. Gallatin, MO 64640 USA GoldKey Sales & Customer Service TEL: 816-220-3000 FAX: 419-301-3208 Jon Thomas TEL: 567-270-3830 FAX: 419-301-3208 CST Lab: NVLAP 200658-0 | GoldKey Security Token Cryptographic Module (Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); RSA (Cert. #1210); ECDSA (Cert. #384); CVL (Certs. #54, #234 and #235) -Other algorithms: N/A Single-chip "Provides cryptographic algorithm implementation for GoldKey Products" |
| 2242 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | X-ES XPedite5205 with Cisco IOS (Hardware Versions: X-ES XPedite5205 air-cooled card and X-ES XPedite5205 conduction-cooled card; Firmware Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The X-ES XPedite5205 is a high-performance, ruggedized router. With onboard hardware encryption, the XPedite5205 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The XPedite5205 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The XPedite5205 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology." |
| 2241 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5915 and 5940 Embedded Services Routers (Hardware Versions: Cisco 5915 ESR air-cooled card, Cisco 5915 ESR conduction-cooled card, Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(4)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/10/2014 | 9/9/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Cisco 5915, 5940 are high-performance, ruggedized routers. With onboard hardware encryption, the Cisco 5915, 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5915, 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5915, 5940 Router Cards use industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology." |
| 2239 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 100432-0 | McAfee Core Cryptographic Module (user) (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/16/2014 | 10/15/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee Endpoint Encryption Preboot OS running on a Dell E5510 without PAA McAfee Endpoint Encryption Preboot OS running on a Dell E6320 with PAA McAfee Endpoint Encryption Preboot OS running on a Dell E6410 with PAA Windows 8 running in 64-bit UEFI mode running on a Dell Inspiron 3520 without PAA Windows 8 running in 64-bit UEFI mode running on a Lenovo W530 with PAA Windows 8 running in 64-bit UEFI mode running on a Lenovo Yoga with PAA Windows 8 running in 32-bit UEFI mode running on a Samsung 700T without PAA Windows 8 running in 32-bit UEFI mode running on a Dell Latitude 10 without PAA EFI Preboot running on a MacBook without PAA EFI Preboot running on a MacPro without PAA EFI Preboot running on a MacBook Air with PAA EFI Preboot running on a Mac Mini with PAA EFI Preboot running on a MacBook Pro with PAA Windows XP 32-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Lenovo Yoga with PAA Windows 8 64-bit running on a Lenovo Yoga with PAA Windows 8 32-bit running on a Dell Latitude 10 without PAA MacOS X Lion v10.7 running on a MacBook without PAA MacOS X Mountain Lion v10.8 running on a MacPro without PAA MacOS X Mountain Lion v10.8 running on a MacBook Air with PAA MacOS X Lion v10.7 running on a Mac Mini with PAA MacOS X Mountain Lion v10.8 running on a MacBook Pro with PAA Windows Vista 32-bit running on a Dell E6320 with PAA Windows Vista 64-bit running on a Dell E6410 with PAA Windows 7 32-bit running on a Dell E6320 with PAA Windows 8 32-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on an Intel UBHB2SISQ with PAA Windows 8 32-bit running on a Lenovo Thinkpad 2 without PAA Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with PAA Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2591, #2592, #2593 and #2755); DRBG (Cert. #394); HMAC (Certs. #1604 and #1605); SHS (Certs. #2181 and #2287) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; PKCS #5 Multi-chip standalone "The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range." |
| 2232 | Hitachi, Ltd. 322-2 Nakazato, Odawara-shi Kanagawa-ken 250-0872 Japan Hajime Sato TEL: +81-465-59-5954 FAX: +81-465-49-4822 CST Lab: NVLAP 200835-0 | Hitachi Unified Storage Encryption Module (Hardware Version: DW-F700-BS6GE; Firmware Versions: 02.09.22.00 and 02.09.39.00) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/05/2014 03/10/2016 | 3/9/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748); SHS (Cert. #2344) -Other algorithms: AES (Cert. #2787, key wrapping; key establishment methodology provides 256 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant) Multi-chip embedded "The Hitachi Unified Storage Encryption Module provides high speed data at rest encryption for Hitachi storage." |
| 2231 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/28/2014 | 8/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2789, #2790, #2791 and #2793); Triple-DES (Cert. #1677); RSA (Cert. #1460); SHS (Cert. #2345); HMAC (Cert. #1749); DRBG (Cert. #475); CVL (Cert. #242) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC transmission security capability can be used to remove patterns from network traffic to prevent traffic analysis." |
| 2230 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-155 and RAP-155P Wireless Access Points (Hardware Versions: RAP-155-F1, RAP-155-USF1, RAP-155P-F1 and RAP-155P-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2229 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 Hasbi Kabacaoglu TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 200983-0 | Postal mRevenector GB 2013 (Hardware Versions: Hardware P/N: 580036020300/01 and 580036020300/02; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; GB Application:90.0036.0215.00/2013463001) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 09/19/2014 | 9/18/2019 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB 2013 is FP’s latest generation of PSD" |
| 2228 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-5WN Remote Access Point (Hardware Version: RAP-5WN-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #861, #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #478, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #856, #2246, #2249 and #2250); Triple-DES (Certs. #708, #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2227 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-92, AP-93, AP-104, AP-105 and AP-175 Wireless Access Points (Hardware Versions: AP-92-F1 [1], AP-93-F1 [1], AP-104-F1 [1][2], AP-105-F1 [1][2], AP-175P-F1 [1][2], AP-175AC-F1 [1][2] and AP-175DC-F1 [1][2] with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS [1] and ArubaOS 6.5.0-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2014 03/20/2015 01/28/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2226 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-134 and AP-135 Wireless Access Points (Hardware Versions: AP-134-F1 and AP-135-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2014 03/20/2015 01/29/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 2225 | Axway Inc. 2600 Bridge Parkway Suite 201 Redwood City, CA 94065 USA Tom Donahoe TEL: 480 627 1800 FAX: 480 627 1801 Hristo Todorov TEL: 480 627 2644 FAX: 480 627 1801 CST Lab: NVLAP 100432-0 | Axway Security Kernel (Software Versions: 3.0 and 3.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/14/2014 09/12/2014 04/10/2015 06/27/2016 | 6/26/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2012 64-bit running on Dell PowerEdge R620 Server RHEL 6.3 64-bit running on Dell PowerEdge R620 Server Solaris 10 64-bit running on Sun Blade T6300 Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #2446 and #3215); Triple-DES (Certs. #1511 and #1830); SHS (Certs. #2080 and #2663); HMAC (Certs. #1510 and #2028); DSA (Certs. #760 and #918); ECDSA (Certs. #402 and #594); RSA (Certs. #1257 and #1638); CVL (Certs. #76 and #439) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Blowfish; Camellia; Cast; DES; des_old; DTLS1; ec; krb5_asn; KSSL; MD4; MD5; MDC2; RC2; RC4; RIPEMD; Seed; Whirlpool; PRNG Multi-chip standalone "The Axway Security Kernel is a software module that provides all security functionalities for several Axway products including the Axway Validation Authority Suite which is a collection of products that provide flexible and robust OCSP/SCVP certificate validation solution for standard and custom desktop and server applications. The suite supports established security standards and technologies and can be used together or integrated with existing solutions." |
| 2224 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 3200-F1, Aruba 3200-USF1, Aruba 3400-F1, Aruba 3400-USF1, Aruba 3600-F1, Aruba 3600-USF1 and [(Aruba 6000-400-F1 or Aruba 6000-400-USF1) with M3mk1-S-F1, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/12/2014 03/20/2015 01/20/2016 | 1/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2223 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 100432-0 | McAfee Core Cryptographic Module (kernel) (Software Version: 1.0 or 1.1.0.203.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/12/2014 03/17/2017 | 8/11/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Dell E5510 without PAA Windows 7 64-bit running on a Lenovo Yoga with PAA Windows 8 64-bit running on a Lenovo Yoga with PAA Windows 8 32-bit running on a Dell Latitude 10 without PAA MacOS X Lion v10.7 running on a MacBook without PAA MacOS X Mountain Lion v10.8 running on a MacPro without PAA MacOS X Mountain Lion v10.8 running on a MacBook Air with PAA MacOS X Lion v10.7 running on a Mac Mini with PAA MacOS X Mountain Lion v10.8 running on a MacBook Pro with PAA Windows Vista 32-bit running on a Dell E6320 with PAA Windows Vista 64-bit running on a Dell E6410 with PAA Windows 7 32-bit running on a Dell E6320 with PAA Windows 8 32-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on a Lenovo W530 with PAA Windows 8 64-bit running on an Intel UBHB2SISQ with PAA Windows 8 32-bit running on a Lenovo Thinkpad 2 without PAA Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with PAA Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2592 and #2755); HMAC (Cert. #1605); SHS (Cert. #2287) -Other algorithms: N/A Multi-chip standalone "The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range." |
| 2222 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN1000/CN3000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5165B [O] (AC), A5141B [O] (AC) and A5175B [O] (AC); CN3000 Series: A5203B [O] (AC), A5204B [O] (DC), A5213B [O] (AC) and A5214B [O] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5165B [Y] (AC), A5141B [Y] (AC) and A5175B [Y] (AC); CN3000 Series: A5203B [Y] (AC), A5204B [Y] (DC), A5213B [Y] (AC) and A5214B [Y] (DC); Firmware Version: 4.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/12/2014 | 8/11/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Cert. #1682); AES (Certs. #2577, #2579, #2581, #2798, #2815 and #2816); RSA (Cert. #1464); SHS (Cert. #2350); HMAC (Cert. #1754); DRBG (Cert. #477); CVL (Cert. #247) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet, Fibre Channel or SONET/SDH networks. The CN1000 Series supports line rates up to 4.25Gbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 2221 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 620-F1, Aruba 620-USF1, Aruba 650-F1 and Aruba 650-USF1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2014 02/20/2015 01/20/2016 | 1/19/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2219 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA Rose Quijano-Nguyen CST Lab: NVLAP 200556-0 | Symantec Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/07/2014 | 8/6/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.4 (64-bit) on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2646); DRBG (Cert. #413); DSA (Cert. #797); HMAC (Cert. #1637); RSA (Cert. #1355); SHS (Cert. #2219); Triple-DES (Cert. #1587) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform." |
| 2217 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Hardware Version: SPARC T4 P/N 527-1437-01; Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 09/08/2014 02/03/2016 | 2/2/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2216 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Noelle Carroll TEL: 408-826-3246 CST Lab: NVLAP 100432-0 | Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit P/N CLN1780L Rev E with Encryption Module P/N CLN8261D Rev N; Firmware Version: GS-16.6.0.69 or PS-16.6.0.69) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/31/2014 | 7/30/2019 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #173 and #2395); DRBG (Cert. #399); HMAC (Certs. #39 and #1486); RSA (Cert. #1239); SHS (Certs. #258 and #2057); Triple-DES (Certs. #275 and #1493); CVL (Certs. #99, #122 and #315) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2215 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Noelle Carroll TEL: 408-826-3246 CST Lab: NVLAP 100432-0 | Motorola GGM 8000 Gateway (Hardware Versions: Base Unit P/N CLN1841E Rev A with FIPS Kit P/N CLN8787A Rev B and Power Supply [P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC)]; Firmware Versions: XS-16.6.0.69, GS-16.6.0.69 or KS-16.6.0.69) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/31/2014 | 7/30/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962 and #2395); DRBG (Cert. #399); HMAC (Certs. #1486 and #1487); RSA (Cert. #1239); SHS (Certs. #933 and #2057); Triple-DES (Certs. #757 and #1493); CVL (Certs. #99, #122 and #315) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5 Multi-chip standalone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols." |
| 2212 | United States Special Operations Command (USSOCOM) 7701 Tampa Point Boulevard MacDill Air Force Base, FL 33621-5323 USA William W. Burnham TEL: (813) 826-2282 CST Lab: NVLAP 200416-0 | Suite B Cryptographic Module (Software Version: 2.3.1) (When operated in FIPS mode with module Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode or BlackBerry Cryptographic Kernel validated to FIPS 140-2 under Cert. #1669 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/23/2014 | 7/22/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Intel Xeon E5530 w/Microsoft Windows Server 2008 Qualcomm Snapdragon S2 MSM8655 w/BlackBerry OS Version 7.0.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2603); SHS (Cert. #2187); HMAC (Cert. #1610); ECDSA (Cert. #448); CVL (Certs. #98 and #259) -Other algorithms: N/A Multi-chip standalone "KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys." |
| 2211 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2014 | 7/10/2019 | Overall Level: 1 Multi-chip standalone |
| 2210 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-636M CyberFence Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2014 03/29/2016 04/14/2016 | 4/13/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); SHS (Certs. #1801 and #1807); RSA (Certs. #1072 and #1278); HMAC (Certs. #1253 and #1259); ECDSA (Certs. #303 and #415); DRBG (Cert. #822); CVL (Certs. #22, #87 and #169) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-Chip Embedded "3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions." |
| 2208 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN Series Ethernet Encryptors (Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B [O] (DC); Senetas Corp. Ltd. CN6010 Series: A6010B [O] (AC), A6011B [O] (DC) and A6012B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B [Y] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B [Y] (AC), A6011B [Y] (DC) and A6012B [Y] (AC/DC); Firmware Version: 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/11/2014 | 7/10/2019 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1678); AES (Certs. #2788, #2792 and #2794); RSA (Cert. #1461); SHS (Cert. #2346); HMAC (Cert. #1750); DRBG (Cert. #476); CVL (Cert. #243) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis." |
| 2206 | Aviat Networks, Inc. 5200 Great America Parkway Santa Clara, CA 95054 USA Ruth French TEL: +44 7771 978599 FAX: +44 1698 717204 Martin Howard TEL: +64 4 577 8735 FAX: +64 4 577 8822 CST Lab: NVLAP 100432-0 | Aviat Networks Eclipse Cryptographic Module (Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004), FIPS Installation Kit (P/N 179-530153-001), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001), RAC 6XE (P/N EXR-600-002), RAC 60 (P/N EXR-660-001), or RAC 60E (P/N EXR-660-002)] and all remaining slots filled by one of the following: P/N 131-501768-001, EXA-001, EXD-040-001, EXD-152-001, EXD-153-001, EXD-156-001, EXD-160-001, EXD-161-001, EXD-171-001, EXD-180-002, EXD-180-005, EXD-180-102, EXD-181-001, EXD-181-002, EXD-252-001, EXD-331-001, EXD-400-002, EXP-024, EXR-910-001, EXR-999-003, EXS-001, EXS-002 or EXX-001; Firmware Versions: 07.07.10, 08.00.55, 08.00.70, 08.00.72, 08.00.80 and 08.00.81) (When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 07/24/2014 08/29/2014 07/06/2015 11/18/2015 | 11/17/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #1503); SHS (Cert. #2075); RSA (Cert. #1250); DRBG (Cert. #323); AES (Certs. #2260 and #2418); Triple-DES (Cert. #1506); CVL (Cert. #73) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES Multi-chip standalone "This cryptographic module performs encryption of data carried over a microwave radio link." |
| 2205 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 Sunil Chitnis TEL: 408-333-2444 FAX: 408-333-4887 CST Lab: NVLAP 200427-0 | Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers (Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, BR-MLXE-4-MR2-M-AC, BR-MLXE-4-MR2-M-DC, BR-MLXE-8-MR2-M-AC, BR-MLXE-8-MR2-M-DC, BR-MLXE-16-MR2-M-AC, BR-MLXE-16-MR2-M-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR and BR-MLX-MR2-M Management Modules; Firmware Version: IronWare Release R05.3.00ea or IronWare Release R05.4.00cb) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 12 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 | 7/8/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2359); DRBG (Cert. #301); DSA (Cert. #737); HMAC (Cert. #1462); RSA (Cert. #1217); SHS (Cert. #2031); Triple-DES (Cert. #1475) -Other algorithms: DES; Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-SHA-1-96; MD2; MD5; NDRNG; RC2; RC4; RSA (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF Multi-chip standalone "The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6." |
| 2204 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion No.9 Xueqing Road Haidan District Beijing 100085 People's Republic of China Tibi Zhang TEL: 86-010-62304466 x821 FAX: 86-010-62304416 Xiaozhi Zheng TEL: 86-010-62304466 x531 FAX: 86-010-62304416 CST Lab: NVLAP 200427-0 | ePass Token (Hardware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2014 | 7/6/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The ePass Token, is a USB token containing FEITIAN's own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN's ePass USB token. The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN's ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell." |
| 2202 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830 with OATH & MPCOS applets (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore 30 Build 1.17, IDPrime MD Applet version V4.1.2.F with MSPNP Applet V1.0, OATH Applet V2.11 and MPCOS Applet V3.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/07/2014 08/04/2016 | 8/3/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure. In addition, OATH applet offers One Time Password based strong authentication while MPCOS offers e-purse and data management services." |
| 2201 | IBM® Corporation 9032 South Rita Road Tucson, AZ 85744 USA Christine Knibloe TEL: 520 799-1000 Said Ahmad TEL: 520-799-5538 CST Lab: NVLAP 200427-0 | IBM System Storage TS1140 and TS1150 Tapes Drives – Machine Type 3592, Models E07 and E08 (Hardware Versions: EC Level: M11776 and M12819, P/N: 00V6759 and 38L7468; Firmware Versions: EC Level: M11776 and M13383, P/N: 35P2401 and 38L7468) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/07/2014 05/29/2015 | 5/28/2020 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2384, #2385, #2387, #3356, #3357 and #3358); DRBG (Certs. #314 and #787); RSA (Certs. #1234 and #1720); SHS (Certs. #2051 and #2783) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The TS1140 / 3592 E07 and TS1150/3592 E08 Tape Drives provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material." |
| 2200 | JVC KENWOOD Corporation 1-16-2, Hakusan, Midori-ku Yokohama-shi, Kanagawa 226-8525 Japan Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 Don Wingo TEL: (678) 474-4700 FAX: (678) 474-4730 CST Lab: NVLAP 100432-0 | Secure Cryptographic Module (SCM) (Hardware Versions: P/N KWD-AE30, Version 2.0.0 and 2.1.0; Firmware Versions: A3.0.1, A3.0.2 and A3.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 09/12/2014 05/08/2015 11/23/2015 12/18/2015 06/21/2017 07/24/2017 | 12/17/2020 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2696); SHS (Cert. #2285) -Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #2696, vendor affirmed; P25 AES OTAR); AES (non-compliant) Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption." |
| 2199 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba AP-224 and AP-225 Wireless Access Points (Hardware Versions: AP-224-F1 and AP-225-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 03/20/2015 01/20/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2198 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-127 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC 1200 SSD Self-Encrypting Drive FIPS 140 Module (Hardware Versions: ST800FM0063 [1, 2, 3, 4,5]; Firmware Versions: 0002 [1], 0004 [2], 0005 [3], 0006 [4], and 0007 [5]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 10/16/2014 02/13/2015 07/23/2015 | 7/22/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343 and #2663); DRBG (Cert. #62); HMAC (Cert. #1597); RSA (Cert. #1021); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140 Module is embodied in Seagate 1200 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 2197 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG9000-20 [1], SG9000-20B [2], SG9000-30 [3] and SG9000-40 [4] (Hardware Versions: 090-02840 [1], 090-02839 [1], 090-02984 [2], 090-02985 [2], 090-02841 [3], 090-02842 [3], 090-02845 [4] and 090-02846 [4] with FIPS kit 085-02718; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2196 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG600-10 [1], SG600-20 [2] and SG600-35 [3] (Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #105 and #2560); Triple-DES (Certs. #217 and #1549); RSA (Cert. #1312); SHS (Cert. #2159); HMAC (Cert. #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2195 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845 454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | ProxySG SG900-10B [1], SG900-20 [2], SG900-30 [3], SG900-45 [4] and SG900-55 [5] (Hardware Versions: 090-02988 [1], 090-02989 [1], 090-02902 [2], 090-02903 [2], 090-02904 [3], 090-02905 [3], 09002908 [4], 090-02909 [4], 090-02979 [5] and 090-02980 [5] with FIPS kit 085-02742; Firmware Version: 6.5.1.103) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/27/2014 | 6/26/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications." |
| 2190 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | TZ 105, TZ 105W, TZ 205, TZ 205W, TZ 210, TZ 210W, TZ 215 and TZ 215W (Hardware Versions: P/Ns 101-500356-56, Rev. A (TZ 105); 101-500357-57, Rev. A (TZ 105W); 101-500358-59, Rev. A (TZ 205); 101-500359-59, Rev. A (TZ 205W); 101-500244-50, Rev. A (TZ 210); 101-500214-65, Rev. A (TZ 210W); 101-500354-56, Rev. A (TZ 215); 101-500355-57, Rev. A (TZ 215W); Firmware Version: SonicOS 5.9.0.7-22o) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 03/22/2016 06/14/2017 | 3/21/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG Multi-chip standalone "SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats." |
| 2184 | Sonus Networks, Inc. 4 Technology Park Drive Westford, MA 01886 USA Sandeep Kaushik CST Lab: NVLAP 200556-0 | SBC 5110 and 5210 Session Border Controllers (Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 4.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 | 6/24/2019 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2643 and #2644); CVL (Certs. #124 and #125); DRBG (Cert. #412); HMAC (Certs. #1635 and #1636); RSA (Certs. #1353 and #1354); SHS (Certs. #2216, #2217 and #2218); Triple-DES (Cert. #1586) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management." |
| 2182 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points (Hardware Versions: RAP-3WN-F1 [1][2], RAP-3WN-USF1 [1][2], RAP-3WNP-F1 [1][2], RAP-3WNP-USF1 [1][2], RAP-108-F1 [1][2], RAP-108-USF1 [1][2], RAP-109-F1 [1][2], RAP-109-USF1 [1][2], AP-114-F1 [1] and AP-115-F1 [1] with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS [1] and ArubaOS 6.5.0-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/20/2014 03/20/2015 01/27/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Aruba's 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2181 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 650-427-1902 CST Lab: NVLAP 200928-0 | VMware Java JCE (Java Cryptographic Extension) Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/20/2014 | 6/19/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a vShield Manager OS with Sun JRE 6.0 on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1623); AES (Cert. #2704); SHS (Cert. #2271); HMAC (Cert. #1685); DRBG (Cert. #446); DSA (Cert. #825); RSA (Cert. #1402) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #2704, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1623, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC Multi-chip standalone "The VMware Java JCE (Java Cryptographic Extension) module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms." |
| 2178 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Model 650 SafeNet Encryptor (Hardware Versions: 904-000028-001, 904-000029-001, 904-000036-001, 904-53260-007, 904-53260-207, 943-53270-007, 943-53270-207, 904-53261-007, 904-53361-201, 943-53271-007 and 943-53371-201; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/18/2014 01/10/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2616, 2617 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less then 112 bits of encryption); Diffie-Hellman (non-compliant); NDRNG Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network." |
| 2177 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Model 600 SafeNet Encryptor (Hardware Versions: 904-000019-001, 904-000021-001, 904-000020-001, 904-000022-001, 904-000024-001, 904-000023-001, 904-000025-001, 904-000027-001, 904-000026-001, 943-000031-001, 943-000032-001, 943-000033-001, 943-000035-001, 943-000034-001, 904-30013-001, 904-30013-007, 904-30013-207, 904-10014-001, 904-10014-007, 904-10014-207, 904-25005-001, 904-25005-007, 904-25005-207, 904-51100-001, 904-51100-007, 904-51100-207, 904-51120-001, 904-51120-007, 904-51120-207, 904-51140-001, 904-51140-007, 904-51140-207, 943-51130-001, 943-51130-007, 943-51130-207, 943-51150-001, 943-51150-007, 943-51150-207, 904-51101-001, 904-51101-007, 904-51101-207, 904-51121-001, 904-51121-007, 904-51121-207, 904-51141-001, 904-51141-007, 904-51141-207, 943-51131-001, 943-51131-007, 943-51131-207, 943-51151-001, 943-51151-007 and 943-51151-207; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/18/2014 01/10/2017 | 1/9/2022 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2615, 2618 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); NDRNG Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks or 200MB and 1GB Ethernet networks." |
| 2176 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances (Hardware Versions: 5580-20 [2], 5580-40 [2], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [3], 5585-X SSP-20 [3], 5585-X SSP-40 [3], 5585-X SSP-60 [3] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [2], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [3]; Firmware Version: 9.1.7.9) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/18/2014 08/29/2014 01/12/2016 03/02/2016 06/29/2016 08/15/2016 08/31/2016 | 8/30/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483); DRBG (Certs. #332, #336, #339 and #341); ECDSA (Certs. #411 and #412); HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525); RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272); SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101); Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes." |
| 2175 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 02/27/2015 07/05/2016 12/01/2016 | 11/30/2021 | Overall Level: 2 Multi-chip standalone |
| 2173 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Dr. W Houston, TX 77070 USA Julie Ritter TEL: 281-514-4087 Luis Luciani TEL: 281-518-6762 CST Lab: NVLAP 200928-0 | iLO 3 Cryptographic Module (Hardware Versions: GLP: 531510-003 [1] and GXE: 438893-503 [2]; Flash Memory: (41050DL00-233-G [1,2]); NVRAM: (420102C00-244-G [1,2]); DDR3 SDRAM: (42020BJ00-216-G [1]); DDR2 SDRAM: (459715-002 [2]); Firmware Version: 1.50) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 | 6/16/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2294, #2295, #2296, #2297 and #2298); Triple-DES (Certs. #1443, #1444 and #1445); DSA (Cert. #720); RSA (Certs. #1182 and #1183); SHS (Certs. #1977, #1978 and #1979); HMAC (Cert. #1410) -Other algorithms: RC2; RC4; HMAC-MD5; DES; MD5; RSA (non-compliant); DSA (non-compliant); RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); TLSv1.0 KDF; TLSv1.1 KDF Multi-chip embedded "HP Integrated Lights-Out (iLO) management built into BladeSystem blade servers and storage blades is an autonomous management subsystem embedded directly on the server. iLO monitors each server’s overall "health", reports issues, and provides a means for setup and managing of power and thermal settings." |
| 2171 | HGST, Inc. 5601 Great Oaks Parkway Building 50-3/C-346 San Jose, CA 95119 USA Michael Good TEL: 408-717-6261 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar C15K600 TCG Enterprise HDDs (Hardware Versions: HUC156060CS4205 [1], HUC156045CS4205 [1], HUC156030CS4205 [1], HUC156060CSS205 [1], HUC156045CSS205 [1], HUC156030CSS205 [1]; Firmware Version: R12E) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2014 07/17/2014 05/08/2015 | 5/7/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed) -Other algorithms: NDRNG; AES (Cert. #2365, key wrapping) Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs." |
| 2169 | IBM® Corporation 9032 S Rita Road Tucson, AZ 85744 USA Christine Knibloe TEL: 520-799-2486 CST Lab: NVLAP 200427-0 | IBM LTO Generation 6 Encrypting Tape Drive (Hardware Versions: 00V7133 EC Level M12977 [1], 00V7137 EC Level M12977 [2], 00V7135 EC Level M12977 [3] and 00V7139 EC Level M12977 [4]; Firmware Versions: LTO6_DA86.fcp_fh_f.fmrz [1], LTO6_DA86.fcp_hh_f.fmrz [2], LTO6_DA86.sas_fh_f.fmrz [3] and LTO6_DA86.sas_hh_f.fmrz [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/11/2014 | 6/10/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2692, #2693 and #2694); DRBG (Cert. #440); RSA (Cert. #1392); SHS (Cert. #2261) -Other algorithms: AES (Cert. #2694, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Generation 6 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Four different host interface types of the LTO Generation 6 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library." |
| 2166 | Marvell Semiconductor, Inc. 5488 Marvell Lane Santa Clara, CA 95054 USA Minda Zhang TEL: 508-573-3255 FAX: 508-573-3311 CST Lab: NVLAP 200968-0 | Armada Mobile Processor (Hardware Versions: Armada PXA-2128[1] and Armada PXA-610[2]; Firmware Versions: 2128-1.1[1] and 610-1.1[2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 | 6/8/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1982 and #2133); Triple-DES (Certs. #1285 and #1357); SHS (Certs. #1737 and #1857); HMAC (Certs. #1195 and #1303); RSA (Certs. #1028 and #1102); ECDSA (Certs. #287 and #323); DRBG (Certs. #182 and #238) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength); AES (Certs. #1982 and #2133, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Single-chip "Marvell’s ARMADA PXA2128 and ARMADA PXA610 are application processors (PXA2128 is multicore) ideally suited for smartphones and tablets that enable a seamless connected lifestyle. Designed in low-power 40-nanometer (nm) process and featuring the Marvell Hybrid Symmetric Multi-Processing (hSMP) technology, they provide new levels of secure internet and multimedia performance, while achieving industry-leading battery life. Featuring Marvell optimized ARMv7 dual high-performance mobile processors with hSMP running at up to 1.2GHz, the ARMADA PXA2128 and PXA610 provide robust 3D graphics, video," |
| 2165 | Ultra Electronics 3eTI Suite 500 9715 Key West Ave Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200002-0 | 3e-543 AirGuard iField Wireless Sensor Cryptographic Module (Hardware Version: 1.0; Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 | 6/8/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1611 and #2251); SHS (Cert. #1939); HMAC (Cert. #1379); ECDSA (Cert. #359) -Other algorithms: N/A Multi-chip embedded "3eTI 543 Wireless Sensor Cryptographic Module provides network authentication and data encryption for IEEE 15.4 radio. This module enables the secured transportation of sensor data using AES_CCM over ISA 100.11a or WirelessHard wireless links." |
| 2164 | Unium, Inc. 800 5th Avenue Suite 3700 Seattle, WA 98104 USA David Weidenkopf TEL: 206-812-5783 FAX: 206-770-6461 A. Riley Eller TEL: 206-812-5726 FAX: 206-770-6461 CST Lab: NVLAP 200658-0 | CoCo Secure Sockets Cryptographic Module (Software Versions: 2.1 and 2.2) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/05/2014 12/31/2014 05/29/2015 09/30/2015 02/05/2016 12/15/2016 01/18/2017 07/03/2017 08/22/2017 | 1/17/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6 32-bit running on oMG 2000 Vyatta 6.4 32-bit running on Dell PowerEdge R210 with PAA Vyatta 6.4 32-bit running on Dell PowerEdge R210 without PAA Windows 7 x86_64 native and Java support via JNI running on HP Pro Book 640 G1 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2366, #2367, #2381 and #3474); CVL (Certs. #62, #63 and #549); DRBG (Certs. #304, #305, #313 and #856); DSA (Certs. #739, #740 and #982); ECDSA (Certs. #389, #390 and #705); HMAC (Certs. #1470, #1471 and #2219); RSA (Certs. #1222, #1223 and #1790); SHS (Certs. #2039, #2040 and #2869); Triple-DES (Certs. #1479, #1480 and #1959) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; DRBG (DUAL-EC; non-compliant); RNG Multi-chip standalone "The CoCo OpenSSL Cryptographic Module 2.1 is an OpenSSL cryptographic library that provides cryptographic services to its calling applications." |
| 2162 | Encryptics 5080 Spectrum Drive Suite 1000 East Addison, TX 75001 USA Chris McCarthy TEL: 512-649-8185 Brian Kelly TEL: 512-649-8185 CST Lab: NVLAP 200002-0 | Encryptics® Cryptographic Library (Software Version: 1.0.3.0) (When operated with module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1002, #1330, and #1337 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/28/2014 07/03/2014 06/16/2016 | 6/15/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows Vista SP1 (x64 version) with .NET Framework 3.5 running on a Dell SC430 Microsoft Windows 7 SP1 (x64 version) with .NET Framework 3.5 running on a HP Compaq dc7600 Microsoft Windows Server 2008 R2 SP1 (x64 version) with .NET Framework 4.0 running on a HP Compaq dc7600 (single-user mode) -FIPS Approved algorithms: AES (Certs. #739 and #1168); RSA (Certs. #353, #354, #557, #559 and #568); HMAC (Certs. #407, #673 and #687); SHS (Certs. #753 and #1081); DRBG (vendor-affirmed and Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Encryptics Cryptographic Library underpins Encryptics technology and offers protection by industry-standard, government approved algorithms to ensure that only authorized users and authorized devices are allowed to access private information stored within the .SAFE package. Encryptics for Email and Encryptics Data Protection API both leverage the Encryptics .SAFE Library to ensure use of FIPS 140-2 validated cryptography." |
| 2160 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 819G-4G-A-K9, 819G-4G-V-K9, 819H-K9, 819G-S-K9, 819HG-4G-G-K9, 891, 881, 1905, 1921 and 1941 Integrated Services Routers (ISRs) (Hardware Versions: 819G-4G-A-K9 , 819G-4G-V-K9 , 819H-K9 , 819G-S-K9, 819HG-4G-G-K9, 881, 891, 1905 [1], 1921 [1], 1941 and FIPS-SHIELD-1900= [1] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/27/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 800 and 1900 Series Integrated Services Routers are routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer Metro Ethernet and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications." |
| 2158 | INSIDE Secure 41 Parc Club du Golf Aix-en-Provence 13856 France Jerome Ducros TEL: +33 (0)413758653 CST Lab: NVLAP 100432-0 | VaultIC405™, VaultIC421™, VaultIC441™ (Hardware Versions: P/Ns: ATVaultIC405 [2], ATVaultIC421 [1] and ATVaultIC441 [1]; Platforms: ATVaultIC405M Silicon Rev C [2], ATVaultIC421M Silicon Rev C [1] and ATVaultIC441M Silicon Rev C [1]; Firmware Versions: 1.0.1 [1] and 1.0.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/20/2014 05/08/2015 | 5/7/2020 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #2119); DRBG (Cert. #231); DSA (Cert. #663); ECDSA (Cert. #316); HMAC (Cert. #1291); RSA (Cert. #1089); SHS (Cert. #1843); Triple-DES (Cert. #1348) -Other algorithms: NDRNG; AES (Cert. #2119, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; DES MAC; Triple-DES (ISO9797; non-compliant); Triple-DES MAC (ISO9797; non-compliant); HOTP; RSA (encrypt/decrypt) Single-chip "The VaultIC405™, VaultIC421™ and VaultIC441™ is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection." |
| 2157 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA Mocana Sales TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Hybrid Module (Hardware Version: Freescale P2020 SEC 3.1; Software Version: 5.5fi) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 05/20/2014 04/05/2016 | 4/4/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VxWorks 6.8 running on a XPedite5500 with a Freescale P2020 SEC3.1 processor (Single-user mode) -FIPS Approved algorithms: AES (Certs. #2290 and #2291); DRBG (Cert. #284); DSA (Cert. #717); ECDSA (Cert. #372); HMAC (Cert. #1407); RSA (Cert. #1179); SHS (Cert. #1974); Triple-DES (Cert. #1440) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Suite B Hybrid Module (Software Version 5.5fi) is a hybrid, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface." |
| 2156 | Dell, Inc. 2300 West Plano Parkway Plano, TX 75075 USA Chris Burchett TEL: 512-723-8065 FAX: 972-577-4375 Mike Phillips TEL: 512-723-8420 FAX: 972-577-4375 CST Lab: NVLAP 200002-0 | Dell-CREDANT Cryptographic Kernel (Windows Kernel Mode) [1] and Dell-CREDANT Cryptographic Kernel (Windows User Mode) [2] (Software Versions: 1.8 [1,2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/15/2014 | 5/14/2019 | Overall Level: 2 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 2 with Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [1] Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [1] Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [2] Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [2] -FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236) -Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant) Multi-chip standalone "CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications." |
| 2155 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 650-427-1902 CST Lab: NVLAP 200928-0 | VMware NSS Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/14/2014 | 5/13/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with PAA VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1619); AES (Cert. #2700); SHS (Cert. #2267); HMAC (Cert. #1681); DRBG (Cert. #443); DSA (Cert. #821); RSA (Cert. #1398) -Other algorithms: RC2; RC4; DES; SEED; CAMELLIA; MD2; MD5; Triple-DES (non-compliant); ECDSA (non-compliant); HKDF (non-compliant); J-PAKE; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The VMware NSS Cryptographic Module is a software cryptographic library that provides FIPS 140-2 validated network security services to VMware products." |
| 2152 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs) (Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #803, #963, #1115, #1536 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #443, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #801, #934, #1038, #2182 and #2208); Triple-DES (Certs. #758, #812, #1037 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 2151 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | ProtectV StartGuard (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/13/2014 01/10/2017 | 1/9/2022 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 (x64) on VMware ESXi 5.0 running on Dell PowerEdge R610 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2550); HMAC (Cert. #1571); SHS (Cert. #2151) -Other algorithms: N/A Multi-chip standalone "ProtectV StartGuard authorizes whether or not a virtual machine instance secured by SafeNet ProtectV can be launched. StartGuard enables a challenge response authentication mechanism to be inserted in the boot transition process when ProtectV is being started up, during the transition between the first to second phase of the boot process. StartGuard is configurable to suit customers’ security and privacy requirements." |
| 2150 | Dell, Inc. 2300 West Plano Parkway Plano, TX 75075 USA Chris Burchett TEL: 512-723-8065 FAX: 972-577-4375 Mike Phillips TEL: 512-723-8420 FAX: 972-577-4375 CST Lab: NVLAP 200002-0 | Dell-CREDANT Cryptographic Kernel (Mac Kernel Mode) [1], Dell-CREDANT Cryptographic Kernel (Mac User Mode) [2] and Dell-CREDANT Cryptographic Kernel (Linux User Mode) [3] (Software Versions: 1.8 [1,2,3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/13/2014 | 5/12/2019 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1] Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1] Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2] Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2] Ubuntu Linux 11.04 (32-bit) running on a Dell Optiplex 755 [3] Ubuntu Linux 11.04 (64-bit) running on a Dell Optiplex 755 [3] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236) -Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant) Multi-chip standalone "CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications." |
| 2149 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6] (Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2014 11/24/2015 | 11/23/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2148 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6] (Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/13/2014 11/24/2015 | 11/23/2020 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2145 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 1941, 2901, 2911, 2921, 2951, 3925, 3945 Integrated Services Routers (ISRs) and ISM (Hardware Versions: 1941 [12], 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,13, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, D], [3925, 3945] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], ISM-VPN-19 [12], ISM-VPN-29 [13], ISM-VPN-39 [14], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 08/06/2014 | 8/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #963, #1115, #1536, #2343 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #538, #627, #1452 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #934, #1038, #2020, #2182 and #2208); Triple-DES (Certs. #758, #812, #1466 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options. The VPN ISM is a module for the ISRs that provides the capability to considerably increase performance for VPN encrypted traffic," |
| 2143 | Dell, Inc. 1925 Isaac Newton Square East Suite 440 Reston, VA 20190 USA Joe Leslie TEL: 949-754-1263 FAX: 949-754-8999 Jason Raymond TEL: 617-261-6968 CST Lab: NVLAP 200002-0 | Dell AppAssure Crypto Library (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/06/2014 | 5/5/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 2008 R2 64-bit running on Dell PowerEdge T610 with PAA Windows 2008 R2 64-bit running on Dell PowerEdge T610 without PAA Windows 2012 64-bit running on Dell PowerEdge R720 with PAA Windows 2012 64-bit running on Dell PowerEdge R720 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2601); RSA (Cert. #1329); SHS (Cert. #2185) -Other algorithms: N/A Multi-chip standalone "The Dell AppAssure Crypto Module provides data encryption functionality. The Module is a software component used by other software products to encrypt and decrypt data. The Module implements AES (Rijndael) CBC mode functions. Physically, the Module is a DLL file delivered with a file containing the DLL's digital signature." |
| 2141 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200427-0 | Brocade® FCX L2/L3 Switch and Brocade FastIron® SX Series L2/L3 Switch (Hardware Versions: FI-SX800-S, FI-SX1600-AC, FI-SX1600-DC, FCX624S, FCX624S-HPOE-ADV, FCX624S-F-ADV, FCX648S, FCX648S-HPOE and FCX648S-HPOE-ADV with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: IronWare Release R07.3.00c) (When operated in FIPS mode and with the tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/06/2014 06/05/2014 | 6/4/2019 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2150); DRBG (Cert. #239); DSA (Cert. #668); HMAC (Cert. #1317); RSA (Cert. #1106); SHS (Cert. #1871); Triple-DES (Cert. #1363) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (non-compliant); RSA (key wrapping; non-compliant) Multi-chip standalone "The 24-port and 48-port models of the Brocade FCX Series of switches support Power over Ethernet (PoE) and non-PoE applications. They are designed to meet today's enterprise campus and data center network wire-speed and non-blocking performance requirement.The FastIron SX Series extends control from the network edge to the core with intelligent network services, such as Quality of Service (QoS). The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant IP services solution for 1 and 10 Gigabit Ethernet (GbE) enterprise deployments." |
| 2140 | Uplogix, Inc. 7600B N. Capital of Texas Hwy., Suite 220 Austin, TX 78731 USA Certification Administrator TEL: 512-857-7070 CST Lab: NVLAP 200427-0 | Uplogix 430 [1, a], 3200 [2, a], 500 [3, a, b] and 5000 [4, a b] (Hardware Versions: 43-1102-50 [1], 37-0326-04 [2], 61-5050-33 [3] and 61-5500-33 [4] with Tamper Evident Labels Part No. (61-0001-00); Firmware Versions: 4.6.4.22900g [a] and 4.6.4.24340g [b]) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2014 05/20/2014 05/16/2017 05/16/2017 | 5/19/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2293); CVL (Certs. #46, #47 and #48); DRBG (Cert. #285); DSA (Cert. #719); HMAC (Cert. #1409); RSA (Cert. #1181); SHS (Cert. #1976); Triple-DES (Cert. #1442) -Other algorithms: AES (non-compliant); DES; DSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits); HMAC (non-compliant); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); IKE KDF; MD5; PBKDF2-SHA-256; RC4; RNG (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); SHS (non-compliant); Triple-DES (non-compliant) Multi-chip standalone "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally.Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies." |
| 2138 | Symantec Corporation 303 2nd Street 1000N San Francisco, CA 94107 USA Shirley Stahl TEL: 424-750-7424 CST Lab: NVLAP 200556-0 | Symantec Java Cryptographic Module (Software Version: 1.2) (This module contains the embedded module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1786 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/29/2014 07/11/2016 | 7/10/2021 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (64-Bit) with Sun JRE 6.0 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1911); DSA (Cert. #604); ECDSA (Cert. #271); DRBG (Cert. #160); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DUAL_EC_DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DESX; ECIES; MD2; MD4; MD5; PRNG; RC2; RC4; RC5; RIPEMD160; RSA Keypair Generation MultiPrime (non-compliant); HMAC-MD5 Multi-chip standalone "The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite." |
| 2136 | Aruba a Hewlett Packard Enterprise Company 1344 Crossman Avenue Sunnyvale, CA 94089 USA Steve Weingart TEL: 408-227-4500 FAX: 408-227-4550 CST Lab: NVLAP 200427-0 | Aruba 7200 Series Controllers with ArubaOS FIPS Firmware (Hardware Versions: Aruba 7210-F1, Aruba 7210-USF1, Aruba 7220-F1, Aruba 7220-USF1, Aruba 7240-F1, Aruba 7240XM-RWF1, Aruba 7240-USF1, Aruba 7240XM-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2014 03/20/2015 01/13/2016 07/06/2016 | 7/5/2021 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2134 | Harris Corporation RF Communications Division 1680 University Avenue Rochester, NY 14610 USA James White TEL: 585-242-3917 Elias Theodorou TEL: 585-720-8790 CST Lab: NVLAP 200928-0 | RF-7800W Broadband Ethernet Radio (Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/24/2014 | 4/23/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform." |
| 2128 | Gigamon Inc. 3300 Olcott Street Santa Clara, CA 95054 USA Mike Valladao TEL: 408-831-4000 CST Lab: NVLAP 200556-0 | Gigamon Linux-Based Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and when the module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/20/2014 10/23/2014 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a GigaVUE-TA1(single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Gigamon Linux-Based Cryptographic Module provides cryptographic functions for Gigamon products and solutions." |
| 2127 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect Duo with LASER PKI (Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0) (When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/09/2014 05/28/2014 | 5/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. #253); CVL (Cert. #8) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 2126 | Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middlesex NW10 0UF United Kingdom Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 Francesco Rivieccio TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0 | Integral AES 256 Bit Crypto SSD Underlying PCB (Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/09/2014 | 4/8/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254) -Other algorithms: N/A Multi-chip standalone "Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)." |
| 2125 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | ACT2Lite Module (Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072) or 15-14497-02(NDS_ACT2_V1); Firmware Version: 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/09/2014 09/18/2015 09/30/2015 | 9/29/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2556, #2742 and #3002); DRBG (Certs. #384, #461 and #572); ECDSA (Certs. #439, #480 and #550); HMAC (Certs. #1576, #1719 and #1899); RSA (Certs. #1309, #1438 and #1570); SHS (Certs. #2156, #2314 and #2513) -Other algorithms: NDRNG Single-chip "ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms." |
| 2124 | Vidyo, Inc. 433 Hackensack Ave, 6th Floor Hackensack, NJ 07601 USA CST Lab: NVLAP 200556-0 | Cryptographic Security Kernel (Software Version: 2) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/09/2014 | 4/8/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without PAA Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with PAA Mac OS X 10.6.8 32-bit running on a Mac Mini without PAA Mac OS X 10.6.8 64-bit running on a Macbook Pro without PAA Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with PAA Mac OS X 10.7.3 32-bit running on a Mac Mini without PAA Mac OS X 10.7.3 64-bit running on a Macbook Air without PAA Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with PAA Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without PAA Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with PAA Windows 7 with SP1 32 bit running on a Mac Mini without PAA Windows 7 with SP1 64 bit running on a Dell Precision M4300 without PAA Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with PAA Windows 7 with SP1 64 bit running on a Macbook Air with PAA iOS 6.1 running on a Apple iPad 4 iOS 6.1 running on a Apple iPhone 5 Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1 Android 4.1.1 running on a ASUS Transformer Prime Android 4.1.2 running on a Samsung Galaxy Nexus S Android 4.2.2 running on a Google Nexus 7 Android 4.0.4 running on a Samsung Galaxy SII Android 4.1.2 running on a Samsung Galaxy SIII Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175) -Other algorithms: N/A Multi-chip standalone "The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications." |
| 2121 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200996-0 | nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3] (Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/03/2014 06/05/2014 11/24/2015 | 11/23/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 2119 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 Harshad Thakar TEL: 720-684-2580 FAX: 720-684-2733 CST Lab: NVLAP 100432-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module (Hardware Versions: 1G1162 and 1G1164; Firmware Versions: SM72, SM73, DM72, DM73, DM82, DM83, HM72, HM73, HM82, HM83, LM72 and LM73) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/28/2014 05/21/2014 06/27/2014 | 6/26/2019 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597) -Other algorithms: NDRNG Multi-chip embedded "The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 2118 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Zhenyi Huang TEL: 650-236-5886 Huy Ho TEL: 650-236-5733 CST Lab: NVLAP 200002-0 | NonStop Volume Level Encryption (NSVLE) (Software Versions: 2.0 and 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/03/2014 03/17/2017 03/20/2017 | 4/2/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Debian Linux HPTE Version 5.0.0 running on an HPE ProLiant DL380p Gen8Debian Linux HPTE Version 7.9.1 running on an HPE ProLiant DL380 Gen9 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2375, #2376, #4363 and #4364); CVL (Certs. #228 and #1072); DRBG (Certs. #311 and #1402); HMAC (Certs. #1477 and #2903); RSA (Certs. #1230 and #2362); SHS (Certs. #2047 and #3601); Triple-DES (Certs. #1486 and #2359) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "HPE NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure." |
| 2116 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E) (Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E) (When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/26/2014 04/16/2014 | 4/15/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575) -Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev." |
| 2110 | BlackBerry Limited 2200 University Avenue East Waterloo, Ontario N2K OA7 Canada Security Certifications Team TEL: 519-888-7465 x72921 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Library for Secure Work Space (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/21/2014 01/24/2016 | 1/23/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110 Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110 Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2 Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2 iOS v5 running on a iPad3 iOS v6 running on a iPhone5 Android v4.1 running on a Samsung Galaxy SIII (single-user mode) -FIPS Approved algorithms: AES (Cert. #2544); CVL (Cert. #89); DRBG (Cert. #377); DSA (Cert. #776); ECDSA (Cert. #436); HMAC (Cert. #1565); RSA (Cert. #1298); SHS (Cert. #2145); Triple-DES (Cert. #1539) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength), RNG; DRBG (non-compliant) Multi-chip standalone "BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions." |
| 2107 | Vocera Communications, Inc. 525 Race Street San Jose, CA 95126 USA Thirumalai T. Bhattar TEL: 408-882-5841 FAX: 408-882-5101 Ken Peters TEL: 408-882-5858 FAX: 408-882-5101 CST Lab: NVLAP 200996-0 | Vocera Cryptographic Module (Hardware Version: 88W8688; Firmware Version: 2.0; Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 03/19/2014 | 3/18/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode) -FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols." |
| 2106 | DTECH LABS, Inc. 22876 Shaw Road Sterling, VA 20166 USA Brian K. Everhart TEL: 703-547-0638 Patrick Higdon TEL: 703-563-0633 CST Lab: NVLAP 200427-0 | M3-SE-RTR2 and TXC3 (Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/19/2014 | 3/18/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements." |
| 2101 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 100432-0 | Symantec Mobility: Suite Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/14/2014 04/03/2014 07/23/2015 02/12/2016 | 2/11/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 Android 4.0 running on a Galaxy Nexus (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec Mobility: Suite Cryptographic Module Version 1.0 provides cryptographic functions for Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices." |
| 2100 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Cisco FIPS Object Module (Software Version: 4.1) (When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/07/2014 | 3/6/2019 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon Linux 2.6 running on a Cisco ASR1002 Android v4.0 running on a Samsung Galaxy S II Windows 7 running on a Cisco UCS C200 M2 without PAA Windows 7 running on a Cisco UCS C210 M2 with PAA FreeBSD 9.0 running on a Cisco UCS C210 M2 without-PAA Linux 2.6 running on a Cisco UCS C22 M3 with PAA Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength) Multi-chip standalone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2099 | Riverbed Technology, Inc. 680 Folsom St. San Francisco, CA 94107 USA Andrei K. Uyehara TEL: 415-527-4244 Chris Scuderi TEL: 408-522-5154 CST Lab: NVLAP 200928-0 | Riverbed Cryptographic Security Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/07/2014 04/16/2014 09/25/2014 12/15/2015 11/01/2016 11/02/2016 12/09/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI Granite OS 2.0 running on Riverbed Granite Core Appliance Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Whitewater OS 3.0 running on Whitewater Appliance without AES-NI Whitewater OS 3.0 running on Whitewater Appliance with AES-NI Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI Interceptor OS 4.5 running on Riverbed Interceptor Appliance RiOS 8.6 32-bit running on Riverbed Steelhead Appliance RiOS 8.6 64-bit running on Riverbed Steelhead Appliance RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 8.6 64-bit running on Riverbed Steelhead Appliance with AES-NI Steelhead Mobile Controller 4.6 running on SMC without AES-NI Steelhead Mobile Controller 4.6 running on SMC with AES NI Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI RiOS 9.2 x86 64-bit running on Riverbed Steelhead Appliance with PAA RiOS 9.2 x86 64-bit running on Riverbed Steelhead Appliance without PAA RiOS 9.2 x86 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA RiOS 9.2 x86 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA RiOS 9.2 x86 64-bit on KVM 1.0 running on Dell PowerEdge R320 with PAA RiOS 9.2 x86 64-bit on KVM 1.0 running on Dell PowerEdge R320 without PAA SteelCentral Controller for SteelHead Mobile 5.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA SteelCentral Controller for SteelHead Mobile 5.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA SteelFusion 4.3 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA SteelFusion 4.3 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA Riverbed License Manager 1.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA Riverbed License Manager 1.0 on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA Riverbed SteelCentral AppResponse 11.2 64bit on VMware ESXi 5.5 running on Dell PowerEdge R320 with PAA Riverbed SteelCentral AppResponse 11.2 64bit on VMware ESXi 5.5 running on Dell PowerEdge R320 without PAA SteelCentral Controller for SteelHead Mobile 5.0 running on SMC appliance with PAA SteelCentral Controller for SteelHead Mobile 5.0 running on SMC appliance without PAA SteelFusion 4.3 running on Riverbed SteelFusion appliance with PAA SteelFusion 4.3 running on Riverbed SteelFusion appliance without PAA Riverbed SteelCentral AppResponse 11.2 running on Riverbed appliance with PAA Riverbed SteelCentral AppResponse 11.2 running on Riverbed appliance without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2374); CVL (Cert. #65); DRBG (Cert. #310); DSA (Cert. #745); ECDSA (Cert. #392); HMAC (Cert. #1476); RSA (Cert. #1229); SHS (Cert. #2046); Triple-DES (Cert. #1485) -Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman; PRNG; DRBG (non-compliant) Multi-chip standalone "The Riverbed Cryptographic Security Module ("RCSM") provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead, SteelFusion and SteelCentral products. Using RCSM to provide FIPS compliance across Riverbed solutions, strengthens security and facilitates the product certification and accreditation processes, enabling hybrid enterprises to transform application performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility." |
| 2098 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4 42 36 60 74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDPrime MD 830 (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore30 Build 1.17, IDPrime MD Applet version V4.1.2.F and MSPNP Applet V1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/05/2014 08/04/2016 | 8/3/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure." |
| 2097 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Software Versions: 4.0.1 [1] and 4.0.2.5 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/05/2014 11/25/2014 02/03/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit) [1] Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with PAA (x86 64-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit) [1] Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit) [1] Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 32-bit) [1] Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 64-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with PAA (x86 32-bit) [1] Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit) [1] Microsoft Windows 7 SP1 running on a Dell Precision M6500 with PAA (x86 64-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) [1] NetBSD 6.0.1 running on a Ricoh D2395602 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2017 and #4126); DRBG (Certs. #191 and #1246); DSA (Certs. #642 and #1121); ECDSA (Certs. #292 and #941); HMAC (Certs. #1221 and #2699); PBKDF (vendor affirmed); RSA (Certs. #1046 and #2233); SHS (Certs. #1767 and #3395); Triple-DES (Certs. #1302 and #2257) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; ECAES; ECIES; HMAC MD5; MD2; MD4; MD5; PBKDF1 SHA-1; PRNG; RC2; RC4; RC5 Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2095 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 100432-0 | Symantec Mobility: Suite Server Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/28/2014 07/23/2015 02/11/2016 | 2/10/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec Mobility: Suite Server Cryptographic Module provides cryptographic functions for the Server component of Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate‐liable and employee‐owned mobile devices." |
| 2093 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches (Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/27/2014 03/12/2014 | 3/11/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358) -Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules." |
| 2091 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) (Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/26/2014 | 2/25/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4 Multi-chip standalone "The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions." |
| 2089 | HGST, Inc. 5601 Great Oaks Parkway Building 50-3/C-346 San Jose, CA 95119 USA Michael Good TEL: 408-717-6261 FAX: 408-717-9494 Jithendra Bethur TEL: 408-717-5951 FAX: 408-717-9494 CST Lab: NVLAP 100432-0 | HGST Ultrastar SSD800/1000/1600 TCG Enterprise SSDs (Hardware Versions: P/Ns HUSMH8080ASS205 (0001) [1, 2, 3, 4], HUSMH8080ASS205 (0002) [4, 9], HUSMH8080BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8040ASS205 (0001) [1, 2, 3, 4], HUSMH8040ASS205 (0002) [4, 9], HUSMH8040BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8020ASS205 (0001) [1, 2, 3, 4], HUSMH8020ASS205 (0002) [4, 9], HUSMH8020BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8010BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM8080ASS205 (0001) [1, 2, 3, 4], HUSMM8080ASS205 (0002) [4, 9], HUSMM8040ASS205 (0001) [1, 2, 3, 4], HUSMM8040ASS205 (0002) [4, 9], HUSMM8020ASS205 (0001) [1, 2, 3, 4], HUSMM8020ASS205 (0002) [4, 9], HUSMM1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMM1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1620ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMR1619ASS235 (0003) [25], HUSMR1619ASS205 (0003) [10, 16, 17, 24, 25, 31, 32], HUSMR1010ASS205 (0001) [1, 2, 3, 4], HUSMR1010ASS205 (0002) [4, 9], HUSMR1050ASS205 (0001) [1, 2, 3, 4], HUSMR1050ASS205 (0002) [4, 9], HUSMR1025ASS205 (0001) [1, 2, 3, 4], HUSMR1025ASS205 (0002) [4, 9], HUSMR1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1650ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1625ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], and HUSMR1610ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28]; Firmware Versions: R210 [1], R230 [2], R232 [3], R252 [4], P216 [5], P218 [6], P250 [7], P252 [8], R254 [9], R104 [10], P217 [11], P292 [12], P298 [13], P29A [14], P2C0 [15], R106 [16], R120 [17], P21J [18], P29C [19], P29E [20], P2CA [21], P2CC [22], P2E0 [23], R108 [24], R130 [25], P2F0 [26], K2CC [27], P300 [28], P302 [29], D302 [30], R154 [31] or G155 [32]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/25/2014 04/03/2014 04/11/2014 07/17/2014 09/12/2014 10/23/2014 12/31/2014 01/23/2015 02/13/2015 05/29/2015 08/07/2015 09/04/2015 09/30/2015 12/09/2015 | 12/8/2020 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed); -Other algorithms: AES (Cert. #2365, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG Multi-chip embedded "HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs.10/23/14: Added HW HUSMH8080ASS205, HUSMH8040ASS205, HUSMH8020ASS205, HUSMM8080ASS205, HUSMM8040ASS205, HUSMM8020ASS205, HUSMR1010ASS205, HUSMR1050ASS205, HUSMR1025ASS205" |
| 2086 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | StorageTek T10000C Tape Drive (Hardware Version: P/N 7054185; Firmware Version: 1.57.308) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 | 2/21/2019 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82) -Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution." |
| 2082 | Toshiba Electronic Devices & Storage Corporation 1-1, Shibaura 1-chome Minato-ku, Tokyo 105-8001 Japan Tohru Iwamoto TEL: +81-45-776-4488 CST Lab: NVLAP 200822-0 | Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW) (Hardware Version: AA; Firmware Versions: FN001S, FN002S) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/13/2014 04/23/2014 07/18/2017 | 4/22/2019 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334); -Other algorithms: NDRNG Multi-chip embedded "The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology." |
| 2081 | Dispersive Technologies, Inc. 2555 Westside Parkway Suite 500 Alpharetta, GA 30004 USA Douglas Dimola TEL: 844.403.5851 CST Lab: NVLAP 200556-0 | V2VNet Common Crypto Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2014 09/18/2015 02/26/2016 | 2/25/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications." |
| 2080 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/10/2014 | 2/9/2019 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms." |
| 2079 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Drive West Houston, TX 77070 USA Rahul Philip Mampallil TEL: +91 80 33841568 Karthik Bhagawan TEL: +91 80 25166873 FAX: +91 80 28533522 CST Lab: NVLAP 200928-0 | HP-UX Kernel Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/07/2014 | 2/6/2019 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode) -FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)." |
| 2074 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009 USA David Schmolke TEL: 760-476-2461 FAX: 760-476-4110 Richard Quintana TEL: 760-476-2481 FAX: 760-476-4110 CST Lab: NVLAP 100432-0 | Embeddable Security System (ES-1200) (Hardware Versions: P/N 1174941, Rev. 001; Firmware Version: 1.0.7) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 03/12/2014 | 3/11/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207) -Other algorithms: NDRNG Multi-chip embedded "The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography." |
| 2073 | GoldKey Security Corporation 26900 E Pink Hill Road Independence, MO 64057 USA GoldKey Sales & Customer Service TEL: 816-220-3000 FAX: 419-301-3208 Jon Thomas TEL: 567-270-3830 FAX: 419-301-3208 CST Lab: NVLAP 200658-0 | GoldKey Security Token Cryptographic Module (Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12) (When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/29/2014 | 1/28/2019 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384) -Other algorithms: N/A Single-chip "Provides cryptographic algorithm implementation for GoldKey Products" |
| 2072 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card Cryptographic Module (Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/29/2014 04/22/2016 | 4/21/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280) -Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
| 2070 | API Technologies Corp. 4705 S. Apopka Vineland Road Suite 210 Orlando, FL 32819 USA Henry Gold TEL: 855-294-3800 CST Lab: NVLAP 200556-0 | Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/24/2014 04/23/2014 02/10/2016 | 2/9/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms." |
| 2066 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender Elite 200™ (Hardware Versions: 1.0 (P/Ns KDFE200‐4G-Red, KDFE200-4G‐Green, KDFE200‐4G‐Blue, KDFE200-4G-Yellow, KDFE200-4GBrown, KDFE200‐4G‐Gray, KDFE200-4G‐Silver, KDFE200‐8G‐Red, KDFE200-8G-Green, KDFE200‐8G‐Blue, KDFE200- 8G‐Yellow, KDFE200-8G‐Brown, KDFE200-8G‐Gray, KDFE200-8G‐Silver, KDFE200-16G‐Red, KDFE200-16G‐Green, KDFE200‐16G‐Blue, KDFE200-16G‐Yellow, KDFE200-16G‐Brown, KDFE200-16G‐Gray, KDFE200-16G‐Silver, KDFE200- 32G‐Red, KDFE200-32G-Green, KDFE200-32G‐Blue, KDFE200-32G‐Yellow, KDFE200-32G‐Brown, KDFE200-32G‐Gray, KDFE200‐32G‐Silver, KDFE200‐64G‐Red, KDFE200-64G‐Green, KDFE200‐64G‐Blue, KDFE200-64G‐Yellow, KDFE200-64G‐Brown, KDFE200-64G‐Gray, KDFE200-64G‐Silver, KDFE200-128G-Red, KDFE200-128G‐Green, KDFE200-128G-Blue, KDFE200-128G-Yellow, KDFE200-128G‐Brown, KDFE200-128G-Gray, KDFE200‐128G-Silver); Firmware Versions: 2.03.10 and 2.05.10)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2013 02/28/2014 06/05/2014 | 6/4/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender Elite 200™ is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device. It can also be used as a secure platform for remote access and virtualized applications run directly from the device. The device supports onboard hardware random number generation, RSA, HMAC and algorithms." |
| 2064 | CST Lab: NVLAP 200002-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/23/2013 08/09/2016 | 8/8/2021 | Overall Level: 2 Multi-chip standalone |
| 2062 | RSAE Labs Inc. PO Box 15922 PANAMA CITY, FL 32406 United States Randall Shepard TEL: 650-464-6201 FAX: 1-850-462-2685 CST Lab: NVLAP 200802-0 | Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module (Hardware Version: 380270-1 Rev. -; Firmware Version: mat_v2_1_0 or sink_v2_1_0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/17/2013 01/24/2014 08/22/2016 | 8/21/2021 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1863); DRBG (Cert. #150) -Other algorithms: NDRNG Single-chip "The Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic Mist® mesh networking solutions." |
| 2058 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.1 or 6.1.1.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2013 07/03/2014 02/12/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521 JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39) -Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2057 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.1or 6.1.1.0.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2013 07/03/2014 02/12/2016 05/10/2016 | 5/9/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521 JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39) -Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2056 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Software Versions: 4.0.1 [1] and 4.0.2.5 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/05/2013 11/25/2014 02/03/2016 01/05/2017 | 1/4/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit) [1] Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit) [1] Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit) [1] Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit) [1] Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with PAA (x86 64-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit) [1] Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit) [1] Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit) [1] Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 32-bit) [1] Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit) [1] Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 64-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit) [1] Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with PAA (x86 32-bit) [1] Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit) [1] Microsoft Windows 7 SP1 running on a Dell Precision M6500 with PAA (x86 64-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit) [1] Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit) [1] IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit) [1] IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit) [1] HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit) [1] HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit) [1] Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) [1] NetBSD 6.0.1 running on a Ricoh D2395602 [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2017 and #4126); DRBG (Certs. #191 and #1246); DSA (Certs. #642 and #1121); ECDSA (Certs. #292 and #941); HMAC (Certs. #1221 and #2699); PBKDF (vendor affirmed); RSA (Certs. #1046 and #2233); SHS (Certs. #1767 and #3395); Triple-DES (Certs. #1302 and #2257) -Other algorithms: Diffie-Hellman; EC Diffie-Hellman; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; ECAES; ECIES; HMAC MD5; MD2; MD4; MD5; PBKDF1 SHA-1; PRNG; RC2; RC4; RC5 Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2054 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® 100M Ethernet (Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2013 | 12/4/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2065); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34, key agreement; key establishment methodology provides 192 bits of encryption strength) -Other algorithms: AES (Cert. #2014, key wrapping); HWRBG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM. Management of the Datacryptor® is performed via a remote management interface." |
| 2053 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® 100M Ethernet (Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0) (When configured with the Point-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2013 | 12/4/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2062); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface." |
| 2051 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0 | µMACE (Hardware Version: P/N AT58Z04; Firmware Versions: R01.03.11, R01.03.12, or R01.03.13) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/03/2013 | 12/2/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1876 and #2146); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619); HMAC (Cert. #1313) -Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #2146; non-compliant); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products." |
| 2050 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA ChrisMarks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade ICX 6430 and ICX 6450 Series Stackable Switch with FastIron 7.4.00a Firmware (Hardware Versions: ICX-6430-24 P/N 80-1006002-02, ICX-6430-24P P/N 80-1006000-02, ICX-6430-48 P/N 80-1006003-02, ICX-6430-48P P/N 80-1006001-02, ICX-6450-24 P/N 80-1005997-02, ICX-6450-24P P/N 80-1005996-02, ICX-6450-48 P/N 80-1005999-03 and ICX-6450-48P P/N 80-1005998-02 with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: FastIron v7.4.00a) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/03/2013 02/20/2014 | 2/19/2019 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1403); AES (Cert. #2243); SHS (Cert. #1933); HMAC (Cert. #1373); DRBG (Cert. #268); DSA (Cert. #696); RSA (Cert. #1149); ECDSA (Cert. #352) -Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; Proprietary two way encryption; DES Multi-chip standalone "The Brocade ICX 6430 and 6450 Switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. Brocade ICX 6430 and 6450 are available in 24- and 48- port 10/100/1000/ Mbps models and 1 Gigabit Ethernet (GbE) or 10 GbE dual-purpose uplink/stacking ports, with or without IEEE 802.3af Power over Ethernet (PoE) and 802.3at Power over Ethernet Plus (PoE+ - to support enterprise edge networking, wireless mobility, and IP communications." |
| 2049 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | SafeNet Software Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode and when installed, initialized and configured as specified in Section 4 of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy; No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/27/2013 12/15/2015 01/10/2017 | 1/9/2022 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008R2 64-bit running on Dell PowerEdge R210II with PAA Windows Server 2008 64-bit running on Dell PowerEdge R210II Windows 7 64-bit running on a Acer Aspire AS5750 with PAA Windows 7 32-bit running on a Acer Aspire AS5750 NetBSD 4.0 32-bit on Vmware ESX running on Dell PowerEdge R210II with PAA Android 4.0 running on Beagleboard xM with PAA RHEL 6.2 64-bit running on a Dell PowerEdge R210II with PAA CentOS 5.6 32-bit running on a Dell PowerEdge 860 (Single User Mode) -FIPS Approved algorithms: AES (Cert. #2286); CVL (Cert. #45); DRBG (Cert. #283); DSA (Cert. #714); ECDSA (Cert. #370); HMAC (Cert. #1402); RSA (Cert. #1176); SHS (Cert. #1967); Triple-DES (Cert. #1434) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (non-compliant); DRBG (non-compliant) Multi-chip standalone "The SafeNet Software Cryptographic Library is SafeNet's cryptographic service provider that provides extended high performance cryptographic services for SafeNet's broad range of Data Protection products." |
| 2048 | Allegro Software Development Corporation 1740 Massachusetts Avenue Boxborough, MA 01719 USA Larry LaCasse TEL: 978-264-6600 CST Lab: NVLAP 200928-0 | Allegro Cryptographic Engine (Software Version: 1.1.8) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/27/2013 02/20/2014 | 2/19/2019 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows 7 Ultimate running on a Dell Optiplex 755 -FIPS Approved algorithms: AES (Cert. #2671); Triple-DES (Cert. #1602); RSA (Cert. #1374); DSA (Cert. #810); ECDSA (Cert. #465); SHS (Cert. #2243); HMAC (Cert. #1661); DRBG (Cert. #430); CVL (Cert. #148); PBKDF2 (vendor affirmed) -Other algorithms: MD5; AES (Cert. #2671, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG Multi-chip standalone "Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace." |
| 2047 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE(R) Crypto-C Micro Edition (Hardware Version: SPARC T4; Software Version: 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/25/2013 11/25/2014 02/03/2016 | 2/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single user mode) -FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302) -Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2045 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 5.5fs) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/18/2013 01/03/2014 04/14/2016 05/26/2017 | 4/13/2021 | Overall Level: 1 -Tested Configuration(s): Integrity O/S 5.0 running on Freescale MPC8544ADS Development System iOS-5 running on Apple iPad 2 iOS-6 running on Apple iPad 2 iOS-9.3 running on iPhone 5s (single-user mode) -FIPS Approved algorithms: AES (Certs. #2356 and #2096); Triple-DES (Cert. #1333); SHS (Cert. #1820); HMAC (Cert. #1271); RSA (Cert. #1075); DSA (Cert. #655); ECDSA (Cert. #307); DRBG (Cert. #221) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 2043 | Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom Laura Loredo TEL: 44 117 3162462 CST Lab: NVLAP 100432-0 | HP LTO-6 Tape Drive (Hardware Versions: AQ278A #912 [1], AQ278C #704 [2], AQ288D #103 [3], and AQ298C #103 [4]; Firmware Versions: J2AW [1], J2AS [2], 32AW [3], and 22CW [4]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2013 | 11/14/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption." |
| 2042 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® SONET/SDH OC-3/12/48/192C (Hardware Versions: 1600x435, Rev. 01 and 1600x435, Rev. 02; 1600x427, Rev. 01 and 1600x427, Rev. 02; Firmware Version: 5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks." |
| 2041 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® Gig Ethernet and 10 Gig Ethernet (Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2064 and #2066); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34) -Other algorithms: AES (Cert. #2014, key wrapping); HWRBG Multi-chip standalone "The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM." |
| 2039 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren TEL: 321-264-2928 CST Lab: NVLAP 200416-0 | Datacryptor® Gig Ethernet and 10 Gig Ethernet (Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0) (When configured with the Point-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/15/2013 02/13/2015 | 2/12/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1) -Other algorithms: HWRBG Multi-chip standalone "The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks." |
| 2038 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 200556-0 | CryptoComply™ | Server (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/15/2013 01/23/2014 02/20/2014 01/25/2016 02/05/2016 | 2/4/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 Mac OS X 10.8 on a MacBook Air Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 CentOS 6.3 on a GigaVUE-TA1 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "CryptoComply™ | Server is a standards-based "Drop-in Compliance" solution for servers and appliances. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 2036 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 200928-0 | Luna® PCI-E Cryptographic Module (Hardware Versions: VBD-05, Version Code 0103; Firmware Version: 6.3.1) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1756, #2262 and #2282); DSA (Certs. #548, #704 and #712); ECDSA (Certs. #233, #364 and #369); KAS (Cert. #38); RSA (Certs. #1159 and #1173); SHS (Certs. #1947 and #1964); HMAC (Certs. #1386 and #1398); Triple-DES MAC (Triple-DES Certs. #1137, #1414 and #1430, vendor-affirmed); Triple-DES (Certs. #1137, #1414 and #1430); KBKDF (Cert. #6); DRBG (Cert. #277) -Other algorithms: ARIA; AES MAC (Cert. #2282; non-compliant); CAST5; CAST5-MAC; CAST5-ECB; CAST5-CBC; DES; DES MAC; DES-ECB; DES-CBC; GENERIC-SECRET; HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC2-ECB; RC2-CBC; RC4; RC5; RC5-MAC; RC5-ECB; RC5-CBC; RSA (X-509; non-compliant); SEED; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1756, #2262 and #2282, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1137, #1414 and #1430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna® PCI-E for Luna® IS cryptographic module features powerful cryptographic processing and hardware key management for applications where performance and security are the priority. The multi-chip embedded hardware cryptographic module offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-E card." |
| 2035 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade ICX 6610 Series Stackable Switch with FastIron 7.3.00c Firmware (Hardware Versions: ICX 6610-24F-I (P/N: 80-1005350-03), ICX 6610-24F-E (P/N: 80-1005345-03), ICX 6610-24-I (P/N: 80-1005348-04), ICX 6610-24-E (P/N: 80-1005343-04), ICX 6610-24P-I (P/N: 80-1005349-05, ICX 6610-24P-E (P/N: 80-1005344-05), ICX 6610-48-I (P/N: 80-1005351-04, ICX 6610-48-E (P/N: 80-1005346-04, ICX 6610-48P-I (P/N: 80-1005352-05) and ICX 6610-48P-E (P/N: 80-1005347-05); with FIPS kit XBR-0000195; Firmware Version: FastIron (FI) v7.3.00c) (When operated in FIPS mode with tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 | 11/12/2018 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2150); Triple-DES (Cert. #1363); SHS (Cert. #1871); HMAC (Cert. #1317); DRBG (Cert. #239); DSA (Cert. #668); ECDSA (Cert. #324); RSA (Cert. #1106) -Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; proprietary two way encryption; DES Multi-chip standalone "The Brocade ICX 6610 delivers wire-speed, non-blocking performance across all ports to support latency-sensitive applications such as real-time voice and video streaming and VDI. Brocade ICX 6610 Switches can be stacked to provide an unprecedented 320 Gbps of backplane stacking bandwidth. Additionally, each switch can provide up to eight 10 Gigabit Ethernet (GbE) ports." |
| 2031 | Stonesoft Corporation Itälahdenkatu 22A Helsinki FI-00210 Finland Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | Stonesoft Cryptographic Library (Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2013 | 11/12/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315 Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2240 and #2241); Triple-DES (Certs. #1401 and #1402); DSA (Certs. #694 and #695); RSA (Certs. #1147 and #1148); ECDSA (Certs. #349 and #350); SHS (Certs. #1929 and #1930); DRBG (Certs. #266 and #267); HMAC (Certs. #1370 and #1371); CVL (Certs. #37 and #38) -Other algorithms: Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); AES (Certs. #2240 and #2241, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "Stonesoft Cryptographic Library is a software module that provides cryptographic services for Stonesoft network security products." |
| 2029 | Atos Worldline Haachtsesteenweg 1442, B-1130 Brussels Belgium Filip Demaertelaere TEL: +32 2 727 61 67 CST Lab: NVLAP 200556-0 | Atos Worldline Adyton Cryptographic Module (Hardware Version: 9071000001; Firmware Version: 1.2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/13/2013 | 11/12/2018 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #1810); DRBG (Cert. #138); HMAC (Cert. #1068); KBKDF (Cert. #2); RSA (Cert. #907); SHS (Cert. #1589) -Other algorithms: NDRNG; AES (Cert. #1810, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "Atos Worldline’s Adyton is an innovative high-performance Hardware Security Module (HSM) platform. The design of the Adyton is based on high security, reliability and robustness, user friendliness, and conformance to international security standards. Adyton has an integrated color display, full HEX capacitive keyboard, chip card reader, fingerprint reader, and a USB Host connection." |
| 2028 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/12/2013 | 11/11/2018 | Overall Level: 2 Multi-chip embedded |
| 2027 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/12/2013 | 11/11/2018 | Overall Level: 2 Multi-chip embedded |
| 2024 | Unium, Inc. 800 5th Avenue Suite 3700 Seattle, WA 98104 USA David Weidenkopf TEL: 206-812-5783 FAX: 206-770-6461 A. Riley Eller TEL: 206-812-5726 FAX: 206-770-6461 CST Lab: NVLAP 200658-0 | CoCo Cryptographic Module (Software Versions: 2.0, 3.0 and 3.0.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/12/2013 12/31/2014 05/29/2015 02/08/2016 01/17/2017 07/26/2017 08/22/2017 | 1/16/2022 | Overall Level: 1 -Tested Configuration(s): Linux 2.6 32-bit running on oMG 2000 Vyatta 6.4 32-bit running on Dell PowerEdge R210 Linux 3.6 64-bit running on Peplink Balance 2500 Linux Kernel 4.4 VyOS 1.6 running on Sierra Wireless Airlink Connection Manager Dell PowerEdge R230 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2299, #2300, #4317 and #4582); HMAC (Certs. #1411, #1412, #1413, #1414, #2849, #2850, #3032 and #3033); SHS (Certs. #1980, #1981, #1982, #1983, #3552, #3553, #3758 and #3759); Triple-DES (Certs. #1446, #1447, #2333 and #2435) -Other algorithms: N/A Multi-chip standalone "The CoCo Cryptographic Module is a Linux loadable kernel module that provides cryptographic services in the Linux kernel. It provides an API that can be used by other kernel services." |
| 2022 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/08/2013 | 11/7/2018 | Overall Level: 2 Multi-chip standalone |
| 2021 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 11/22/2013 | 11/21/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU iOS 7.0 running on an iPhone4S with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A6 CPU iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU iOS 7.0 running on an iPhone5S with Apple A7 CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1527, #1528, #1529 and #1595); AES (Certs. #2493, #2494, #2495, #2496, #2497, #2498, #2655 and #2656); SHS (Certs. #2113, #2114, #2115, #2167, #2169, #2171, #2228 and #2229); ECDSA (Certs. #425, #426, #427 and #458); HMAC (Certs. #1535, #1536, #1537, #1588, #1590, #1592, #1646 and #1647); DRBG (Certs. #350, #351, #352 and #422); PBKDF (vendor affirmed) -Other algorithms: ECDSA (non-compliant); RSA (non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2020 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module, v4.0 (Hardware Versions: A4, A5, A6 and A7; Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 11/07/2013 11/22/2013 | 11/21/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU iOS 7.0 running on an iPhone4S with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A6 CPU iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU iOS 7.0 running on an iPhone5 with Apple A7 CPU (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1530, #1531, #1542, #1596 and #1597); AES (Certs. #2499, #2500, #2501, #2502, #2503, #2504, #2505, #2506, #2507, #2508, #2509, #2547, #2657, #2658, #2659, #2660, #2661 and #2662); RSA (Certs. #1289, #1290, #1302, #1367 and #1368); SHS (Certs. #2119, #2120, #2148, #2168, #2170, #2172, #2230, #2231, #2232 and #2233); ECDSA (Certs. #428, #429, #437, #459 and #460); HMAC (Certs. #1541, #1542, #1568, #1589, #1591, #1593, #1648, #1649, #1650 and #1651); DRBG (Certs. #353, #354, #355, #356, #357, #380, #423, #424, #425 and #426); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2019 | Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom Laura Loredo TEL: 44 117 3162462 CST Lab: NVLAP 100432-0 | HP LTO-6 Tape Drive (Hardware Versions: AQ278A #912 [1], AQ278B #901 [2], AQ278C #704 [3], AQ288D #103 [4], AQ298C #103 [5], and AQ298A #900 [6]; Firmware Versions: J2AW [1], J2AZ [2], J2AS [3], 32AW [4], 22CW [5], and 22CZ [6]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2013 | 11/6/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption." |
| 2016 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 | 11/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA OS X 10.9 running on Mac mini with i5 CPU without PAA OS X 10.9 running on iMac with i7 CPU with PAA OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1532 and #1533); AES (Certs. #2511, #2512, #2513, #2514, #2515, #2516, #2517 and #2518); SHS (Certs. #2124, #2125, #2126, #2127, #2128 and #2129); ECDSA (Certs. #430 and #431); HMAC (Certs. #1546, #1547, #1548, #1549, #1550 and #1551); DRBG (Certs. #358, #359, #360, #361, #362 and #363); PBKDF (vendor affirmed) -Other algorithms: RSA (non-compliant); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2015 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v4.0 (Software Version: 4.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/07/2013 | 11/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA OS X 10.9 running on Mac mini with i5 CPU without PAA OS X 10.9 running on iMac with i7 CPU with PAA OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1534, #1535, #1536 and #1537); AES (Certs. #2519, #2520, #2521, #2523, #2524, #2027, #2528, #2529, #2530, #2531, #2532, #2533, #2534, #2535, #2536, #2537, #2538, #2539, #2540 and #2541); RSA (Certs. #1293, #1294, #1295 and #1296); SHS (Certs. #2130, #2131, #2132, #2133, #2134, #2135, #2136, #2137, #2138, #2139, #2140 and #2141); ECDSA (Certs. #432, #433, #434 and #435); HMAC (Certs. #1552, #1553, #1554, #1555, #1556, #1557, #1558, #1559, #1560, #1561, #1562 and #1563); DRBG (Certs. #364, #365, #366, #367, #368, #369, #370, #371, #372, #373, #374 and #375); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); RSA (non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 2012 | Pulse Secure, LLC. 2700 Zanker Road, Suite 200 San Jose, CA 95134 USA Yvonne Sang TEL: 408-372-9600 CST Lab: NVLAP 100432-0 | Pulse Secure Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2013 12/11/2013 02/13/2015 01/19/2016 | 1/18/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with IVE OS 1.1 (32-bit) running on a Juniper MAG4610 IVE OS 1.1 (32-bit) on Vmware ESX running on an HP ProLiant BL2x220c G6 Blade Server IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server without PAA IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server with PAA Microsoft Windows 7 (32-bit) running on a Dell Poweredge 860 without PAA Microsoft Windows 7 (32-bit) running on an Acer Aspire with PAA Microsoft Windows 7 (64-bit) running on a Dell Poweredge 850 without PAA Microsoft Windows 7 (64-bit) running on an Acer Aspire with PAA OS X 10.8 (64-bit) running on a Macbook Pro without PAA OS X 10.8 (64-bit) running on a Macbook Pro with PAA (single-user mode) -FIPS Approved algorithms: DRBG (Certs. #157 and #383); Triple-DES (Certs. #1223 and #1545); AES (Certs. #1884 and #2553); SHS (Certs. #1655 and #2153); HMAC (Certs. #1126 and #1573); RSA (Certs. #960 and #1306); DSA (Certs. #589 and #780); ECDSA (Certs. #270 and #438); CVL (Certs. #12 and #91) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant) Multi-chip standalone "Pulse Secure’s portfolio delivers secure, remote and local network access. It includes the Pulse client, Connect Secure (SSL‐VPN), and Policy Secure (NAC) ‐ available on the MAG Series Gateways or as virtual appliances. These products grants authorized users granular, policydriven secure, remote and LAN‐based network access based on their role, identity, device and location. They supports broad coverage across mobile and non‐mobile devices, with built‐in device integrity checks to further enable secure BYOD initiatives." |
| 2009 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q Communication Server Cryptographic Module (Software Version: 3.0.27) (When operated in FIPS mode with Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2013 | 11/4/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 with SP2 running on a Lenovo Thinkpad T410 (single-user mode) -FIPS Approved algorithms: AES (Cert. #739); DRBG (vendor affirmed); HMAC (Cert. #408); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Communication Server Cryptographic Module (CSCM) is a software solution that provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System." |
| 2006 | Bull SAS Rue Jean Jaurès B.P.68 Les Clayes sous Bois 78340 France Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87 CST Lab: NVLAP 200928-0 | CHR Cryptographic Module (Hardware Version: 005/A; Firmware Version: V1.04-00L) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2013 | 10/24/2018 | Overall Level: 3 -Physical Security: Level 3 + EFP/EFT -FIPS Approved algorithms: RSA (Cert. #1107); SHS (Cert. #1872) -Other algorithms: N/A Multi-chip standalone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR." |
| 2004 | Covia Labs, Inc. 465 Fairchild Dr Ste 130 Mountain View, CA 94043 USA David Kahn TEL: 650-351-6444 x110 FAX: 650-564-9740 Dan Illowsky TEL: 650-351-6444 x111 FAX: 650-564-9740 CST Lab: NVLAP 100432-0 | Covia Connector Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2013 | 9/29/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5.8 running on an Acer AX1430-UR12P (single-user mode) -FIPS Approved algorithms: AES (Cert. #1896); ECDSA (Cert. #265); DRBG (Cert. #158); SHS (Cert. #1665); HMAC (Cert. #1136); KAS (Cert. #30) -Other algorithms: AES (Cert. #1896, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KBKDF (non-compliant) Multi-chip standalone "The Covia Connector Cryptographic Module provides cryptographic services for the Covia Connector. These services include but are not limited to pseudo-random number generation, symmetric and asymmetic key generation, data encryption and decryption, key wrapping, and key unwrapping." |
| 2002 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 6503-E, Catalyst C6504-E, Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G, WS-X6908-10G-2TXL, WS-X6904-40G-2T and WS-X6904-40G-2TXL) (Hardware Versions: (6503-E -H0, 6504-E -G0, 6506-E -M0, 6509-E -N0 and 6513-E -S0; Supervisor Cards VS-S2T-10G -B0 and VS-S2T-10G-XL -C0; Line Cards WS-X6904-40G-2T -A0, WS-X6904-40G-2TXL -A0, WS-X6908-10G -A0 and WS-X6908-10G-2TXL-B0; Slot Cover SPA-BLANK -G0) with FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.1(1)SY1) (When operated in FIPS mode with the tamper evident labels and security devices installed on the initially built configurations as indicated in Table 1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/19/2013 11/01/2013 | 10/31/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1426, #1427, #1589 and #2252); DRBG (Cert. #274); HMAC (Cert. #1380); RSA (Cert. #1155); SHS (Cert. #1940); Triple-DES (Cert. #1409) -Other algorithms: AES (Cert. #2252, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements." |
| 1997 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA Malcom Levy TEL: +972-37534561 FAX: 732-416-1370 CST Lab: NVLAP 200427-0 | Check Point CryptoCore (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 | 9/12/2018 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Check Point Pre-boot environment (16-bit) running on a Dell Latitude E6500 without PAA Check Point Pre-boot environment (16-bit) running on a Apple MacBook Pro with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2181); Triple-DES (Cert. #1381); Triple-DES MAC (Triple-DES Cert. #1381, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries." |
| 1994 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Alex Hennekam TEL: +61 7-5552-4045 FAX: +61 7 5571 0420 Peter Waltenburg TEL: +61 - 5552-4016 FAX: +61 7 5571 0420 CST Lab: NVLAP 200658-0 | IBM® Crypto for C (Software Version: 8.2.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 | 8/26/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA Microsoft Windows Server 2008® 32-bit running on an IBM 8835 52X AMD Opteron 246 AIX® 6.1 64-bit running on an IBM RS6000 7037-A50 PowerPC 5 64 Solaris® 10 64-bit running on an SunFire T1000 UltraSPARC T1 Red Hat Linux Enterprise Server 5 32-bit running on an IBM 8835 52X AMD Opteron 246 Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA Red Hat Linux Enterprise Server 5 64-bit running on an IBM System p5 185 7037-A50 IBM PowerPC 970 Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 with CPACF Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 without CPACF (single user mode) -FIPS Approved algorithms: AES (Certs. #2155, #2156, #2157, #2158, #2159, #2160, #2161, #2162, #2163, #2164, #2165, #2166, #2167, #2169, #2170, #2171, #2172, #2179, #2213, #2214, #2421, #2422, #2423, #2424, #2425, #2426, #2427, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440, #2441 and #2443); Triple-DES (Certs. #1365, #1366, #1367, #1368, #1369, #1370, #1371, #1372, #1373, #1374, #1375, #1376, #1377 and #1379); DSA (Certs. #670, #671, #672, #673, #674, #675, #676, #677, #678, #679, #680, #681, #682, #683, #756 and #757); RSA (Certs. #1109, #1110, #1111, #1112, #1113, #1114, #1115, #1116, #1117, #1118, #1119, #1120, #1121, #1123, #1253 and #1254); ECDSA (Certs. #325, #326, #327, #328, #329, #330, #331, #332, #333, #334, #335, #336, #337, #338, #398 and #399); SHS (Certs. #1874, #1875, #1876, #1877, #1878, #1879, #1880, #1881, #1882, #1883, #1884, #1885, #1886, #1889, #1904 and #1905); DRBG (Certs. #240, #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #326, #327, #328, #329, #330 and #331); HMAC (Certs. #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330, #1331, #1333, #1506 and #1507) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2; KBKDF (non-compliant) Multi-chip standalone "The IBM Crypto for C v8.2.2.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group." |
| 1993 | IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009 CST Lab: NVLAP 200427-0 | IBM® Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.71) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 05/29/2015 03/15/2016 | 3/14/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with IBM AIX 7.1 on IBM JVM 1.6 running on IBM 9117-570, Windows 7 32-bit on IBM JVM 1.6 running on Dell Optiplex 755, Solaris 11.0 on IBM JVM 1.6 running on Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2107); DRBG (Cert. #228); DSA (Cert. #657); ECDSA (Cert. #314); HMAC (Cert. #1281); RSA (Cert. #1081); SHS (Cert. #1830); Triple-DES (Cert. #1342) -Other algorithms: AES (non-compliant); Auth HMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSAforSSL (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSAforSSL (non-compliant); Triple-DES (non-compliant); RNG Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher." |
| 1992 | TecSec Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA Roger Butler TEL: 571-331-6130 FAX: 571-299-4101 Ron Parsons TEL: 571-299-4127 FAX: 571-299-4101 CST Lab: NVLAP 100432-0 | TecSec Armored Card - Contact Cryptographic Module (Hardware Version: P/N Inside Secure AT90SC320288RCT Revision E; Firmware Versions: P/Ns Athena IDProtect Version 0108.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000) (When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity) PIV Certificate #35 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/19/2013 02/06/2014 | 2/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1654 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1087); 02/06/14: (Certs. #218 and #222) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant) Single-chip "The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Contact Chip Provides 368k eprom memory leveraging a common robust identity process and additionally providing a federation platform for multiple applications from multiple owners enforced by cryptographic separation." |
| 1991 | Stonesoft Corporation Itälahdenkatu 22A Helsinki FI-00210 Finland Klaus Majewski TEL: +358-40-824-7908 Jorma Levomäki TEL: +358-9-476711 CST Lab: NVLAP 200658-0 | Stonesoft Cryptographic Kernel Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/13/2013 | 8/12/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315 Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2238 and #2239); Triple-DES (Certs. #1399 and #1400); SHS (Certs. #1927 and #1928); HMAC (Certs. #1368 and #1369) -Other algorithms: N/A Multi-chip standalone "Provides general cryptographic services intended to protect data in transit and at rest." |
| 1989 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Kevin Michelizzi TEL: 425-707-1227 FAX: 425-936-7329 Chien-Her Chin TEL: 425-706-5116 FAX: 425-936-7329 CST Lab: NVLAP 200427-0 | Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) (Software Version: 7.00.1687) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/13/2013 | 8/12/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII_FP) CPU Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII) CPU Windows Embedded Compact 7 running on a TI OMAP TMDSEVM3530 with Texas Instruments EVM3530 CPU Windows Embedded Compact 7 running on a Samsung SMDK6410 Development Kit with Samsung SMDK6410 CPU Windows Embedded Compact 7 running on a Freescale i.MX27 Development Kit with Freescale i.MX27 CPU Windows Embedded Compact 7 running on an eBox-330-A with MSTI PDX-600 CPU (single-user mode) -FIPS Approved algorithms: AES (Cert. #2023); DRBG (Cert. #193); DSA (Cert. #645); ECDSA (Cert. #295); HMAC (Cert. #1364); RSA (Cert. #1051); SHS (Cert. #1773); Triple-DES (Cert. #1307) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Dual-EC DRBG (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RSA key transport (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (version 7.00.1687), subject to FIPS-140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 components and applications running on Windows Embedded Compact 7." |
| 1988 | Senetas Corporation Ltd. and SafeNet Inc. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 3 9868 4555 FAX: +61 3 9821 4899 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200996-0 | CN6000 Series Encryptors (Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/13/2013 09/16/2013 02/20/2014 | 2/19/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2258, #2259, #2264 and #2265); Triple-DES (Cert. #1412); RSA (Cert. #1157); SHS (Cert. #1945); HMAC (Cert. #1385); DRBG (Cert. #276) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN6000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet and Fibre Channel networks. The CN6040 is protocol selectable operating at line rates up to 4Gb/s. Configured in Ethernet mode the CN6040 supports optical and twisted-pair link rates of 10Mb/s, 100Mb/s & 1Gb/s whilst in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. The CN6100 is an Ethernet model that operates at a line rate of 10Gb/s.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such." |
| 1987 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q Portal Gateway (Hardware Version: 12562C; Firmware Version: 3.017.156) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/13/2013 | 8/12/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1802); Triple-DES (Cert. #1356); SHS (Certs. #1583 and #1845); RSA (Cert. #1096) -Other algorithms: AES (Cert. #1802, key wrapping); Triple-DES (Cert. #1356, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Stanley Wi-Q Portal Gateway Cryptographic Module is a wireless gateway device that communicates via wired network to the Stanley Wi-Q Communications Server and communicates via proprietary 802.15.4 protocol to wireless Stanley Wi-Q Controller modules. The Stanley Wi-Q Portal Gateway provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System." |
| 1986 | TecSec Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA Roger Butler TEL: 571-331-6130 Ron Parsons TEL: 571-299-4127 FAX: 571-299-4101 CST Lab: NVLAP 100432-0 | TecSec Armored Card - Contactless Cryptographic Module (Hardware Version: P/N Inside Secure AT90SC28880RCFV Revision G; Firmware Versions: P/Ns Athena IDProtect Duo Version 010E.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000) (When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity) PIV Certificate #35 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/09/2013 02/06/2014 | 2/5/2019 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1655 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1088); CVL (Certs. #218 and #222) -Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant) Single-chip "The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Chip provides the contactless functionality leveraging a common robust identity process in support of the federation platform capabilities of the overall card." |
| 1984 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 100432-0 | eToken (Hardware Version: Inside Secure AT90SC25672RCT-USB; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9) (No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2013 01/10/2017 | 1/9/2022 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources." |
| 1981 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender 2000™ Cryptographic Module (Hardware Versions: P/Ns KVD-SMCF-32G, KVD-SMCF-16G, KDF2000-32G, KDF2000-64G, KDF2000-128G, KDF2000-16G, KDF2000-8G, KDF2000-4G, KDF2000-S16G, KDF2000-S2G, KDF2000-S4G and KDF2000-S8G, Version 1.0; Firmware Version: 2.03.10) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/17/2013 | 7/16/2018 | Overall Level: 3 -FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 2000 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device." |
| 1980 | Cocoon Data Holdings Limited Level 4 152-156 Clarence St Sydney, NSW 2000 Australia Simon Wild TEL: +61 2 8412 8200 FAX: +61 2 8412 8202 Jim Ivers TEL: +1 703 657 5260 FAX: +1 703 657 5285 CST Lab: NVLAP 200900-0 | Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 (Software Version: 1.8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/17/2013 08/07/2013 | 8/6/2018 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 32-bit with MSVC2010 redistributable running on Dell Vostro 1520 Microsoft Windows XP 32-bit with SP and MSVC2010 redistributable running on Dell Vostro 1520 Microsoft Windows 7 64-bit with MSVC2010 redistributable running on Dell Vostro 3500 Microsoft Windows 7 32-bit with MSVC2012 redistributable running on Dell Vostro 1520 Microsoft Windows XP 32-bit with SP3 and MSVC2012 redistributable running on Dell Vostro 1520 Microsoft Windows 7 64-bit with MSVC2012 redistributable running on Dell Vostro 3500 Ubuntu 12.04 LTS 64-bit running on Dell PowerEdge 1950 Ubuntu 12.04 LTS 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel core i7 Ubuntu 12.04 LTS 32-bit running on Dell PowerEdge 1950 Ubuntu 12.04 LTS 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Redhat Enterprise Linux Server 6.3 64-bit running on Dell PowerEdge 1950 Redhat Enterprise Linux Server 6.3 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Redhat Enterprise Linux Server 6.3 32-bit running on Dell PowerEdge 1950 Redhat Enterprise Linux Server 6.3 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7 Mac OSX 10.8 running on Macbook Pro Intel Core i7 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2192); Triple-DES (Cert. #1385); SHS (Cert. #1900); HMAC (Cert. #1344); DRBG (Cert. #257) -Other algorithms: N/A Multi-chip standalone "The Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 has been implemented as part of the Cocoon Data Secure Objects solution, an encryption-based access control system for protecting the confidentiality and integrity of electronic files. Coccon Data Holdings Limited is the parent company of all Covata entities." |
| 1979 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Provider-1 (Firmware Version: R71 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x -FIPS Approved algorithms: AES (Cert. #1836); Triple-DES (Certs. #1188 and #1189); DRBG (Cert. #146); RSA (Cert. #925); HMAC (Certs. #1089 and #1090); SHS (Certs. #1615 and #1616) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1188, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1836, key wrapping) Multi-chip standalone "Check Point Provider 1 technology provides virtualized security management, segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management." |
| 1978 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Security Management (Firmware Version: R71 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x -FIPS Approved algorithms: AES (Cert. #1835); Triple-DES (Certs. #1186 and #1187); DRBG (Cert. #145); RSA (Cert. #924); HMAC (Certs. #1087 and #1088); SHS (Certs. #1613 and #1614) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1186, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1835, key wrapping) Multi-chip standalone "Check Point Security Management technology provides security management. Businesses of all sizes can easily create domains based on geography, business unit or security function to strengthen security and simplify management." |
| 1977 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | Security Gateway (Firmware Version: R70.1 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Power-1 9070 with Check Point SecurePlatform Operating System Version R70.1 -FIPS Approved algorithms: AES (Cert. #2037); Triple-DES (Certs. #1313 and #1314); DRBG (Cert. #199); RSA (Cert. #1057); HMAC (Certs. #1235 and #1236); SHS (Certs. #1782 and #1783) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1313, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Check Point VPN-1 Security Gateway allows enterprises and managed service providers to provide firewall, VPN, and intrusion prevention functionality on a single hardware platform." |
| 1976 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Abrose TEL: +972 37534561 Malcolm Levy TEL: +972 37534561 CST Lab: NVLAP 200002-0 | VSX (Firmware Version: R67.10 with R7x hotfix) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Check Point Power-1 9070 with Check Point SecurePlatform Operating System Version NGX R67 -FIPS Approved algorithms: AES (Cert. #1837); Triple-DES (Certs. #1190 and #1191); DRBG (Cert. #147); RSA (Cert. #926); HMAC (Certs. #1091 and #1092); SHS (Certs. #1617 and #1618) -Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1191, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Check Point VPN-1 Power VSX is a virtualized security gateway that allows virtualized enterprises and managed service providers to create up to 250 virtual systems (firewall, VPN, and intrusion prevention functionality within a virtual network environment) on a single, highly scalable hardware platform." |
| 1975 | Accellion, Inc. 1804 Embarcadero Road Suite 200 Palo Alto, CA 94303 USA Prateek Jain TEL: +65-6244-5670 FAX: +65-6244-5678 CST Lab: NVLAP 100432-0 | Accellion Cryptographic Module (Software Version: FTALIB_2_0_1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/17/2013 | 7/16/2018 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2316, #2317 and #2318); CVL (Cert. #55); HMAC (Certs. #1436 and #1457); RSA (Cert. #1214); SHS (Certs. #2003 and #2004); Triple-DES (Cert. #1460) -Other algorithms: AES (Cert. #2316, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1460, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use." |
| 1974 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/29/2013 | 7/28/2018 | Overall Level: 2 Single-chip |
| 1972 | Chunghwa Telecom Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China Yu-Ling Cheng TEL: 886 3 424-5883 FAX: 886 3 424-4167 Ming-Hsin Chang TEL: 886-3-4245885 FAX: 886 3 424-4167 CST Lab: NVLAP 200928-0 | HiPKI SafGuard 1200 HSM (Hardware Version: HSM-HW-20; Firmware Version: HSM-SW-20) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/05/2013 | 7/4/2018 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1296); Triple-DES MAC (Triple-DES Cert. #1296, vendor affirmed); AES (Cert. #2010); SHS (Cert. #1760); ECDSA (Cert. #290); RSA (Certs. #1039 and #1043); DRBG (Cert. #187); HMAC (Cert. #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "HiPKI SafGuard 1200 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed accelerator for 1024-4096 bit RSA and ECDSA signatures, and hashing). The HiPKI SafGuard 1200 HSM provides secure identity-based authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption." |
| 1971 | 3e Technologies International, Inc. 9715 Key West Ave Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989 Chris Guo TEL: 301-944-1294 FAX: 301-670-6989 CST Lab: NVLAP 200427-0 | 3e-520 Secure Access Point Cryptographic Module (Hardware Version: 1.0; Firmware Version: 5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/03/2013 02/26/2016 | 2/25/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); CVL (Cert. #22); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); RSA (Cert. #1072); SHS (Certs. #1801 and #1807) -Other algorithms: AES (non-compliant); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data." |
| 1970 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 (0) 20 8537-3435 FAX: +44 (0) 20 8537-3438 CST Lab: NVLAP 200802-0 | iStorage FIPS Module 140-2 (Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/02/2013 09/30/2015 06/06/2017 | 9/29/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-chip embedded "The iStorage FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software." |
| 1969 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA TEL: 888-744-4976 CST Lab: NVLAP 100432-0 | Authentication Token (Hardware Version: Inside Secure AT90SC28872RCU Revision G; Firmware Version: Athena IDProtect 010B.0333.0004 with Authentication Token Applet 1.0) (No assurance of Secure Channel Protocol (SCP) message integrity) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 | 6/25/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); DRBG (Cert. #98); SHS (Cert. #1465); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); AES (Cert. #1654, key wrapping; key establishment methodology provides 256 bits of encryption strength) Single-chip "Authentication Token is a Cryptographic Module containing Thales' authenticated Java applets. Authentication Token is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. Authentication Token supports FIPS-Approved: DRBG; SHA-1 and all SHA-2; TDES; AES; ECDSA and ECC CDC; and, RSA and ECC key generation. Authentication Token is designed to provide users of Thales' hardware security modules with high-performance smart card capabilities in support of their government and enterprise applications." |
| 1968 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0 | Postal mRevenector CA 2012 (Hardware Version: 580036020300/01; Firmware Versions: 90.0036.0201.00/2011485001 (Bootloader), 90.0036.0206.00/2011485001 (Software-Loader) and 90.0036.0211.00/2013032001 (CA Application)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 | 6/25/2018 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #185); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Francotyp-Postalia Postal mRevenector CA 2012 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector CA 2012 has been designed in compliance with the Canadian Postal Specification." |
| 1967 | Telephonics Sweden AB Vattenkraftsvagen 8 Stockholm SE-135 70 Sweden Ingi Bjornsson TEL: +46 8 7980933 FAX: +46 8 7988433 Magnus Eriksson TEL: +46 8 7980902 FAX: +46 8 7988433 CST Lab: NVLAP 100432-0 | TruLink Control Logic Module CL6882-M1 (Hardware Version: P/N 010.6882-01 Rev. B2; Firmware Versions: Boot: SW7158 v2.4 and Application: SW7151 v2.11.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/26/2013 07/26/2013 | 7/25/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #2114); HMAC (Cert. #1286); SHS (Cert. #1838) -Other algorithms: N/A Multi-chip embedded "TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio." |
| 1966 | Gemalto Avenue du Jujubier, Z.I Athelia IV La Ciotat 13705 France Arnaud Lotigier TEL: +33 4.42.36.60.74 FAX: +33 4.42.36.55.45 CST Lab: NVLAP 100432-0 | IDCore 30 (Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore 30 Build 1.17, Demonstration Applet version V1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2013 07/05/2013 08/08/2016 | 8/7/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: EC Diffie-Hellman (SP 800-56A; non-compliant); PRNG Single-chip "The IDCore 30 is a part of Gemalto's IDCore family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. IDCore 30 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1 / 2.2 Amdt D specifications. IDCore 30 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control." |
| 1965 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Mike McCandless TEL: 858-513-4481 FAX: 858-513-4413 CST Lab: NVLAP 200802-0 | Apricorn FIPS Module 140-2 (Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/14/2013 04/16/2014 06/27/2014 10/20/2015 | 10/19/2020 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911) -Other algorithms: NDRNG Multi-Chip Embedded "The Apricorn FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software. The Apricorn FIPS 140-2 Module is used in the Aegis Fortress, Padlock DT FIPS, and the Padlock SSD families." |
| 1964 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/14/2013 | 6/13/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA OS X 10.8 running on Mac mini with i5 CPU without PAA OS X 10.8 running on iMac with i7 CPU with PAA OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1339 and #1340); AES (Certs. #2088, #2089, #2090, #2091, #2092, #2093, #2094, #2095, #2103 and #2104); RSA (Certs. #1078 and #1079); SHS (Certs. #1816, #1817, #1818, #1819, #1827 and #1828); ECDSA (Certs. #312 and #313); HMAC (Certs. #1267, #1268, #1269, #1270, #1278 and #1279); DRBG (Certs. #217, #218, #219, #220, #226 and #227); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1963 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Module, v3.0 (Hardware Versions: A4 and A5; Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 06/14/2013 | 6/13/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 6.0 running on an iPhone4 iOS 6.0 running on an iPhone4S iOS 6.0 running on an iPad (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1336 and #1338); AES (Certs. #2072, #2073, #2074, #2075, #2076, #2077, #2100 and #2102); RSA (Certs. #1076 and #1077); SHS (Certs. #1805, #1806, #1824 and #1826); ECDSA (Certs. #309 and #311); HMAC (Certs. #1257, #1258, #1275 and #1277); DRBG (Certs. #209, #210, #223 and #225); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1962 | ACES H. No. 156, St 5, F11-1 Islamabad, Islamabad 44000 Pakistan Dr Mehreen Afzal TEL: +923009878534 FAX: +92512224453 Dr. Mureed Hussain TEL: +923238556816 FAX: +92512224453 CST Lab: NVLAP 200856-0 | Tahir Pak Crypto Library (Software Version: 2.1.1) (When installed, initialized and configured as specified in the Security Policy Section 6.1. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/14/2013 | 6/13/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 2 with Red Hat Enterprise Linux 5.3 running on DELL PowerEdge T110 II 11th -FIPS Approved algorithms: AES (Cert. #2341); DRBG (Cert. #291); DSA (Cert. #733); SHS (Cert. #2018); HMAC (Cert. #1450) -Other algorithms: N/A Multi-chip standalone "TPCL (Tahir Pak Crypto Library) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)." |
| 1961 | Telephonics Sweden AB Vattenkraftsvagen 8 Stockholm SE-135 70 Sweden Ingi Bjornsson TEL: +46 8 7980933 FAX: +46 8 7988433 Magnus Eriksson TEL: +46 8 7980902 FAX: +46 8 7988433 CST Lab: NVLAP 100432-0 | TruLink Control Logic Module CL6792-M1 (Hardware Version: P/N 010.6792-01 Rev. H3; Firmware Versions: Boot: SW7098 v2.5 and Application: SW7099 v9.13.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2013 07/26/2013 | 7/25/2018 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #2113); HMAC (Cert. #1285); SHS (Cert. #1837) -Other algorithms: N/A Multi-chip embedded "TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio." |
| 1958 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/11/2013 08/07/2015 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 1957 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200556-0 | Luna® G5 Cryptographic Module (Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/11/2013 08/07/2015 01/12/2016 01/14/2016 01/22/2016 05/12/2016 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface." |
| 1956 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple OS X CoreCrypto Kernel Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/07/2013 | 6/6/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA OS X 10.8 running on Mac mini with i5 CPU without PAA OS X 10.8 running on iMac with i7 CPU with PAA OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1331 and #1332); AES (Certs. #2080, #2081, #2082, #2083, #2084, #2085, #2086 and #2087); SHS (Certs. #1810, #1811, #1812, #1813, #1814 and #1815); ECDSA (Certs. #305 and #306); HMAC (Certs. #1261, #1262, #1263, #1264, #1265 and #1266); DRBG (Certs. #211, #212, #213, #214, #215 and #216); PBKDF (vendor affirmed) -Other algorithms: ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1955 | Kony, Inc. 7380 West Sand Lake Road #390 Orlando, FL 32819 USA Matthew Terry TEL: 407-730-5669 FAX: 407-404-3738 CST Lab: NVLAP 100432-0 | Kony Cryptographic Library (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/03/2013 08/23/2013 09/16/2013 05/16/2016 | 5/15/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 running on HTC Desire without NEON Android 2.2 running on HTC Desire with NEON Android 3.0 running on Nook BNRV200 without NEON Android 3.0 running on Nook BNRV200 with NEON Android 4.0 running on Beagleboard-XM without NEON Android 4.0 running on Beagleboard-XM with NEON Apple iOS 5.0 running on iPhone 4 without NEON Apple iOS 5.0 running on iPhone 4 with NEON Apple iOS 6.0 running on iPhone 4 without NEON Apple iOS 6.0 running on iPhone 4 with NEON (single user mode) -FIPS Approved algorithms: AES (Cert. #2338); DRBG (Cert. #290); DSA (Cert. #732); HMAC (Cert. #1448); RSA (Cert. #1204); SHS (Cert. #2016); Triple-DES (Cert. #1464); ECDSA (Cert. #382); CVL (Cert. #51) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Kony Cryptographic Library is a full featured cryptographic module used in Kony mobile and multi-channel application platforms and the KonyOne™ Platform." |
| 1952 | 3S Group Incorporated 125 Church Street, N.E., Suite 204 Vienna, VA 22180 USA Satpal Sahni TEL: 703-281-5015 FAX: 703-281-7816 CST Lab: NVLAP 200002-0 | 3S Group Cryptographic Module (3SGX) (Hardware Version: 1.0; Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/23/2013 | 5/22/2018 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1315); AES (Cert. #2038); DSA (Cert. #646); RSA (Cert. #1058); SHS (Cert. #1784); DRBG (Cert. #200); ECDSA (Cert. #297); HMAC (Cert. #1237); Skipjack (Cert. #19); KAS (Cert. #35); KTS (vendor affirmed); CVL (Cert. #25) -Other algorithms: Diffie-Hellman (key agreement); Diffie-Hellman (CVL Cert. #25; key agreement); EC Diffie-Hellman (CVL Cert. #25; key agreement); KEA; RSA (key wrapping); AES (Cert. #2038, key wrapping); Triple-DES (Cert. #1315, key wrapping) Multi-chip embedded "3SGX is a high performance embedded PCIe cryptographic module that provides complete cryptographic support to hundreds of concurrent users and/or applications. Each user/application is authenticated twice before accessing its own symmetric and asymmetric keys and certificates. All cryptographic and key management operations are performed within the Hardware Security Module (HSM). 3SGX HSM is the core of 3S Group's hardware security appliances. Available in a range of models and configurations and high-level APIs, it is ideal for enterprise key management, virtualization and cloud server soluti" |
| 1949 | Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA Michael Vickers FAX: 434-455-6851 CST Lab: NVLAP 200996-0 | Harris AES Software Load Module (Software Version: R04A01) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/16/2013 | 5/15/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 running on a Texas Instruments TMS320C55x (single-user mode) -FIPS Approved algorithms: AES (Certs. #1482 and #2320) -Other algorithms: AES (Cert. #1482, key wrapping) Multi-chip standalone "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals." |
| 1947 | TrellisWare Technologies Inc. 16516 Via Esprillo Suite 300 San Diego, CA 92127 USA Jeffery Thomas TEL: 858-753-1617 FAX: 858-753-1641 James Morse TEL: 858-753-1646 FAX: 858-753-1640 CST Lab: NVLAP 100432-0 | TW-230 (CheetahNet II) (Hardware Version: ASY0560001 rev X2; Firmware Version: 4c-beta2-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/16/2013 | 5/15/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734) -Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant) Multi-chip standalone "The TW-230 combines the high data rate capability of TrellisWare's Tactical Scalable MANET-Enhanced (TSM-E) waveform with narrowband VHF/UHF AM/FM voice. TW-230 provides a robust highly scalable self-forming, self-healing wideband networked waveform transparent to the operator. The TW-230 supports multi-channel push to talk (PTT) voice, IP data, position location information (PLI) tracking, and remote operation of live streaming video. The TW-230 can also be operated in plaintext narrowband voice modes that allow it to interoperate with most other standard AM/FM PTT radios." |
| 1946 | TrellisWare Technologies Inc. 16516 Via Esprillo Suite 300 San Diego, CA 92127 USA Jeffery Thomas TEL: 858-753-1617 FAX: 858-753-1641 James Morse TEL: 858-753-1646 FAX: 858-753-1640 CST Lab: NVLAP 100432-0 | TW-400 (CUB) (Hardware Version: ASY0540250 rev X1; Firmware Version: 4c-beta2-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/14/2013 | 5/13/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734) -Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant) Multi-chip standalone "The TW-400 is a small form factor software defined radio that employs an enhanced version of TrellisWare's Tactical Scalable MANET waveform (TSM-E) and is capable of robust operation at high data rate modes. The TW-400 supports multi-channel push to talk (PTT) voice, IP data, network level position location information (PLI) tracking, sleep functions for long term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions." |
| 1945 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/10/2013 | 5/9/2018 | Overall Level: 1 Single-chip |
| 1944 | Apple Inc. 1 Infinite Loop Cupertino, CA 95041 USA Shawn Geddis CST Lab: NVLAP 200658-0 | Apple iOS CoreCrypto Kernel Module, v3.0 (Software Version: 3.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2013 | 5/2/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with iOS 6.0 running on an iPhone4 iOS 6.0 running on an iPhone4S iOS 6.0 running on an iPad (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1335 and #1337); AES (Certs. #2070, #2071, #2099 and #2101); SHS (Certs. #1803, #1804, #1823 and #1825); ECDSA (Certs. #308 and #310); HMAC (Certs. #1255, #1256, #1274 and #1276); DRBG (Certs. #222 and #224); PBKDF (vendor affirmed) -Other algorithms: ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant) Multi-chip standalone "The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest." |
| 1940 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | IOS Common Cryptographic Module (IC2M) (Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2)) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 04/30/2013 | 4/29/2018 | Overall Level: 1 -Tested: Cisco Catalyst 2960 with IOS 15.0SE Cisco 3925 ISR with IOS 15.2 Cisco 2811 ISR with IOS 15.2 -FIPS Approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360) -Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols." |
| 1939 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886 3 424 4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiCOS PKI Native Smart Card (Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2013 | 4/29/2018 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155) -Other algorithms: N/A Single-chip "The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate." |
| 1938 | SafeLogic Inc. 459 Hamilton Ave Suite 306 Palo Alto, CA 94301 USA SafeLogic Inside Sales CST Lab: NVLAP 200556-0 | CryptoComply™ | Mobile (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/30/2013 11/08/2013 04/23/2014 01/25/2016 02/10/2016 | 2/9/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation." |
| 1937 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0 | Symantec App Center Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/30/2013 02/11/2016 | 2/10/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG Multi-chip standalone "The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices." |
| 1935 | Cisco Systems, Inc. 170 West Tasman Drive, San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5915 Embedded Services Routers (Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/18/2013 | 4/17/2018 | Overall Level: 1 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310) -Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks." |
| 1931 | INSIDE Secure Eerikinkatu 28 Helsinki 00180 Finland Serge Haumont TEL: +358 40 5808548 Marko Nippula TEL: +358 40 762 9394 CST Lab: NVLAP 200427-0 | SafeZone FIPS Cryptographic Module (Software Versions: 1.0.3 and 1.0.3A) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/08/2013 05/20/2014 | 5/19/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard Android 2.3 running on a Pandaboard Android 4.0 running on a Pandaboard Android 4.4 running on a Samsung Galaxy Note 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2041 and #2837); CVL (Certs. #21 and #261); CVL (SP 800-135rev1, vendor affirmed); DRBG (Certs. #203 and #493); DSA (Certs. #648 and #854); ECDSA (Certs. #299 and #497); HMAC (Certs. #1240 and #1778); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #1061 and #1479); SHS (Certs. #1787 and #2378); Triple-DES (Certs. #1318 and #1697) -Other algorithms: AES (Certs. #2041 and #2837, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices." |
| 1927 | Feitian Technologies Co., Ltd. Floor 17th, Tower B, Huizhi Mansion No.9 Xueqing Road Haidan District Beijing 100085 People's Republic of China Tibi Zhang TEL: 86-010-62304466 x821 FAX: 86-010-62304416 Xiaozhi Zheng TEL: 86-010-62304466 x531 FAX: 86-010-62304416 CST Lab: NVLAP 200427-0 | FEITIAN-FIPS-COS (Hardware Version: 1.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 | 4/7/2018 | Overall Level: 2 -Physical Security: Level 3 -FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991) -Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader." |
| 1926 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 12/13/2013 | 12/12/2018 | Overall Level: 1 Single-chip |
| 1922 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 650-265-3634 FAX: 650-265-5528 CST Lab: NVLAP 100432-0 | HP Enterprise Secure Key Manager (Hardware Versions: P/Ns AJ585A, Version 3.0 [1] and C8Z51AA, Version 3.1 [2]; Firmware Versions: 5.0.0 [1] and 5.1.0 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 05/16/2013 01/01/2014 01/25/2016 | 1/24/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328) -Other algorithms: DSA (Cert. #653; non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover." |
| 1921 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1920 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1919 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 2 -Physical Security: Level 3 Multi-chip standalone |
| 1918 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 7600 Series Routers with Supervisor RSP720 (Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3) (Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312) -Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers." |
| 1917 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Sunil Chitnis TEL: 408-333-2444 FAX: 408-333-4887 Bob Colvin TEL: 408-333-4839 FAX: 408-333-4887 CST Lab: NVLAP 200427-0 | Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers (Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR Management Module; Firmware Version: IronWare; Software Version: R05.1.01a) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 13 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/21/2013 | 5/20/2018 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1615); DRBG (Cert. #84); DSA (Cert. #503); HMAC (Cert. #947); RSA (Cert. #793); SHS (Cert. #1424); Triple-DES (Cert. #1056) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6." |
| 1916 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | 3/21/2018 | Overall Level: 1 Single-chip |
| 1906 | Biscom, Inc. 321 Billerica Road Chelmsford, MA 01824 USA Bill Ho TEL: 978-367-3544 FAX: 978-250-2565 Sharif Rahman TEL: 510-400-6325 FAX: 978-250-2565 CST Lab: NVLAP 200427-0 | Biscom Cryptographic Library (Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/12/2013 05/06/2016 05/12/2016 | 5/11/2021 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 with PAA Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #3897); DRBG (Cert. #1116); HMAC (Cert. #2530); SHS (Cert. #3212) Multi-Chip Stand Alone "The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application." |
| 1905 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module (Hardware Versions: ST900MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST600MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST450MM0036 [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20], ST1200MM0027 [21,22,23,24,25,26,27,28,29,30,31,32,33,34], ST4000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST3000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST2000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST1000NM0063 [35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52, 53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71], ST4000NM0073 [72,73,74], ST3000NM0073 [72,73,74], ST2000NM0073 [72,73,74], ST1000NM0073 [72,73,74], ST600MP0054 [75,76,77], ST450MP0054 [75,76,77], ST300MP0054 [75,76,77], ST600MP0084 [78,79,80], ST450MP0084 [78,79,80], ST300MP0084 [78,79,80], ST450MP0024 [81,82], ST300MP0024 [81,82], ST600MX0024 [83], ST450MX0024 [83], ST300MX0024 [83], ST600MX0054 [84], ST450MX0054 [84], ST300MX0054 [84]; Firmware Versions: A000[1,35], 0001[2,21], LSF5[3], LEF5[4], 0002[5,24,36], NA00F740[6], NA009A40[7,40], 0003[8,31,39], LE05[9], LF81[10], 3P00[11,43], LSF6[12], LE09[13], LEF6[14], 0004[15,47], NA01F741[16], NA019A41[17,51], LSF7[18], LEF7[19], 3P01[20,64], ISF2[22], IEF2[23], ISF3[25], IEF4[26], IEF5[27], ISF4[28], IEF6[29], IEF7[30], IEF8[32], ISF5[33], IEF9[34], GSF3[37], GEF3[38], GE06[41], GF81[42], GSF4[44], GEF4[45], GE09[46], GSF5[48], GEF5[49], GEF6[50], GSF6[52], GEF7[53], GSF7[54], GSF8[55], GEF8[56], 0006[57], GSF9[58], GEFA[59], GEOD[60], GF84[61], A005[62], NA02[63], GSFA[65], GEFB[66], GF85[67], GE0E[68], C007[69], GSFB[70], GEFC[71], F001[72], SF03[73], SF04[74], FE01[75], EF02[76,83], VEE1[77], FK01[78], KF02[79,84], VF12[80], FN01[81], NF02[82]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/12/2013 05/22/2013 05/31/2013 08/09/2013 11/08/2013 02/20/2014 04/03/2014 06/05/2014 09/26/2014 12/31/2014 05/08/2015 07/23/2015 12/22/2015 04/05/2016 05/24/2016 05/24/2016 05/24/2016 03/05/2017 06/22/2017 | 5/23/2021 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure® TCG Enterprise SSC FIPS 140 Module is embodied in Savvio®, Enterprise Performance®, Enterprise Turbo® and Constellation® model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instant user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1904 | General Dynamics Mission Systems 150 Rustcraft Road Dedham, MA 02026 USA Certification Director TEL: 770-689-2040 FAX: 781-455-5555 CST Lab: NVLAP 200427-0 | Fortress Mesh Points (Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 or ES820; Firmware Versions: 5.4.1, 5.4.3 or 5.4.4.1190) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 05/17/2013 06/14/2013 06/21/2016 | 6/20/2021 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: MD5; PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects." |
| 1903 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Loadable Kernel Module (Software Versions: 5.5f and 5.5.1f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/22/2013 03/28/2013 01/23/2014 02/20/2014 04/03/2014 11/25/2014 04/10/2015 10/15/2015 04/05/2016 | 4/4/2021 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Android 2.2 running on a LG Optimus 3D (LG-P920) Android 2.3 running on a LG G2X (LG-P999) Android 4.0 running on a Samsung Nexus-S (GT-I9023) Android 4.1 running on a LG Optimus (LG-P920) Ubuntu Linux 32 bit running on a Dell Dimension 9200 Ubuntu Linux 64 bit running on a Dell Dimension 9200 Android 4.3 running on Asus TF 700 Tablet Android 4.4 running on Nexus 7 Tablet Android Lollipop Linux 3.4 running on a Qualcomm Snapdragon MSM8974 development device Android Lollipop Linux 3.10 running on a Qualcomm Snapdragon MSM8992 development device (single-user mode) -FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); DRBG (Certs. #201 and #460); HMAC (Certs. #1238 and #1718); SHS (Certs. #1785 and #2313); Triple-DES (Certs. #1316 and #1650) -Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RNG; Dual EC DRBG Multi-Chip Stand Alone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1899 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and MicrosoftWindows Storage Server 2012 BitLocker® Dump Filter (DUMPFVE.SYS) (Software Version: 6.2.9200) (When installed, initialized and configured as specified in the Security Policy Section 2 with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198) -Other algorithms: N/A Multi-chip standalone "The BitLocker® Dump Filter (DUMPFVE.SYS) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1898 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Surface Windows 8 Pro, and Microsoft Windows Storage Server 2012 BitLocker® Windows Resume (WINRESUME) (Software Version: 6.2.9200) (When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1897 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Code Integrity (CI.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "Code Integrity (CI.DLL) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1896 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 BitLocker® Windows OS Loader (WINLOAD) (Software Version: 6.2.9200) (When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG Multi-chip standalone "The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files. Please note that AES (Cert. #2197) is only used in the entropy source for the module. This particular instance of AES is labeled as non-compliant because it does not perform a power-up self-test. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1895 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Boot Manager (Software Version: 6.2.9200) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903) -Other algorithms: MD5 Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1894 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced Cryptographic Provider (RSAENH.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/27/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386) -Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1893 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/13/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1892 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | 1/8/2020 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) -Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1889 | Stanley Security Solutions, Inc. 6161 E 75th Street PO Box 50444 Indianapolis, IN 46250 USA Mr. Robert Strong TEL: 317-806-3288 Mr. Thomas Schuster TEL: 317-806-3150 CST Lab: NVLAP 100414-0 | Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3] and WXC [4] Controllers (Hardware Version: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/13/2013 | 2/12/2018 | Overall Level: 1 -FIPS Approved algorithms: SHS (Cert. #1583); AES (Cert. #1802) -Other algorithms: N/A Multi-chip embedded "The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System." |
| 1887 | Cambium Networks, Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS, PTP600-10-05-FIPS, PTP600-10-07-FIPS, or PTP600-10-08-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 02/22/2013 06/14/2013 01/24/2017 | 1/23/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations." |
| 1885 | Curtiss-Wright Controls Defense Solutions 2600 Paramount Place, Suite 200 Fairborn, OH 45324 USA Paul Davis TEL: 937-610-5421 FAX: 937-252-1480 Matt Young TEL: 937-610-5457 FAX: 937-252-1480 CST Lab: NVLAP 200427-0 | 3U VPX-1TB FSM Flash Storage Module (Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/08/2013 05/16/2013 | 5/15/2018 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732) -Other algorithms: TRNG Multi-chip embedded "The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications." |
| 1884 | Totemo AG Freihofstrasse 22 Küsnacht CH-8700 Switzerland Marcel Mock TEL: +41 44 914 99 00 Daniel Raap TEL: +41 44 914 99 00 CST Lab: NVLAP 200928-0 | Totemo Cryptographic Module (TCM) (Software Version: 2.0) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/08/2013 | 2/7/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252) -Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites." |
| 1883 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 100432-0 | eToken 5100, 5105, 5200 and 5205 (Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 02/15/2013 09/12/2016 01/10/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources." |
| 1881 | WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0 | SecureDoc® Disk Encryption Cryptographic Engine for MacOS X (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/04/2013 07/11/2016 | 7/10/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode) -FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572) -Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops." |
| 1880 | WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada Alexander Mazuruc TEL: 905-502-7000 ext. 225 FAX: 905-502-7001 CST Lab: NVLAP 200928-0 | SecureDoc® Disk Encryption Cryptographic Engine for Windows (Software Version: 7.2) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/04/2013 07/25/2016 | 7/24/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Microsoft Windows 7 32-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode) -FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572) -Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media." |
| 1878 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Versions: 5.5f and 5.5.1f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/31/2013 03/28/2013 01/23/2014 04/03/2014 11/25/2014 02/20/2015 07/06/2015 04/12/2016 07/08/2016 | 7/7/2021 | Overall Level: 1 -Tested Configuration(s): Android 2.2 running on a LG Optimus 3D (LG-P920) Android 2.3 running on a LG G2X (LG-P999) Android 4.0 running on a Samsung Nexus-S (GT-I9023) Android 4.1 running on a LG Optimus 3D (LG-P920) Ubuntu Linux 32 bit running on a Dell Dimension 9200 Ubuntu Linux 64 bit running on a Dell Dimension 9200 Android 4.3 running on Asus TF 700 Tablet Android 4.4 running on Nexus 7 Tablet VxWorks 6.8 running on Avaya ERS 4850 Mentor Embedded Linux 4.0 running on an Avaya VSP 4450 Honeywell Xenon RTOS running on Honeywell 1902 Scanner Android 6.0 32-bit running on Nexus 7 Tablet Android 6.0 64-bit running on Galaxy S6 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RSA (Certs. #1059 and #1437); DSA (Certs. #647 and #840); ECDSA (Certs. #298 and #479); DRBG (Certs. #201 and #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1876 | Apricorn, Inc. 12191 Kirkham Road Poway, CA 92064 USA Robert Davidson TEL: 858-513-4430 FAX: 858-513-2020 CST Lab: NVLAP 100432-0 | Apricorn Aegis Secure Key (Hardware Versions: ASK-256-4GB, ASK-256-8GB, ASK-256-16GB and ASK-256-32GB; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/30/2013 03/08/2013 03/28/2013 06/16/2016 | 6/15/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)." |
| 1873 | iStorage Limited iStorage House 13 Alperton Lane Perivale, Middlesex UB6 8DH England John Michael TEL: +44 20 8537-3435 FAX: +44 20 8537-3438 CST Lab: NVLAP 100432-0 | datAshur Secure USB Flash Drive (Hardware Versions: IS-FL-DA-256-4, IS-FL-DA-256-8, IS-FL-DA-256-16 and IS-FL-DA-256-32; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12) (Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2013 01/24/2013 03/28/2013 08/29/2014 06/16/2016 06/06/2017 | 6/15/2021 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177) -Other algorithms: NDRNG Multi-chip standalone "The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked." |
| 1867 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA David Riley TEL: 203-796-3208 FAX: 203-796-3129 CST Lab: NVLAP 100432-0 | Cygnus X3 Hardware Security Module (XHSM) (Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2012 | 12/18/2017 | Overall Level: 3 -Physical Security: Level 3 +EFP -FIPS Approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed) -Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products." |
| 1864 | Cambium Networks, Ltd. Unit B2, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom Mark Thomas TEL: +44 1364 655586 FAX: +44 1364 655500 CST Lab: NVLAP 100432-0 | Cambium Networks PTP 800 Compact Modem Unit (CMU) (Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-06-02) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/04/2013 02/22/2013 01/24/2017 | 1/23/2022 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution." |
| 1863 | Kaseya US Sales, LLC 901 N. Glebe Road Suite 1010 Arlington, VA 22203 USA Bill Durant TEL: 415-694-5700 CST Lab: NVLAP 200996-0 | Virtual System Administrator Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2012 | 12/12/2017 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with MAC OS X v10.6.8 Windows 7 (32-bit) Windows 7 (64-bit) Windows Server 2008 Red Hat Enterprise Linux 5.5 (32-bit) Red Hat Enterprise Linux 5.5(64-bit) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185) -Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant) Multi-chip standalone "The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework." |
| 1862 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module (Hardware Version: 1BU282; Firmware Version: 0003) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/07/2013 01/25/2013 | 1/24/2018 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1860 | CMS Products 12 Mauchly Unit E Irvine, CA 92618 USA Les Kristof TEL: 714-424-5521 FAX: 949-754-9060 CST Lab: NVLAP 100432-0 | CE Secure (Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2013 | 1/24/2018 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption." |
| 1859 | Red Hat®, Inc. 314 Littleton Road Raleigh, NC 27606 USA Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/03/2012 | 12/2/2017 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5 Multi-chip standalone "The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec." |
| 1858 | Vidyo, Inc. 433 Hackensack Ave, 6th Floor Hackensack, NJ 07601 USA CST Lab: NVLAP 200556-0 | Cryptographic Security Kernel (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/29/2012 | 11/28/2017 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without PAA Mac OS X 10.6.8 32-bit running on Intel Core Duo without PAA Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without PAA Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without PAA Windows 7 32-bit running on Intel Core Duo without PAA Windows 7 64-bit running on Intel Core 2 Duo without PAA Windows XP 32-bit running on Intel Core Duo without PAA Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with PAA Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with PAA Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with PAA Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with PAA Windows XP 32-bit running on Intel Core i5 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2027 and #2028); DRBG (Certs. #194 and #195); HMAC (Certs. #1229 and #1230); SHS (Certs. #1776 and #1777) -Other algorithms: N/A Multi-chip standalone "The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications." |
| 1854 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/28/2012 | 11/27/2017 | Overall Level: 2 Multi-chip standalone |
| 1839 | Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA Entrust Sales CST Lab: NVLAP 100432-0 | Entrust Authority™ Security Toolkit for the Java® Platform (Software Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/29/2012 05/28/2014 01/08/2016 | 1/7/2021 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755 -FIPS Approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Triple-DES Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE; RNG (non-compliant) Multi-chip standalone "Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI." |
| 1837 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0 | NSS Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/08/2012 | 11/7/2017 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240) -Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ." |
| 1835 | Cavium Networks 2315 N First Street San Jose, CA 95131 USA TA Ramanujam TEL: 408-931-2952 FAX: 408-577-1992 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Version: CN16XX-NFBE-FW-2.1-110020) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/08/2012 10/18/2013 01/11/2017 | 1/10/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Cert. #736); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898) -Other algorithms: AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBE; RC4 Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets." |
| 1831 | Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | KMF CryptR (Hardware Version: P/N CLN8566A; Firmware Versions: R01.02.10, R01.05.00 or R01.05.01) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 12/07/2012 09/12/2014 01/30/2017 | 1/29/2022 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670) -Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL Multi-chip standalone "The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems." |
| 1826 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 100432-0 | Seagate Secure® TCG Opal SSC Self-Encrypting Drive (Hardware Versions: 9WU142 [1, 2, 3, 4, 5], 9WU14C [1, 2, 3, 4, 5], 9WU141 [1, 2, 3, 4, 5], 1DJ142 [1, 5, 6, 7], 1DJ14C [1, 5, 6, 7], 1DJ141 [1, 5, 6, 7], 1RS152 [8, 9, 10], 1RS15C [8, 9, 10] and 1RS15D [8, 9, 10]; Firmware Versions: 0001SDM7 [1], 0001SED7 [2], 0002SDM7 [3], 0002SED7 [4], 0001LIM7 [5], 1002SED7 [6], 1003SED7 [7], 0001SDM7 [8], 0001YXM7 [9]or 0002LIM7 [10]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 06/14/2013 05/20/2014 09/25/2014 | 9/24/2019 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface." |
| 1824 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Telepresence C20 Codec (Hardware Version: C20 v1; Firmware Version: TC5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/14/2012 11/21/2012 12/03/2012 | 12/2/2017 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market." |
| 1823 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Telepresence C40, C60, and C90 Codecs (Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 11/21/2012 12/03/2012 | 12/2/2017 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market." |
| 1818 | Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco EX60 and EX90 TelePresence Systems (Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2012 11/21/2012 12/03/2012 | 12/2/2017 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market." |
| 1817 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm 6.0.4 or 6.3.4 Event Manager (Software Version: 6.0.4 or 6.3.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2012 05/18/2015 05/12/2016 | 5/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: HMAC-MD5; MD5 Multi-chip standalone "The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases." |
| 1811 | IMS Health Inc. 16720 Route Transcanadienne Suite 1700 Kirkland, Québec H9H 5M3 Canada Charles Blair TEL: 905-816-5131 Hussam Mahgoub TEL: 905-816-5134 CST Lab: NVLAP 200928-0 | Diversinet Java Crypto Module (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2012 02/20/2014 | 2/19/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017) -Other algorithms: N/A Multi-chip standalone "Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file." |
| 1809 | Systematic Development Group, LLC 350 Jim Moran Blvd. Suite 122 Deerfield Beach, FL 33442 USA George Wolf TEL: 954-889-3535 x315 CST Lab: NVLAP 100432-0 | LOK‐IT® 10 KEY (Series SDG003FM/SDG005M) (Hardware Versions: HW003‐32 Rev:01 [2], HW003‐16 Rev:03 [1], HW003‐16 Rev:04 [2], HW003‐08 Rev:02 [1], HW003‐08 Rev:03 [2] , HW003‐04 Rev:02 [1] and HW003‐04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14‐F05 [2]; Security Controller Firmware Revision SDG003FM-010) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/02/2012 01/22/2013 07/26/2013 | 7/25/2018 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164) -Other algorithms: NDRNG Multi-chip standalone "This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy." |
| 1808 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm 6.0.4 or 6.3.4 Log Manager (Software Version: 6.0.4 or 6.3.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/02/2012 05/18/2015 05/12/2016 | 5/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: HMAC-MD5; MD5 Multi-chip standalone "The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases." |
| 1807 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm 6.0.4 or 6.3.4 Console (Software Version: 6.0.4 or 6.3.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/02/2012 05/18/2015 05/12/2016 | 5/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: HMAC-MD5; MD5 Multi-chip standalone "The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment." |
| 1806 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent (Software Version: 6.0.4 or 6.3.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/02/2012 05/18/2015 05/12/2016 | 5/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: HMAC-MD5; MD5 Multi-chip standalone "The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component." |
| 1805 | LogRhythm 4780 Pearl East Circle Boulder, CO 80301 USA Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0 | LogRhythm 6.0.4 or 6.3.4 AI Engine Server (Software Version: 6.0.4 or 6.3.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/02/2012 05/18/2015 05/12/2016 | 5/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: HMAC-MD5; MD5 Multi-chip standalone "The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases." |
| 1804 | IMS Health Inc. 16720 Route Transcanadienne Kirkland, Québec H9H 5M3 Canada Charles Blair TEL: 905-816-5131 Hussam Mahgoub TEL: 905-816-5134 CST Lab: NVLAP 200928-0 | Diversinet Java Crypto Module for Mobile (Software Version: 2.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/03/2012 02/20/2014 | 2/19/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Android OS v2.2 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018) -Other algorithms: N/A Multi-chip standalone "Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA." |
| 1800 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Security and Certifications Team CST Lab: NVLAP 100432-0 | eToken 4300 (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0) PIV Certificate #32 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/06/2012 02/06/2014 01/10/2017 | 1/9/2022 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2); CVL (Certs. #218 and #222) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 1794 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Datacryptor-Certifications TEL: +44 (0)1844 201800 CST Lab: NVLAP 200002-0 | Secure Generic Sub-System (SGSS), Version 3.5 [1] and 3.6 [2] (Hardware Versions: 1213H130 Issue 6E [1], 1213R130 Issue 1 [1], 1213P130 Issue 2 [1], 1213P130 Issue 2A [1]. 1213P130 Issue 2B [2], 1213R130 Issue 2 [2] and 1213S130 Issue 2 [2]; Software Version: 3.0.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/28/2012 09/27/2012 12/10/2015 | 12/9/2020 | Overall Level: 3 -FIPS Approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717) -Other algorithms: N/A Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation." |
| 1786 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/24/2012 01/24/2013 02/12/2016 05/03/2016 | 5/2/2021 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0 Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 1785 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/24/2012 01/24/2013 02/12/2016 05/03/2016 | 5/2/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0 Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 1783 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/08/2012 03/19/2013 | 3/18/2018 | Overall Level: 2 * |
| 1780 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2012 09/26/2012 07/10/2013 03/21/2014 06/18/2014 07/05/2016 | 7/4/2021 | Overall Level: 2 Multi-chip standalone |
| 1779 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2012 09/26/2012 07/10/2013 03/21/2014 06/18/2014 07/05/2016 | 7/4/2021 | Overall Level: 2 Multi-chip standalone |
| 1778 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2012 04/15/2013 | 4/14/2018 | Overall Level: 2 Multi-chip standalone |
| 1773 | Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0 | 565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3] (Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/01/2012 02/06/2013 | 2/5/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish Multi-chip standalone "The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service." |
| 1770 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Version: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/31/2012 08/07/2012 01/04/2013 | 1/3/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat" |
| 1767 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6] (Hardware Versions: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Version: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 08/07/2012 08/16/2012 01/04/2013 | 1/3/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat" |
| 1766 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5] (Hardware Versions: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Version: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 08/07/2012 08/16/2012 09/27/2012 01/04/2013 | 1/3/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat" |
| 1764 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect Duo with PIV (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0) PIV Certificate #31 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/23/2012 04/12/2013 02/06/2014 05/28/2014 | 5/27/2019 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2); CVL (Certs. #218 and #222) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications." |
| 1750 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect Key with LASER PKI (Hardware Versions: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/17/2012 04/12/2013 05/28/2014 | 5/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 1749 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect Duo with LASER PKI (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/17/2012 04/12/2013 05/28/2014 | 5/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 1747 | OpenSSL Validation Services 1829 Mount Ephraim Road Adamstown, MD 21710 USA Steve Marquess TEL: 301-874-2571 CST Lab: NVLAP 100432-0 | OpenSSL FIPS Object Module (Software Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9 or 2.0.10) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/27/2012 07/09/2012 07/18/2012 10/24/2012 01/22/2013 02/06/2013 02/22/2013 02/28/2013 03/28/2013 05/16/2013 06/14/2013 08/16/2013 08/23/2013 11/08/2013 12/20/2013 06/27/2014 07/03/2014 09/02/2014 09/12/2014 10/16/2014 12/31/2014 06/15/2015 09/04/2015 01/25/2016 01/10/2017 01/30/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0) Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0) Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00) uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1) Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1) HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B) Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3) Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0) Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4) Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00) Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3) Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0) Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0) VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2) Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2) Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2) Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2) Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3) Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3) Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2) Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2) Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2) CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5) Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2) Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6) Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6) Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12) Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3) Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1) Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM) Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM) Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0) DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13) Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3) NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3) NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3) Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64) Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6) Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720) Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3) Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2) Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3) QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1) eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)1 Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3) Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3) Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0) Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)2 iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1) iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3) PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)3 Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1) AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2) AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1) FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2) Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5) Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5) ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2) FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1) FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1) FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3) FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3) FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1) Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1) QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3) Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1) Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1) TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)4 iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56) iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56) VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3) iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56) iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9) Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9) Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) (singleusermode) -FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3264); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #723); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #933); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2063); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581 and #1664); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2702); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1853); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #620); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #472) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG Multi-chip standalone "The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications." |
| 1746 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1744 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2012 08/16/2013 10/25/2013 10/31/2015 | 10/30/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
| 1743 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4] (Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1742 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1741 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1740 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F2 500 [1] and nShield F2 10 PCI [2] (Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1739 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2012 08/16/2013 10/25/2013 10/28/2015 | 10/27/2020 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine." |
| 1738 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@ncipher.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nToken (Hardware Versions: nC2023P-000, Build Standard N; Firmware Versions: 2.50.16-2 and 2.50.35-2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2012 11/24/2015 | 11/23/2020 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72) -Other algorithms: N/A Multi-chip embedded "The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions." |
| 1737 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3] (Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3023P-500 [3], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1736 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 600-10 [1], 600-20 [2] and 600-35 [3] (Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/21/2012 07/24/2012 08/07/2012 01/04/2013 | 1/3/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat" |
| 1733 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/20/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1729 | Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, Ontario L4W 0B5 Canada Certicom Support TEL: 905-507-4220 Certicom Sales TEL: 905-507-4220 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | Security Builder® FIPS Module (Software Versions: 6.0, 6.0.2 and 6.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/08/2012 10/31/2014 12/31/2014 05/08/2015 12/03/2015 03/15/2016 05/25/2016 | 5/24/2021 | Overall Level: 1 -Tested Configuration(s): QNX Neutrino 6.6 QNX Neutrino 6.5 Red Hat Linux AS 5.6 Windows 7 Enterprise 64 bit Windows Phone 8.0 Android 4.4.2 Android 4.0.4 iOS version 6.1.4 Android 5.0.1 iOS 8.0 Windows 7 Enterprise 32 bit CentOS Linux Release 7.1 64-bit Mac OS X Yosemite 10.10.4 Mac OS X El Capitan 10.11.4 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1159, #1773 and #2164); AES (Certs. #1789, #3029 and 3946); SHS (Certs. #1571, #2530 and #3256); HMAC (Certs. #1054, #1914 and #2571); DRBG (Certs. #127, #579 and #1151); DSA (Certs. #563, #891 and #1076); ECDSA (Certs. #242, #553 and #866); RSA (Certs. #894, #1574 and #2017); KAS (Certs. #25, #50 and #79); CVL (Certs. #7, #367 and #789) -Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant); RNG; Dual EC DRBG Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API." |
| 1725 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0 | Postal mRevenector DE 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2012095001) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/29/2012 01/22/2013 03/13/2015 | 3/12/2020 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip embedded "The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification." |
| 1722 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0 | Postal mRevenector US 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/23/2012 01/22/2013 | 1/21/2018 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG Multi-chip embedded "The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)." |
| 1717 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL) (Hardware Versions: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/03/2012 12/21/2012 | 12/20/2017 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements." |
| 1712 | Kanguru Solutions 1360 Main Street Millis, MA 02054 USA Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0 | Kanguru Defender 2000 (Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/03/2012 12/21/2012 | 12/20/2017 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device." |
| 1711 | Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA Stéphanie Motré TEL: 408-786-1028 FAX: 408-608-1818 CST Lab: NVLAP 100432-0 | IDProtect with LASER PKI (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2012 04/12/2013 05/28/2014 | 5/27/2019 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 1708 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/27/2012 03/08/2013 08/16/2013 11/16/2015 | 11/15/2020 | Overall Level: 3 -Physical Security: Level 3 + EFP -FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1705 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0 | nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/12/2012 03/08/2013 08/09/2013 11/16/2015 | 11/15/2020 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed." |
| 1702 | Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA Entrust Sales CST Lab: NVLAP 100432-0 | Entrust Authority™ Security Kernel (Software Versions: 8.1sp1, 8.1sp1R2 and 8.1sp1R3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/12/2012 10/18/2013 05/28/2014 01/08/2016 08/29/2016 | 8/28/2021 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755 -FIPS Approved algorithms: AES (Certs. #1923 and #2631); HMAC (Certs. #1158 and #1628); SHS (Certs. #1689 and #2206); DRBG (Certs. #167 and #405); RSA (Certs. #992 and #1345); Triple-DES (Certs. #1253 and #1580); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Certs. #15 and #111 and SP 800-135, vendor affirmed, key agreement); ECDSA (Certs. #275 and #454); DSA (Certs. #610 and #794) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC; RNG (non-compliant) Multi-chip standalone "By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms." |
| 1694 | SafeNet, Inc. 20 Colonnade Dr, Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200427-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/30/2012 09/27/2012 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 1693 | SafeNet, Inc. 20 Colonnade Drive, Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200427-0 | Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/28/2012 09/27/2012 01/10/2017 06/23/2017 06/23/2017 | 1/9/2022 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Triple-DES Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card." |
| 1674 | Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0 | Secure Router 4134 (Hardware Versions: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2012 01/01/2014 | 12/31/2018 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Cert. #496); DRBG (Cert. #79) -Other algorithms: DSA (Cert. #501; non-compliant); MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant) Multi-chip standalone "The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs." |
| 1669 | Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2],3.8.7.5 [2] and 3.8.7.6 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 01/19/2012 10/10/2012 | 10/9/2017 | Overall Level: 1 -Design Assurance: Level 3 -Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2] -FIPS Approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry." |
| 1639 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 5940 Embedded Services Routers (Hardware Versions: Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(3)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/16/2011 02/23/2012 07/18/2012 02/08/2013 | 2/7/2018 | Overall Level: 1 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Certs. #962, #1535 and #1643); DRBG (Cert. #89); HMAC (Certs. #537 and #965); RSA (Cert. #811); SHS (Certs. #933 and #1444); Triple-DES (Certs. #757 and #1073) -Other algorithms: DES; DES MAC; HMAC-MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5940 is a high-performance, ruggedized router. With onboard hardware encryption, the Cisco 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5940 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology." |
| 1636 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure Constellation® ES [24-36] and Constellation®.2 [1-23] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XU268 [1, 6, 18, 19], 9XU268-251 [2, 7, 9, 11, 14, 16, 20], 9XU268-257 [3, 8, 10, 12, 13, 15, 17, 21], 9XU268-047 [4], 9XU268-090 [5], 9XU264 [1, 6, 18, 19], 9XU264-251 [2, 7, 9, 11, 14, 16, 20], 9XU264-257 [3, 8, 10, 12, 13, 15, 17, 21], 9XU264-047 [4], 9XU264-090 [5], 9XU168 [22, 23], 9XU164 [22, 23], 9XU162 [22, 23], 1AV268 [24, 26, 32], 1AV264 [24, 26, 32], 1AV264-257 [25, 28, 30, 33], 1AV264-251 [27, 29, 31, 34], 1AV262 [24, 26, 32], 1AV168 [35, 36], 1AV164 [35, 36] and 1AV162 [35, 36]; Firmware Versions: A002 [1], ASF2 [2], ANF1 [3], NS01 [4], QF70 [5], 0003 [6, 23, 32], ASF5 [7], AEF3 [8], ASF8 [9], AEF5 [10], ASF9 [11], AEF6 [12], AEF7 [13], ASFC [14], AEFB [15], ASFD [16], AEFC [17], 0004 [18], 0005 [19], ASFE [20], AEFD [21], 0002 [22, 26, 36], A001 [24, 35], PNF0 [25], PSF1 [27], PEF3 [28], PSF4 [29], PEF4 [30], PSF5 [31], PEF5 [33] and PSF9 [34]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/10/2011 03/14/2012 06/21/2012 10/17/2012 12/12/2012 01/25/2013 02/20/2014 09/26/2014 10/23/2014 11/14/2016 05/09/2017 | 11/13/2021 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Constellation®.2 and Constellation® ES SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1635 | Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0 | Seagate Secure Constellation® ES.2 [45-74], Savvio® 10K.5 [1-28] and Savvio® 15K.3 [29-44] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XS066 [1, 7, 21], 9XS066-251 [2, 8, 13, 16, 20, 28], 9XS066-257 [3, 9, 14, 17, 18, 27], 9XS066-047 [4], 9XS066-090 [5, 11, 22, 23], 9XS066-031 [10, 19], 9XS066-037 [10,19], 9XS066-046 [12], 9XR066 [1, 7, 21], 9XR066-251 [2, 8, 13, 16, 20, 28], 9XR066-257 [3, 9, 14, 17, 18, 27], 9XR066-047 [4], 9XR066-090 [5, 11, 22, 23], 9XR066-038 [6, 15, 24, 25, 26], 9XR066-046 [12], 9XP066 [1, 7, 21], 9XP066-047 [4], 9XP066-090 [5, 11, 22, 23], 9XP066-046 [12], 9XN066 [1, 7, 21], 9XN066-251 [2, 8, 13, 16, 20, 28], 9XN066-257 [3, 9, 14, 17, 18, 27], 9XN066-047 [4], 9XN066-090 [5, 11, 22, 23], 9XN066-046 [12], 9XM066 [29, 32, 42], 9XM066-251 [30, 33, 35, 37, 39, 41, 44], 9XM066-257 [31, 34, 36, 39, 40, 43], 9XL066 [29, 32, 42], 9XL066-251 [30, 33, 35, 37, 39, 41, 44], 9XL066-257 [31, 34, 36, 39, 40, 43], 9XT260 [45, 51, 63, 68, 69, 70], 9XT260-251 [46, 52, 56, 59, 64, 65, 66, 71], 9XT260-257 [47, 53, 57, 59, 61, 67, 72], 9XT260-038 [48, 58], 9XT260-047 [49], 9XT260-090 [50], 9XT260-031 [54, 62], 9XT260-037 [54, 62], 9XT260-046 [55], 9XT267 [51, 63, 68, 69] and 9XT160 [73, 74]; Firmware Versions: A002 [1, 29], CSF2 [2], CNF1 [3], NS03 [4], HF72 [5], NA00 [6, 58], 0003 [7, 32, 68], CSF4 [8], CEF3 [9], CE01 [10], HF75 [11], 6E01 [12], CSF7 [13], CEF4 [14], F740 [15], CSF8 [16], CEF5 [17], CEF6 [18], CE06 [19], CSFA [20], 0004 [21, 42, 69], HF7C [22], HF7D [23], NA01 [24], NA04 [25], F744 [26], CEF9 [27], CSFB [28], YSF3 [30], YNF2 [31], YSF5 [33], YEF4 [34], YSF8 [35], YEF5 [36], YSF9 [37], YEF6 [38], YSFB [39], YEF9 [40], YSFC [41], YEFA [43], YSFD [44], 0002 [45], RSF3 [46], RNF3 [47], NQE1 [48], NS01 [49], NF72 [50], 0005 [51], RSF5 [52], REF5 [53], YE01 [54], 6EA1 [55], RSF8 [56], REF6 [57], RSFA [59], REF7 [60], REF8 [61], YE04 [62], 0006 [63], RSFC [64], RSFD [65], RSFE [66], REFB [67], A006 [70], RSFF [71], REFC [72], F000 [73] and F003 [74]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/10/2011 11/17/2011 03/14/2012 06/21/2012 10/17/2012 12/12/2012 01/25/2013 10/18/2013 02/20/2014 06/05/2014 09/26/2014 10/23/2014 12/10/2015 04/04/2016 05/09/2017 | 4/3/2021 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module 2 is embodied in Seagate Constellation® ES.2, Savvio® 15K.3, and Savvio® 10K.5 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download." |
| 1627 | Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA Donald Snook TEL: 973-334-1980 CST Lab: NVLAP 200002-0 | Port Authority Series (Hardware Versions: PA111-SA CDI 01-03-0912I, PA111-RM CDI 01-03-0912I, PA155-RM CDI 01-03-0912I and PA199-RM CDI 01-03-0912I; Firmware Version: 10.05.10) (When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/01/2011 08/24/2016 | 8/23/2021 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #3846); SHS (Cert. #3169); HMAC (Cert. #2495); DRBG (Cert. #1090); KTS (AES Cert. #3846 and HMAC Cert. #2495) -Other algorithms: NDRNG; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant); Multi-chip standalone "Secure Out of Band Management appliance with network port, internal modem, and up to 9 serial ports. Allows Secure Out of Band Access to Firewalls, Routers, Network appliances etc.. Supports up to 256 bit AES CFB encryption." |
| 1621 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B (Hardware Versions: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(3)S5) (When operated in FIPS mode with the tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/28/2011 02/09/2012 02/23/2012 07/09/2012 08/16/2013 | 8/15/2018 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #1634); DRBG (Cert. #88); HMAC (Cert. #961); RSA (Cert. #808); SHS (Cert. #1439); Triple-DES (Cert. #1070) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DES MAC; HMAC MD5; MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 7606-S and 7609-S routers are designed for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching services are necessary to meet the requirements of both enterprises and service providers. It enables Carrier Ethernet service providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. They also deliver WAN and metropolitan-area network networking solutions at the enterprise edge." |
| 1614 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2011 10/26/2011 11/08/2011 04/12/2016 | 4/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Vx Works 6.7 Android 2.2 VxWorks 5.5 VxWorks 6.2 VxWorks 6.4 WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RSA (Cert. #738); DSA (Cert. #472); ECDSA (Cert. #187); DRBG (Cert. #64) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG Multi-chip standalone "The Mocana Cryptographic Suite B Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1592 | Harris Corporation 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA Brian Justice TEL: 434-455-9586 Joyce O'Quinn TEL: 434-455-6458 CST Lab: NVLAP 200427-0 | Harris Unified Audio Card (Hardware Version: EA-103168-002; Firmware Versions: MPC 860: SK-007765-007 v R03A08, DSP: SK-007765-013 v R03A05, Boot Loader / Factory Test: R03A02, Low Level Boot: R01D01 and DSP Factory Test: R01D02) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2011 04/13/2016 | 4/12/2021 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1652 and #1653); HMAC (Cert. #970); SHS (Cert. #1450) -Other algorithms: AES MAC (AES Cert. #1653, vendor affirmed; P25 AES OTAR); RNG Multi-chip embedded "The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network." |
| 1579 | Certicom Corp. 4701 Tahoe Blvd., Building A Mississauga, Ontario L4W 0B5 Canada Certicom Support TEL: 905-507-4220 Certicom Sales TEL: 905-507-4220 CST Lab: NVLAP 200426-0 | Security Builder FIPS Module (Software Versions: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/21/2011 06/05/2012 08/16/2012 03/13/2015 01/26/2016 07/05/2016 | 7/4/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with QNX Neutrino Version 6.6 QNX Neutrino Version 6.5 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1054); AES (Cert. #1609); SHS (Cert. #1422); HMAC (Cert. #945); DRBG (Cert. #82); DSA (Cert. #500); ECDSA (Cert. #200); RSA (Cert. #791); KAS (Cert. #14; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); KTS (AES Cert. #1609; key establishment methodology provides between 128 and 256 bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; DRBG (non-compliant) Multi-chip standalone "The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API." |
| 1578 | BlackBerry 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada Security Certifications Team TEL: 519-888-7465 x 72921 FAX: (519) 888-9852 CST Lab: NVLAP 200426-0 | BlackBerry OS Cryptographic Library (Software Versions: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/21/2011 06/05/2012 08/16/2012 01/24/2013 02/22/2013 04/11/2014 01/24/2016 06/21/2016 | 6/20/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with BlackBerry® Tablet OS Version 2.0 (Binary compatible to BlackBerry® Tablet OS Version 1.0) (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); KTS (AES Cert. #1608; key establishment methodology provides between 128 and 256 bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; DRBG (non-compliant) Multi-chip standalone "The BlackBerry OS Cryptographic Library is a software module that provides the cryptographic functionality required for secure operation of the BlackBerry® PlayBook™ and devices running the BlackBerry® 10 OS ." |
| 1577 | Futurex 864 Old Boerne Rd. Bulverde, TX 78163 USA Paul Enman TEL: 830-980-9782 FAX: 830-438-8782 CST Lab: NVLAP 100432-0 | EXP9000 Hardware Security Module (Hardware Versions: P/N 9750-2075, Revision B; Firmware Version: 4.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/05/2011 02/01/2017 | 1/31/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1636); DRBG (Cert. #1243); HMAC (Cert. #962); RSA (Certs. #810 and #2331); SHS (Cert. #1441); Triple-DES (Cert. #1072) -Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; TR-31 Multi-chip embedded "The EXP9000 cryptographic module provides secure encryption, storage, and transmission of sensitive data used in a wide variety of applications including Futurex Hardware Security Modules (HSM) and Key Management Servers (KMS)." |
| 1543 | CareFusion 10020 Pacific Mesa Blvd. San Diego, CA 92121 USA Tom Miller TEL: 858-617-2000 CST Lab: NVLAP 100432-0 | Alaris™ PC Unit Model 8015 (Hardware Version: Model 8015 a/b/g or Model 8015 a/b/g/n with FIPS Kit 11935165; Firmware Versions: 9.7.40, 9.12.40, 9.17.1, 9.19, 9.19.1 or 9.33) (When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/27/2011 01/11/2012 09/27/2012 06/05/2014 02/13/2015 07/23/2015 08/07/2015 06/07/2016 07/10/2017 | 6/6/2021 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (1) (Cert. #1436); SHS (Cert. #1301) -Other algorithms: AES (2) (non-compliant); RC4; MD5; SHS (non-compliant); RIPEMD; DES; Triple-DES (non-compliant); RC2-CBC, RC2-ECB, RC2-CFB64, RC2-OFB64; Blowfish; CAST; RSA (non-compliant); DSA (non-compliant); Diffie-Hellman; RNG (non-compliant) Multi-chip standalone "The CareFusion Alaris™ PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care." |
| 1541 | 3e Technologies International, Inc. 9715 Key West Ave, Suite 500 Rockville, MD 20850 USA Harinder Sood TEL: 301-944-1325 FAX: 301-670-6779 CST Lab: NVLAP 200427-0 | 3e-523-3 Secure Multi-function Wireless Data Point (Hardware Version: 2.0(a); Firmware Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/29/2011 08/12/2016 | 8/11/2021 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1021, #1022 and #1023); HMAC (Certs. #570, #571 and #572); DRBG (Cert. #1136); RSA (Cert. #490); SHS (Certs. #975, #976 and #977); KTS (AES Cert. #1021 and HMAC Cert. #570; key establishment methodology provides between 128 and 256 bits of encryption strength) -Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RC4; WEP Multi-Chip Embedded "The 3e-523-3 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i." |
| 1530 | CST Lab: NVLAP 200802-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/04/2011 10/10/2012 05/13/2013 12/13/2013 07/11/2014 03/20/2015 07/24/2015 08/13/2015 09/28/2015 11/18/2015 03/18/2016 | 3/17/2021 | Overall Level: 2 Multi-chip standalone |
| 1504 | DataLocker Inc. 7007 College Blvd Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 200658-0 | DataLocker Enterprise, V2.0 (DataLocker DL2) (Hardware Versions: P/Ns DL500E2 and DL1000E2; Firmware Version: 2.30) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/24/2011 03/01/2011 06/10/2016 07/05/2016 | 7/4/2021 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #250) -Other algorithms: N/A Multi-chip standalone "The DataLocker Enterprise (also named DataLocker DL2) is a fully platform independent, portable encrypted hard drive. Compatible with MAC, Windows and Linux systems, the DataLocker operates without any host based software or drivers. It utilizes an embedded LCD touch screen interface for all authentication and administrative functions. The device is fully 256bit AES CBC Mode encrypted via a dedicated crypto engine." |
| 1497 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Secure Access Control Server (ACS) FIPS module (NSS) (Software Versions: 3.12.5 and 3.12.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/10/2011 02/23/2012 04/05/2013 | 4/4/2018 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1475); DRBG (Cert. #59); DSA (Cert. #466); HMAC (Cert. #868); RSA (Cert. #722); SHS (Cert. #1334); Triple-DES (Cert. #993) -Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED Multi-chip standalone "The Cisco Secure Access Control Server (ACS) FIPS module (NSS) Version 3.12.5 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Cisco ACS FIPS module (NSS) is a general-purpose cryptographic library, with an API based on the industry standard PKCS #11 version 2.20." |
| 1495 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/28/2011 06/08/2012 10/15/2012 | 10/14/2017 | Overall Level: 2 Multi-chip standalone |
| 1472 | Enova Technology Corporation 1st Floor, #11, R & D 2nd Road Science Park Hsin Chu City, Taiwan 30076 Republic of China Butz Huang TEL: +866 3 577 2773 FAX: +886 3 577 2770 CST Lab: NVLAP 100432-0 | X-Wall MX-256C (Hardware Version: X-Wall MX-256C; Firmware Version: 1.1.0) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 12/28/2010 12/05/2016 | 12/4/2021 | Overall Level: 1 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #250) -Other algorithms: N/A Single-chip "The patented X-Wall MX-256C (MX-256C) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec). MX-256C, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256C and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256C contains no NVM. Therefore at each power on reset authentication is needed." |
| 1471 | Enova Technology Corporation 1st Floor, #11, R & D 2nd Road Science Park Hsin Chu, Taiwan 30076 Republic of China Butz Huang TEL: +866 3 577 2773 FAX: +886 3 577 2770 CST Lab: NVLAP 100432-0 | X-Wall MX-256 (Hardware Version: X-Wall MX-256; Firmware Version: 1.1.0) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 12/28/2010 12/05/2016 | 12/4/2021 | Overall Level: 1 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #60) -Other algorithms: N/A Single-chip "The patented X-Wall MX-256 (MX-256) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec).MX-256, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256 and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256 contains no NVM. Therefore at each power on reset authentication is needed." |
| 1413 | Icom Inc. 1-1-32, Kamiminami Hirano-Ku, Osaka 547-0003 Japan Masaaki Takahashi TEL: 425-450-6043 CST Lab: NVLAP 200427-0 | UT-125 FIPS #11 and UT-125 FIPS #21 Cryptographic Module (Hardware Versions: 1.1, 2.1; Firmware Version: 1.1) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 09/28/2010 03/11/2016 04/19/2017 | 3/10/2021 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Cert. #3842); DRBG (Cert. #1087); HMAC (Cert. #2492); SHS (Cert. #3165) -Other algorithms: AES MAC (AES Cert. #3842, vendor affirmed; P25 AES OTAR); DES; DES-MAC; RNG Multi-Chip Embedded "The UT-125 FIPS #11 and UT-125 FIPS #21 are optional units available for Icom radios that provide secure voice and data capabilities as well as APCO OTAR and advanced key management." |
| 1369 | Cavium Networks 805 E. Middlefield Road Mountain View, CA 94043 USA TA Ramanujam TEL: 650-623-7039 FAX: 650-625-9751 CST Lab: NVLAP 100432-0 | NITROX XL 1600-NFBE HSM Family (Hardware Versions: CN1620-NFBE1NIC-2.0-G [1], CN1620-NFBE2NIC-2.0-G [1], CN1620-NFBE3NIC-2.0-G [1], CN1610-NFBE1NIC-2.0-G [1], CN1620-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE2NIC-2.0-FW1.2-G [2], CN1620-NFBE3NIC-2.0-FW1.2-G [2], CN1610-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE1-2.0-G [1], CN1620-NFBE2-2.0-G [1], CN1620-NFBE3-2.0-G [1], CN1610-NFBE1-2.0-G [1], CN1620-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE2-2.0-FW1.2-G [2], CN1620-NFBE3-2.0-FW1.2-G [2], CN1610-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE1-3.0-FW1.1-G [1], CN1620-NFBE2-3.0-FW1.1-G [1], CN1620-NFBE3-3.0-FW1.1-G [1], CN1620-NFBE1-3.0-FW1.2-G [2], CN1620-NFBE2-3.0-FW1.2-G [2] and CN1620-NFBE3-3.0-FW1.2-G [2]; Firmware Versions: CN16XX-NFBE-FW-1.1-160628 [1] and CN16XX-NFBE-FW-1.2-160627 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 07/21/2010 12/06/2010 12/27/2012 07/24/2014 01/11/2017 | 1/10/2022 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Cert. #150); HMAC (Cert. #736); KAS (Cert. #5); RSA (Cert. #607); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898) -Other algorithms: AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5; PBE; RC4 Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the worldÆs fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets" |
| 1363 | Ipswitch, Inc. 83 Hartwell Ave Lexington, MA 02421 USA Mark Riordan TEL: 608-824-3632 CST Lab: NVLAP 200427-0 | MOVEit Crypto (Software Version: 1.2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 07/12/2010 04/26/2016 04/27/2016 | 4/26/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 (x86) Red Hat Enterprise Linux 5 (x64) Windows Server 2008 (x86) Windows Server 2008 (x64) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1226); HMAC (Cert. #716); SHS (Cert. #1126) -Other algorithms: HMAC-MD5; MD5; RNG Multi-chip standalone "MOVEit Crypto is a compact and fast dynamically-linked library for Windows and Linux. It provides AES encryption, SHA-1 and SHA-2 hashing, and pseudo-random number generation. Both 32-bit and 64-bit versions are available for each operating system. MOVEit Crypto is a member of the MOVEit security and file transfer product family." |
| 1324 | Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 USA Saad Anis TEL: 240-686-3363 FAX: 240-686-3301 Stratis Marneris TEL: 240-686-3371 CST Lab: NVLAP 200427-0 | Transceiver Cryptographic Module (TCM) (Hardware Version: C80101 Rev. 2; Firmware Version: 0.1.L) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 07/12/2010 04/18/2016 | 4/17/2021 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #1201); HMAC (Cert. #698); SHS (Cert. #1106); Triple-DES (Cert. #869) -Other algorithms: DES; Towitko MAC Multi-chip embedded "The Transceiver Cryptographic Module is a compact hardware module with a firmware component for implementation of cryptographic algorithms. The Crypto Module, in connetion with Comtech's ASDR Transceiver, enables secure over-the-air communications. The module provides a serial interface for communication over a pair of SPI ports." |
| 1322 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Sales TEL: 888-744-4976 CST Lab: NVLAP 100432-0 | TSPP (Hardware Versions: P/Ns TSPP-A and TSPP-B Version 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 or 1.0.5; Firmware Version: 1.10.2) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Hardware | 06/22/2010 03/28/2011 04/12/2011 11/08/2011 01/11/2012 07/09/2012 03/28/2013 01/30/2017 | 1/29/2022 | Overall Level: 3 -FIPS Approved algorithms: DSA (Cert. #375); SHS (Cert. #1071) -Other algorithms: N/A Multi-chip embedded "Thales' TSPP is the multi-chip embedded cryptographic module in its payShield 9000 family of hardware security modules used in the Banking and Finance sector for securing card-based payment transactions. The product family is also used to provide dedicated functionality for key management and message security using algorithms such as Triple-DES, RSA, SHA, HMAC, and AES. TSPP contains a secure bootstrap that authenticates application loading using DSA 2048, so that only application software written by and "signed" by Thales can be loaded and run on TSPP-based products." |
| 1247 | Good Technology, Inc. 430 N. Mary Avenue Suite 200 Sunnyvale, CA 94085 USA Rick Pitz TEL: 408-212-7878 CST Lab: NVLAP 200002-0 | FIPSCrypto on Windows Mobile (Software Version: 4.7.0.50906) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/29/2009 02/05/2010 06/02/2010 10/25/2010 01/20/2011 07/19/2011 10/18/2011 04/04/2012 09/27/2012 10/25/2012 04/24/2013 10/18/2013 09/25/2014 04/10/2015 04/17/2015 10/12/2015 05/11/2016 01/18/2017 | 1/17/2022 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows CE 5.2 -FIPS Approved algorithms: AES (Cert. #1219); Triple-DES (Cert. #879); SHS (Cert. #1122); HMAC (Cert. #712) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1." |
| 1241 | Bloombase, Inc. 1300 Island Drive Redwood City, CA 94065 USA Certification Team TEL: 855-256-6622 FAX: 650-618-9898 CST Lab: NVLAP 200427-0 | Bloombase Cryptographic Module (Software Version: 8.0) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/29/2009 07/02/2010 01/24/2013 03/15/2013 06/03/2016 04/28/2017 | 6/2/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Bloombase SpitfireOS 5 (single-user mode), JRE 1.6 -FIPS Approved algorithms: AES (Cert. #1041); HMAC (Cert. #583); RSA (Cert. #496); SHS (Cert. #991) -Other algorithms: PRNG Multi-chip standalone "Bloombase Cryptographic Module for multi-platforms is a scalable, generic and multipurpose module used by various Bloombase products, performing a broad range of approved cryptographic operations including encryption, key generation, key storage and zeroization, signature generation and verification, hashing, keyed hashing and random number generation, supporting services including cryptography, authentication, PKCS and key management, etc." |
| 1240 | Asigra, Inc. 1120 Finch Avenue West Suite 400 Toronto, Ontario M3J 3H7 Canada David Farajun TEL: 416-736-8111 ext 1800 FAX: 416-736-7120 CST Lab: NVLAP 200427-0 | AsigraEncModule Encryption Library (Software Version: 1.0) Validated to FIPS 140-2 Certificate Security Policy | Software | 01/12/2010 06/03/2016 | 6/2/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Enterprise Edition, 5.2.3790, Service Pack 2 Microsoft Windows Server 2003 (64-bit), Standard Edition, 5.2.3790, Service Pack 1 RedHat Enterprise Linux 5 (32-bit), Update 6 RedHat Enterprise Linux 5 (64-bit), Update 6 Mac OS X, 10.5 (single user mode) -FIPS Approved algorithms: AES (Cert. #968); SHS (Cert. #938); HMAC (Cert. #541) -Other algorithms: PRNG Multi-chip standalone "The AsigraEncModule ("Cryptographic Module" or "Module") is a cryptographic library for C++ language users providing hash algorithms, AES symmetric encryption algorithms and random number generation." |
| 1159 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-Kernel (Software Versions: 1.3.1 [1] and 1.3.1.1 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 07/29/2009 08/20/2010 09/07/2010 02/12/2016 | 2/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron) [1] Windows Server 2003 SP2 (Itanium 2) [1] Windows Server 2003 SP2 (x64 AMD Athlon X2) [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1105 [1] and #1415 [2]); HMAC (Certs. #617 [1] and #835 [2]); SHS (Certs. #1028 [1] and #1285 [2]) -Other algorithms: AES-XTS Multi-chip standalone "RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities." |
| 1093 | Vertex Standard LMR, Inc. Sumitomo Fudosan Tamachi First Building, 4‐6‐8 Shibaura Minato‐ku, Tokyo 108‐0023 Japan Yukimasa Tomita CST Lab: NVLAP 100432-0 | Vertex Standard Cryptographic Module 001 (Hardware Version: P/N 013790D; Firmware Version: 71.72) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 03/03/2009 06/05/2014 07/31/2014 | 7/30/2019 | Overall Level: 1 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #813); SHS (Cert. #813) -Other algorithms: DES; LFSR Multi-chip embedded "The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices." |
| 1043 | Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA Entrust Sales CST Lab: NVLAP 200017-0 | Entrust Entelligence™ Kernel-Mode Cryptomodule (Software Version: 1.1) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Software | 10/15/2008 05/28/2014 | 5/27/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 Microsoft Windows Vista Enterprise, 32-bit edition Microsoft Windows Vista Ultimate SP1 64-bit edition (single-user mode) -FIPS Approved algorithms: AES (Cert. #738); Triple-DES (Cert. #655); Triple-DES MAC (Triple-DES Cert. #655, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Entrust Entelligence Kernel-Mode Cryptomodule is a software module that implements AES encryption and decryption functions suitable for use in kernel-mode drivers on Windows platforms." |
| 911 | Harris Corporation 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA Dennis L. Warheit TEL: 434-455-9205 Shawn Bertrand TEL: 978-905-3064 CST Lab: NVLAP 200427-0 | Harris Corporation Wireless Systems Cryptographic Library (SECLIB) (Software Version: R1A) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 02/07/2008 07/02/2010 04/10/2015 04/27/2016 | 4/26/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional SP2 Windows Server 2003 SP2 Windows 7 Enterprise SP1 running on a Dell Precision Workstation T3500 Windows 8.1 Pro running on a Dell Latitude 430 Android Kit Kat 4.4.2 running on a Samsung Galaxy S5 Active (single-user mode) -FIPS Approved algorithms: AES (Cert. #637); HMAC (Cert. #328); SHS (Cert. #673); Triple-DES (Cert. #591) -Other algorithms: AES MAC (AES Cert. #637; non-compliant); DES; DES MAC; NDRNG; RNG Multi-chip standalone "The Harris Corporation Wireless Systems Cryptographic Library is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements." |
| 881 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Hardware | 11/30/2007 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: Diffie-Hellman (key agreement; key establishment provides 56 bits of encryption strength; non-compliant); DES; MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression." |
| 862 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Certificate Security Policy | Hardware | 11/07/2007 12/13/2013 02/12/2014 | 2/11/2019 | Overall Level: 1 Multi-chip standalone |
| 794 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress® Wireless Security Gateway (Hardware Version: AF2100; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Hardware | 07/02/2007 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression." |
| 760 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.2) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 04/23/2007 05/22/2007 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression." |
| 662 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress ® AF1100 Wireless Cryptographic Module (Hardware Version: AF-1100; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 04/26/2006 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 2 -FIPS Approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant) Multi-chip standalone "The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression." |
| 581 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress™ Wireless Security Gateway (Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Hardware | 10/27/2005 04/26/2007 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant) Multi-chip standalone "The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression." |
| 458 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL TZ 170 (Hardware Version: P/N 101-5000072-00 rev A; Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 09/08/2004 02/24/2005 05/17/2006 04/25/2007 04/21/2015 06/08/2017 | 4/20/2020 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering." |
| 455 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | SonicWALL PRO 3060/4060 (Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A; Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 08/11/2004 02/24/2005 05/17/2006 05/31/2006 04/25/2007 04/21/2015 06/08/2017 | 4/20/2020 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed) -Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SonicWALL PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces." |
| 434 | Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA Entrust Sales CST Lab: NVLAP 200017-0 | Entrust TruePass™ Applet Cryptographic Module (Software Version: 7.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 05/27/2004 05/28/2014 | 5/27/2019 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode) -FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed) -Other algorithms: CAST 128 Multi-chip standalone "The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications." |
| 424 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress® Client Cryptographic Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 05/06/2004 02/07/2006 12/20/2006 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode) -FIPS Approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress™ Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention." |
| 386 | Fortress™ Technologies, Inc. 2 Technology Park Dr Westford, MA 01886-3140 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0 | AirFortress™ Wireless Security Gateway Cryptographic Module (Firmware Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Firmware | 02/19/2004 04/29/2004 03/26/2010 05/17/2013 | 5/16/2018 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested: Fortress interface and Shell (FISH) Version 2.4 -FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression." |
| 368 | Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA Entrust Sales CST Lab: NVLAP 200017-0 | Entrust Authority™ Security Toolkit for C++ (Software Version: 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/16/2003 05/28/2014 | 5/27/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP, SP1a Windows 2000, SP3 and Windows NT 4.0, SP 6a (single user mode) -FIPS Approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Triple-DES Cert. #6, vendor affirmed); AES (Cert. #59); DSA/SHA-1 (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki." |
| 365 | Neopost Technologies 113, rue Jean-Marin Naudin Bagneux 92220 France Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36 CST Lab: NVLAP 100432-0 | Neopostage PSD Module (Hardware Version: P/N 04K9131; Software Version: 1.0.0.0) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 12/16/2003 10/03/2006 01/01/2014 | 12/31/2018 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #178); DSA (Cert. #84; non-compliant) Multi-chip embedded "The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters." |
| 364 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE Crypto-C ME Toolkit (Software Version: 1.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 12/09/2003 04/07/2004 10/01/2004 01/04/2008 10/16/2008 09/07/2010 03/28/2011 01/24/2013 02/12/2016 | 2/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode) -FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 362 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 100432-0 | RSA Applets on the Schlumberger Cyberflex Access 64k Platform (Hardware Version: P/N M512LACC1; Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 11/20/2003 10/16/2008 09/07/2010 02/12/2016 | 2/11/2021 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Triple-DES Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications." |
| 340 | SonicWall, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 Usha Sanagala CST Lab: NVLAP 100432-0 | Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX (Hardware Version: P/N 103-500000-00/101-500040-00 Rev E/Rev C; Firmware Version: 4.1) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 08/29/2003 04/25/2007 04/21/2015 06/08/2017 | 4/20/2020 | Overall Level: 2 -FIPS Approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text." |
| 339 | AKCode, LLC. 13130 Roundup Ave. San Diego, CA 92129 USA Robert Spraggs TEL: 858-484-5634 FAX: 516-706-6468 CST Lab: NVLAP 100432-0 | Anonymous Key Technology-C++ and Java Suite (Software Versions: 1.0.0 and 1.0.2) Validated to FIPS 140-2 Certificate Security Policy | Software | 07/31/2003 10/06/2003 07/28/2005 08/24/2005 06/07/2013 03/20/2015 | 3/19/2020 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows 2000, XP, NT 4.00 and 7 x64 SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode -FIPS Approved algorithms: AES (Certs. #38, #47, #3193 and #3194); SHA-1 (Certs. #128, #142, #2640 and #2641); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed) -Other algorithms: PPP (key transport) Multi-chip standalone "Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows Mobile, MAC iOS, MAC OSX and Google Android, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI." |
| 317 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Encryption Module (Hardware Versions: PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67; Firmware Versions: v03.55 and v03.56) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 05/29/2003 06/11/2003 03/30/2004 01/30/2017 | 1/29/2022 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management." |
| 313 | Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada Entrust Sales CST Lab: NVLAP 200017-0 | Entrust Authority Security Toolkit for Java (Software Version: 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Software | 03/28/2003 05/28/2014 | 5/27/2019 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3 -FIPS Approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Triple-DES Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption) Multi-chip standalone "Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet securityarchitecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms." |
| 309 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE Crypto-C ME Toolkit Module (Software Version: 1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy Vendor Product Link | Software | 03/07/2003 10/01/2004 01/04/2008 10/16/2008 09/07/2010 03/28/2011 01/24/2013 02/12/2016 | 2/11/2021 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode) -FIPS Approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signingalgorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 296 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0 | Atalla Cryptographic Engine (ACE) (ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D) (When operated in FIPS mode) Validated to FIPS 140-2 Certificate Security Policy | Hardware | 03/07/2003 03/18/2003 09/19/2011 01/25/2016 | 1/24/2021 | Overall Level: 3 -Physical Security: Level 3 +EFP -Self Tests: Level 4 -FIPS Approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Triple-DES Cert. #128, vendor affirmed) -Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption) Multi-chip embedded "The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products." |