CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 9/08/2017

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "Other" or "Allowed" have not been tested through the CMVP and are not FIPS-Approved.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Sunset
Date
Level / Description
3012Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Jaroslav Reznik
TEL: +420-532-294-645

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux GnuTLS Cryptographic Module
(Software Version: 5.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/08/20179/7/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 with PAA
Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4658, #4659, #4660, #4661, #4662 and #4663); CVL (Certs. #1307, #1308, #1309 and #1310); DRBG (Certs. #1574 and #1575); DSA (Certs. #1233 and #1234); ECDSA (Certs. #1146 and #1147); HMAC (Certs. #3086 and #3087); RSA (Certs. #2542 and #2543); SHS (Certs. #3817, #3818, #3819 and #3820); Triple-DES (Certs. #2479 and #2480)

-Allowed algorithms: Diffie-Hellman (CVL Certs. #1307 and #1309; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1307 and #1309, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG
Multi-Chip Stand Alone

"GnuTLS is a secure communications library implementing the TLS and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PCKS#12, and other required structures which is shipped with Red Hat Enterprise Linux 7.4."
3011Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

Kasra Akhavan-Toyserkani
TEL: (240) 243-1837
FAX: (240) 243-1853

Parag Patel
TEL: (240) 243-1876
FAX: (240) 243-1853

CST Lab: NVLAP 200928-0
Unified Crypto Module
(Hardware Version: PL-0000235-2; Firmware Version: 2.2.4)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/07/20179/6/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4077, #4078 and #4079); CKG (vendor affirmed); CVL (Certs. #899 and #1084); DRBG (Cert. #1225); ECDSA (Cert. #922); HMAC (Cert. #2663); KBKDF (Cert. #131); RSA (Cert. #2209); SHS (Cert. #3359); Triple-DES (Cert. #2229)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #899, key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Embedded

"The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic."
3010Attivo Networks Inc.
47697 Westinghouse Drive
Suite 201
Fremont, CA 94539
USA

Satya Das
TEL: 510-623-1000

CST Lab: NVLAP 200968-0
Attivo Cryptographic Provider
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/201710/11/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Open JDK 1.8 on CentOS 6.5 Intel 64-bit on ESXi 5.5.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system

-FIPS Approved algorithms: AES (Cert. #4049); CVL (Certs. #878, #879 and #1190); DRBG (Cert. #1213); DSA (Cert. #1095); ECDSA (Cert. #908); HMAC (Cert. #2644); KAS (Cert. #90); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #99); KTS (vendor affirmed); KTS (AES Cert. #4049; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2215; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2084); SHA-3 (Cert. #9); SHS (Cert. #3339); Triple-DES (Cert. #2215)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"Attivo Cryptographic Provider is a component of Attivo Networks’ products such as the Attivo Central Manager 200, BOTsink 3200, and BOTsink 5100. These products constitute the Attivo ThreatMatrix Deception and Response Platform which detects stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments by deceiving attackers into revealing themselves. The detections along with comprehensive attack analysis and actionable alerts empower accelerated incident response."
3009Amazon Web Services, Inc.
410 Terry Ave N
Ste 1200
Seattle, WA 98109-5210
USA

Kelvin Yiu
TEL: n/a
FAX: n/a

Ken Beer
TEL: n/a
FAX: n/a

CST Lab: NVLAP 201029-0
AWS Key Management Service HSM
(Hardware Version: 2.0; Firmware Version: 1.3.6)
(When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/05/20179/4/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4527); CVL (Certs. #1208 and #1209); DRBG (Cert. #1487); ECDSA (Cert. #1102); HMAC (Cert. #2987); KAS (Cert. #122); KBKDF (Cert. #133); KTS (AES Cert. #4527, key establishment methodology provides 128 or 256 bits of encryption strength); KTS (SP 800-56B, vendor affirmed); RSA (Cert. #2464); SHS (Cert. #3708)

-Allowed algorithms: EC Diffie-Hellman (CVL Cert. #1209, key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Multi-Chip Stand Alone

"The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering."
3008Fatpipe, Inc.
4455 South 700 E STE 100
Salt Lake City, UT 84107
United States

Matt Gwyther
TEL: (801) 281 - 3434
FAX: (801) 281 - 0317

CST Lab: NVLAP 200802-0
Fatpipe Crypto Module
(Software Version: 9.1.2-fips)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/31/20178/30/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): LFS (Linux from scratch) 1.1.0 x86 64 Pure64 without PAA running on Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4314 and #4315); CVL (Certs. #1027 and #1028); DRBG (Cert. #1372); DSA (Cert. #1149); HMAC (Cert. #2846); SHS (Cert. #3549)

-Allowed algorithms: Diffie-Hellman (CVL Cert. #1027, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"Fatpipe Crypto Module, a patented router clustering device, is an essential part of Disaster Recovery and Business Continuity Planning for Virtual Private Network (VPN) connectivity. It is integrated with several Kernel Space cryptographic algorithms and other security mechanisms"
3007SafeLogic Inc.
530 Lytton Avenue
Ste. 200
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 201029-0
CryptoComply for Libgcrypt
(Software Version: 4.0)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #2657.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/28/20176/12/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645 and #3646); DRBG (Certs. #972, #973, #974, #975, #979 and #980); DSA (Certs. #1020 and #1021); HMAC (Certs. #2398 and #2399); RSA (Certs. #1882 and #1883); SHS (Certs. #3065 and #3066); Triple-DES (Certs. #2033 and #2034)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength)
Multi-Chip Stand Alone

"SafeLogic CryptoComply for Libgcrypt is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality."
3006Toshiba Memory Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type C2
(Hardware Versions: A0 with PX05SVQ096B, A0 with PX05SVQ192B, A0 with PX05SVQ384B; Firmware Versions: PX05AX01, PX05AX02, PX05AX03, PX05AX04)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/20178/27/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Allowed algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
3005Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Ken Fuchs
TEL: 847-576-5000

CST Lab: NVLAP 100432-0
IPCryptR2
(Hardware Version: BLN1306A; Firmware Version: R06.03.05)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/25/20178/24/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1424 and #1425); CVL (Certs. #262 and #263); ECDSA (Cert. #498); HMAC (Cert. #1780); KTS (AES Cert. #1424 and HMAC Cert. #1780, key wrapping; key agreement methodology provides 256 bits of encryption strength); SHS (Cert. #2381)

-Allowed algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
3004STMicroelectronics
Green Square Building B
Lambroekstraat 5
Diegem/Machelen B-1831
Belgium

Olivier COLLART
TEL: +32 272 450 77
FAX: +32 272 451 43

Fabien ARRIVE
TEL: +33 223 470 633
FAX: +33 223 470 400

CST Lab: NVLAP 200002-0
Trusted Platform Module ST33TPHF20SPI
(Hardware Versions: ST33HTPH2E28AAF0 [1], ST33HTPH2E32AAF0 [1], ST33HTPH2E28AAF1 [1], ST33HTPH2E32AAF1 [1], ST33HTPH2028AAF3 [2] and ST33HTPH2032AAF3 [2]; Firmware Versions: 49.00 [1], 4A.00 [2])
(When operated in FIPS mode and installed, initialized and configured as specified in Section 1.7 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/25/20178/24/2022Overall Level: 2

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4336 and #4338); CKG (vendor affirmed); CVL (Certs. #1041 and #1045); DRBG (Cert. #1361); ECDSA (Cert. #1025); HMAC (Certs. #2870, #2875, #2876 and #2878); KAS (Certs. #108 and #110); KBKDF (Certs. #121 and #123); KTS (AES Certs. #4336 and #4338 and HMAC Certs. #2870 and #2875; key establishment methodology provides 128 bits or 256 bits of encryption strength); RSA (Certs. #2340 and #2342); SHS (Cert. #3539); Triple-DES (Certs. #2343 and #2345)

-Allowed algorithms: NDRNG; RSA (CVL Certs. #1041 and #1045, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single Chip

"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 2.0 specification."
3003Bull Atos Technologies
Boulevard Jean JaurFs
B.P.68
F-78340 Les Clayes sous Bois 78340
France

Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200928-0
CHR Cryptographic Module
(Hardware Version: 005/B; Firmware Version: V1.04-01L)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/24/20178/23/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: RSA (Cert. #2348); SHS (Cert. #3580)

-Allowed algorithms: N/A
Multi-Chip Stand Alone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
3002Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexFabric 5700, 5900 and 5920 Switch Series
(Hardware Versions: {[HPE FlexFabric 5700-32XGT-8XG-2QSFP+ Switch (JG898A), HPE FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-Compliant Switch (JG899A), HPE FlexFabric 5700-40XG-2QSFP+ Switch (JG896A), HPE FlexFabric 5700-40XG-2QSFP+ TAA1-Compliant Switch (JG897A), HPE FlexFabric 5700-48G-4XG-2QSFP+ Switch (JG894A), HPE FlexFabric 5700-48G-4XG-2QSFP+ TAA1-Compliant Switch (JG895A), HPE FlexFabric 5900AF-48G-4XG-2QSFP+ Switch (JG510A), HPE FlexFabric 5900AF-48G-4XG-2QSFP+ TAA1-Compliant Switch (JH038A), HPE FlexFabric 5900AF-48XG-4QSFP+ Switch (JG772A) and HPE FlexFabric 5900AF-48XG-4QSFP+ TAA1-Compliant Switch (JG554A)] with Opacity Kit JH063A, [HPE FlexFabric 5900AF-48XGT-4QSFP+ Switch (JG336A), HPE FlexFabric 5900AF-48XGT-4QSFP+ TAA1-Compliant Switch (JH037A), HPE FlexFabric 5900CP-48XG-4QSFP+ Switch (JG838A) and HPE FlexFabric 5900CP-48XG-4QSFP+ TAA1-Compliant Switch (JH036A)] with Opacity Kit JH719A and [HPE FlexFabric 5920AF-24XG Switch (JG296A) and HPE FlexFabric 5920AF-24XG TAA1-compliant Switch (JG555A)] with Opacity Kit JG720A} with Label Kit JG585A or JG586A; Firmware Versions: HPE Comware 7.1.045, Release R2422P01)
(When operated in FIPS mode with tamper evident labels and opacity kits installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/23/20178/22/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4093 and #4098); CKG (vendor affirmed); CVL (Certs. #911 and #912); DRBG (Cert. #1231); DSA (Cert. #1114); ECDSA (Cert. #927); HMAC (Certs. #2673 and #2678); RSA (Cert. #2217); SHS (Certs. #3369 and #3374)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
3001Toshiba Memory Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type C1
(Hardware Version: A0 with PX05SMQ160B; Firmware Versions: PX05AW01, PX05AW02, PX05AW03, PX05AW04)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/23/20178/22/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Allowed algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
3000Siemens Canada Ltd.
300 Applewood Crescent
Concord, ON L4K 5C7
Canada

Roy Zhang
TEL: 905-482-4548
FAX: 905-856-1995

CST Lab: NVLAP 200416-0
RUGGEDCOM Ethernet Switches and RUGGEDCOM Serial Device Server
(Hardware Versions: M969F, M2100F, M2200F, RSG2100F, RSG2200F, RSG2488F, RS416F, RS900F, RS900GF, and RS940GF; Firmware Version: 4.2.1.F)
(When installed, initialized and configured as specified in the Security Policy Section 3. The tamper evident seals and baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/21/20178/20/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4030 and #4037); CKG (vendor affirmed); CVL (Certs. #858, #859, #861, #862, #863, and #876); DRBG (Certs. #1204 and #1207); ECDSA (Certs. #899 and #903); HMAC (Certs. #2631 and #2635); RSA (Certs. #2072 and #2078); SHS (Certs. #3329 and #3336)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #858 and #863, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (CVL Certs. #862 and #876; key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"The RUGGEDCOM Ethernet Switches and RUGGEDCOM Serial Device Server are utility-grade, fully-managed Ethernet devices designed to operate reliably in electrically harsh and climatically demanding environments. The devices’ rugged hardware design, coupled with the embedded Rugged Operating System (ROS®) version 4.2.1.F, provides improved system reliability and advanced cybersecurity and networking features. This makes them ideally suited for creating secure Ethernet networks for mission-critical, real-time control applications."
2999Huawei Technologies Co., Ltd.
No. 328, Xinghu Street
Suzhou, JIANGSU 215000
CHINA

Yang Ze
TEL: +86 15919432118

Ji Xiang
TEL: +86 15261806635

CST Lab: NVLAP 100432-0
Huawei R230D, R240D and R250D Remote Radio Units
(Hardware Versions: P/Ns R230D, R240D and R250D with Tamper-evident Seals 4057-113016; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper-evident seals and opacity stickers installed as indicated in Section 8 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/21/20178/20/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The Huawei R230D, R240D, R250D Remote Radio Units are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to provide secure communication for data transmitted between different networks. The modules provide network interfaces for data input and output."
2998Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Kevin Rohan
TEL: 1-719-757-3374
FAX: n/a

CST Lab: NVLAP 201029-0
Oracle ILOM OpenSSL FIPS Object Module
(Software Version: 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/18/2017
08/22/2017
08/22/2017
1/29/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Oracle ILOM OS v3.0 running on Oracle ILOM SP v3 (ARM 7) with PAA (gcc Compiler Version 4.9)
Oracle ILOM OS v3.0 running on Oracle ILOM SP v3 (ARM 7) without PAA (gcc Compiler Version 4.9)(single-user mode)

-FIPS Approved algorithms: AES (Cert. #4629); CVL (Cert. #1289); DRBG (Cert. #1557); DSA (Cert. #1224); ECDSA (Cert. #1138); HMAC (Cert. #3064); RSA (Cert. #2527); SHS (Cert. #3793); Triple-DES (Cert. #2462)

-Allowed algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"Oracle ILOM OpenSSL FIPS Object Module is a software library providing a C language application program interface (API) for use by other processes that require cryptographic functionality and is classified by FIPS 1402 as a software module, multichip standalone module embodiment."
2997SafeLogic Inc.
530 Lytton Avenue
Ste. 200
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 201029-0
CryptoComply for NSS
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2711)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/18/201712/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3605, #3606, #3607 and #3609); CVL (Certs. #626 and #627); DRBG (Certs. #936 and #937); DSA (Certs. #1002 and #1003); ECDSA (Certs. #739 and #740); HMAC (Certs. #2300 and #2301); RSA (Certs. #1854, #1855, #2034 and #2035); SHS (Certs. #2966 and #2967); Triple-DES (Certs. #2007 and #2008)

-Allowed algorithms: AES (Certs. #3605, #3606, #3607 and #3609, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Certs.#2007 and #2008, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"SafeLogic CryptoComply for NSS is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality."
2996Alcatel-Lucent Enterprise USA Inc.
26801 West Agoura Road
Calabasas, CA 91301
USA

Eric Tolliver
TEL: 818-878-4623

CST Lab: NVLAP 200556-0
OmniSwitch AOS 8.3.1.R01 Cryptographic Module
(Software Version: AOS 8.3.1.R01)
(When installed, initialized and configured as specified in the Security Policy Section 3.1. When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/18/20178/17/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-24
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-P24
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-48
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860-P48
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-24
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-P24
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-48
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-P48
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6860E-U28
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6865-P16X
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X20
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X40
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-T20
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-T40
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-Q32
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 6900-X72
Alcatel-Lucent Operating System (AOS) 8.3.1.R01 running on an OmniSwitch 9900

-FIPS Approved algorithms: AES (Certs. #4285, #4286, #4287 , #4288, #4440, #4441, #4443 and #4444); CVL (Certs. #1184, #1185, #1186 and #1187); DRBG (Certs. #1345, #1346, #1347 and #1348); ECDSA (Certs. #1078, #1079, #1081 and #1082); HMAC (Certs. #2821, #2822, #2823 and #2824); RSA (Certs. #2306, #2307, #2308 and #2309); SHS (Certs. #3523, #3524, #3525 and #3526); Triple-DES (Certs. #2386, #2387, #2388 and #2389)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength);
Multi-Chip Stand Alone

"The AOS Cryptographic Module version 8.3.1.R01 provides cryptographic functionality to Alcatel-Lucent software applications present on the Alcatel-Lucent OmniSwitch series of routers."
2995Check Point Software Technologies Ltd.
5 Ha'Solelim Street
Tel Aviv 67897
Israel

Malcom Levy
TEL: +972-3-753-4561
FAX: +972-3-624-11-00

CST Lab: NVLAP 200996-0
Check Point Cryptographic Library
(Firmware Version: 1.0)
(When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3 Secure Operation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/16/2017
08/18/2017
8/15/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Check Point 12400 appliance with Check Point OS Version R77.30

-FIPS Approved algorithms: AES (Cert. #3418); CVL (Certs. #514 and #920); DRBG (Cert. #823); ECDSA (Cert. #685); HMAC (Cert. #2176); RSA (Cert. #1750); SHS (Cert. #2824); Triple-DES (Cert. #1929)

-Allowed algorithms: Diffie-Hellman (CVL Cert. #920, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"The Check Point Cryptographic Library is a firmware module that provides cryptographic services to Check Point products. The module provides a number of NIST validated cryptographic algorithms for services such as IPSec and TLS. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module. For the purposes of FIPS 140-2 testing, the module was evaluated running on the Check Point 12400 appliance."
2994Huawei Technologies Co., Ltd.
No. 328, Xinghu Street
Suzhou, JIANGSU 215000
CHINA

Yang Ze
TEL: +86 15919432118

Ji Xiang
TEL: +86 15261806635

CST Lab: NVLAP 100432-0
Huawei AP2030, AP4030, AP4130, AP5030, AP5130, AP6050, AP6150, AP7050 and AP8130 Wireless Access Points
(Hardware Versions: P/Ns AP2030DN, AP4030DN, AP4130DN, AP5030DN, AP5130DN, AP6050DN, AP6150DN, AP7050DE and AP8130DN with Tamper-evident Seals 4057-113016; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/14/20178/13/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The Huawei AP AP2030, AP4030, AP4130, AP5030, AP5130, AP6050, AP6150, AP7050 and AP8130 Wireless Access Points are multi-chip standalone cryptographic modules enclosed in hard, commercial grade plastic and metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to provide secure communication for data transmitted between different networks. The modules provide network interfaces for data input and output."
2993Huawei Technologies Co., Ltd.
N. 328, Xinghu Street
Suzhou, JIANGSU 215000
CHINA

Yang Ze
TEL: +86 15919432118

Ji Xiang
TEL: +86 15261806635

CST Lab: NVLAP 100432-0
Huawei AD9430DN-12 Wireless Access Device
(Hardware Versions: P/Ns AD9430DN-12, Tamper Seals P/N 4057-113016; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/14/20178/13/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The Huawei AD9430DN-12 Wireless Access Device is a multi-chip standalone cryptographic module enclosed in a hard, commercial grade metal plastic case. The cryptographic boundary for this module is the enclosure. The primary purpose of this module is to provide secure communication for data transmitted between different networks. The module provides network interfaces for data input and output."
2992Huawei Technologies Co., Ltd.
No. 328, Xinghu Street
Suzhou, JIANGSU 215000
CHINA

Yang Ze
TEL: +86 15919432118

Ji Xiang
TEL: +86 15261806635

CST Lab: NVLAP 100432-0
Huawei AD9430DN-24 Wireless Access Device
(Hardware Versions: P/Ns AD9430DN-24 with Tamper-evident Seals 4057-113016 and External Baffles 99089JEB; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper evident seals and baffles installed as indicated in Section 5.1 of the Security Policy. The protocol TLS shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/14/20178/13/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Allowed algorithms: Diffie Hellman (CVL Cert. #1114, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The Huawei AD9430DN-24 Wireless Access Device is a multi-chip standalone cryptographic module enclosed in a hard, commercial grade metal case. The cryptographic boundary for this module is the enclosure. The primary purpose of this module is to provide secure communication for data transmitted between different networks. The module provides network interfaces for data input and output."
2991Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

JungHa Paik
TEL: +82-10-8861-0858

CST Lab: NVLAP 200997-0
Samsung BoringSSL Cryptographic Module
(Software Version: 1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/10/20178/9/2022Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 7.0 with processor Qualcomm MSM8998 running on Samsung Galaxy S8+
Android 7.0 with processor Samsung EXYNOS8895 running on Samsung Galaxy S8
Android 7.0 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge
Android 7.0 with processor Samsung EXYNOS8890 running on Samsung Galaxy S7 Edge
Android 7.0 with processor Samsung EXYNOS7420 running on Samsung Galaxy S6 Edge
Android 7.0 with processor Qualcomm MSM8996 running on Samsung Galaxy Tab S3
Android 7.0 with processor Qualcomm MSM8917 running on Samsung Galaxy J3
Android 7.0 with processor Samsung EXYNOS7570 running on Samsung Galaxy J3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4432); CVL (Certs. #1142 and #1143); DRBG (Cert. #1431); DSA (Cert. #1189); ECDSA (Cert. #1074); HMAC (Cert. #2944); KTS (AES Cert. #4432); RSA (Cert. #2413); SHS (Cert. #3650)

-Allowed algorithms: Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength)
Multi-Chip Stand Alone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data."
2990Aruba a Hewlett Packard Enterprise company
8000 Foothills Blvd
Roseville, CA 95747
USA

Susan Scotten
TEL: 916-785-8742

CST Lab: NVLAP 200002-0
Aruba 2920 Switch Series
(Hardware Versions: J9726A and J9729A; Firmware Version: WB.16.02.0015)
(When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 11)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/10/20178/9/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4305); CVL (Cert. #1019); DRBG (Cert. #1366); DSA (Cert. #1145); HMAC (Cert. #2841); RSA (Cert. #2326); SHS (Cert. #3544); Triple-DES (Cert. #2326)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Aruba 2920 Switch series is a scalable Basic Layer 3 switch series that delivers modular stacking, static & RIP routing, IPv6, ACLs, and sFlow for a better mobile-first campus network experience. With a powerful ProVision ASIC, the 2920 provides security, scalability, and ease of use for the enterprise campus, SMB, and branch office networks."
2989Aruba, a Hewlett Packard Enterprise company
3333 Scott Blvd
Santa Clara, CA 95054
USA

Steve Weingart
TEL: 512-319-2480

CST Lab: NVLAP 200427-0
Aruba AP-324 and AP-325 Wireless Access Points
(Hardware Versions: [AP-324-F1 (HPE SKU JW185A) and AP-325-F1 (HPE SKU JW187A)] with FIPS Kit 4011570-01 (HPE SKU JY894A); Firmware Version: ArubaOS 6.5.1-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/10/20178/9/2022Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #3998 and #4138); CVL (Certs. #825, #944 and #945); DRBG (Cert. #1188); ECDSA (Certs. #891 and #950); HMAC (Certs. #538, #2610 and #2711); KBKDF (Cert. #92); RSA (Certs. #2054, #2254 and #2395); SHS (Certs. #934, #3300, #3408 and #3633); Triple-DES (Certs. #758, #2196 and #2262)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2988Citrix Systems, Inc.
851 Cypress Creek Road
Fort Lauderdale, FL 33309
USA

Ben Tucker
TEL: 954-267-3094

Jon Andersen
TEL: 954-940-7737

CST Lab: NVLAP 100432-0
Citrix FIPS Cryptographic Module
(Hardware Versions: ARM v8-A, ARM v7-A, Intel Core i7 4th Generation, Intel Core i7 6th Generation, Intel Xeon 5600 series, Intel Exon E5-2600 v2 series; Software Version: 1.0)
(When operated in FIPS Mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid08/10/20178/9/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): iOS 10 64bit running on an Apple 12.9-inch iPad Pro (A1584) with PAA
Android 4.4 running on a Google Nexus 5 (LG D820) with PAA
Android 5 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
Android 6 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
Windows 10 32bit running on a Lenovo 20CD00B2US with PAA
Android 6 running on a Samsung Galaxy S6 (SM-G920T) with PAA
Android 7 running on a Google Nexus 6 (Motorola Nexus 6 XT11003) with PAA
Android 7 running on a Google Nexus 5X (LG H790) with PAA
Windows 10 64bit running on a Lenovo 20EV002JUS with PAA
Linux 3.16 under XenServer 6 64bit running on a Dell PowerEdge C6100 with PAA
Linux 3.16 under ESXi 5 64bit running on a HP ProLiant DL2000 with PAA
Linux 3.16 under Hyper-V on Windows Server 2012 R2 64bit running on a HP ProLiant DL2000 with PAA
FreeBSD 8.4 32bit running on a Citrix NetScaler MPX-14000-FIPS with PAA
FreeBSD 8.4 64bit running on a Citrix NetScaler MPX-14000-FIPS with PAA
Mac OS X 10.12 64bit running on an Apple Macbook Pro (A1398) with PAA
Linux 3.13 64bit running on a Lenovo 20EV002JUS with PAA
ViewSonic Thin OS running on a ViewSonic VS16585 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4397); CVL (Certs. #1101, #1102, #1103, #1104, #1105 and #1106); DRBG (Cert. #1417); DSA (Cert. #1174); ECDSA (Cert. #1056); HMAC (Cert. #2923); KAS (SP 800-56A-rev2 with CVL Certs. #1101, #1102, #1103 and #1106, vendor affirmed); KAS (SP 800-56B with CVL Certs. #1101, #1102, #1103 and #1104, vendor affirmed); KTS (AES Cert. #4397; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2379); SHS (Cert. #3626); Triple-DES (Cert. #2371)

-Allowed algorithms: MD5
Multi-Chip Stand Alone

"The Citrix FIPS Cryptographic Module is a software toolkit which provides various cryptographic functions to support the Citrix product portfolio."
2987Trustonic
20 Station Road
Cambridge CB1 2JD
United Kingdom

Alec Edgington
TEL: +44 1223 347864

Mark Wooding
TEL: +44 1223 347853

CST Lab: NVLAP 100432-0
TRICX Cryptographic Library
(Software Version: 1.0)
(No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/10/20178/9/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Trustonic Kinibi 400A running on an ARM Cortex-A53 with PAA
Trustonic Kinibi 400A running on an ARM Cortex-A53 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4468); CVL (Cert. #1180); DRBG (Cert. #1450); ECDSA (Cert. #1090); HMAC (Cert. #2965); KAS (Cert. #119, SP 800-56Arev2, vendor affirmed); KTS (AES Cert. #4468; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #2443); SHS (Cert. #3680); Triple-DES (Cert. #2398)

-Allowed algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Multi-Chip Stand Alone

"TRICX is a general-purpose cryptographic library designed to be statically linked with a Trusted Application running on Trustonic's Kinibi operating system in a Trusted Execution Environment."
2986Oberthur Technologies
4250 Pleasant Valley Rd
Chantilly, VA 20151
USA

Christophe Goyet
TEL: +1 703-322-8951
FAX: n/a

Said Boukyoud
TEL: +33 178 147 258
FAX: n/a

CST Lab: NVLAP 100432-0
ID-One PIV on Cosmo V8.1
(Hardware Versions: P/Ns ‘30-5F01’ [1] and '40-6001' [2]; Firmware Versions: Firmware Extensions: ‘086294’+’086683’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 LARGE) [1] and Firmware Extensions: ‘086294’+’086693’ (ID-One PIV Applet Suite 2.4.0 on Cosmo V8.1 STD) [2])
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

PIV Certificate #39

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/10/20178/9/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4107, #4108 and #4109); CVL (Certs. #921, #953 and #954); DRBG (Cert. #1234); ECDSA (Cert. #933); HMAC (Cert. #2683); KAS (Cert. #48); KBKDF (Cert. #106); KTS (AES Certs. #4107, #4108 and #4109); RSA (Certs. #2252 and #2253); SHA-3 (Cert. #6); SHS (Certs. #3379 and #3380); Triple-DES (Cert. #2245)

-Allowed algorithms: NDRNG
Single Chip

"ID-One PIV on Cosmo V8.1 is the next generation of Personal Identification and Verification cards. It has an AES-256 Security Architecture and support both contact and contactless communications. It supports all features described in FIPS 201-2, SP800-73-4 and SP800-76-2 including Virtual Contact Interface and fingerprint on-card comparison. It can be used as a Smart Card (PIV/CIV) to provide physical and logical access control, or embedded in a hardware token for Derived Credentials. Its additional SAM capabilities make it the ideal portable HSM for the post-issuance management of PIV cards."
2985Technologie Humanware
1800, rue Michaud
Drummondville, QC J2C 7G7
Canada

Dominic R. Labbé
TEL: 450-463-1717

CST Lab: NVLAP 200556-0
HumanWare Kernel Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/05/20178/4/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 4.4 running on a HumanWare BrailleNote Touch

-FIPS Approved algorithms: AES (Cert. #4464); HMAC (Cert. #2962); SHS (Cert. #3676)

-Allowed algorithms: N/A
Multi-Chip Stand Alone

"The Technologie Humanware HumanWare Kernel Cryptographic Module v1.0 is a software module providing cryptographic functionality to the HumanWare BrailleNote Touch. The HumanWare Kernel Cryptographic Module provides data encryption for calling applications on the HumanWare BrailleNote Touch."
2984Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco FIPS Object Module
(Software Version: 6.2)
(When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/03/20178/2/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 3.10 running on an ARMv8 on a Google Nexus 5x
Apple iOS 9 running on an ARMv8 on an Apple iPad Air 2
FreeBSD 10.3 running on an Intel Xeon on a Supermicro Intel Xeon E5
Linux 3.10 running on an Intel Core i5 without PAA on a Lenovo M900
Linux 3.10 running on an Intel Core i5 with PAA on a Lenovo M900
Linux 2.6 running on a Cavium Octeon MIPS64 on a Cisco WLC 5508
Linux 2.6 running on a Cavium Octeon MIPS64 with assembler on a Cisco WLC 5508
Linux 3.10 running on a Cavium Octeon MIPS64 with assembler on a Cisco ASA FPR-2100
Windows 10 running on an Intel Core i5 without PAA on a Lenovo M900
Windows 10 running on an Intel Core i5 with PAA on a Lenovo M900
FreeBSD 10.3 running on an Intel Xeon E5 on a Cisco UCS C220 M4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4233, #4234, #4235, #4236 and #4237); CVL (Certs. #981, #982, #983 and #984); DRBG (Certs. #1316 and #1317); DSA (Certs. #1129 and #1130); ECDSA (Certs. #978 and #979); HMAC (Certs. #2771, #2772, #2773, #2774, #2775 and #2776); KBKDF (Certs. #108 and #109); RSA (Certs. #2285 and #2286); SHS (Certs. #3470, #3471, #3472, #3473, #3474 and #3475); Triple-DES (Certs. #2292, #2293 and #2294)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 132 bits of encryption strength)
Multi-Chip Stand Alone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2983Ixia
26601 W. Agoura Road
Calabasas, CA 91302
USA

Tom Casella
TEL: 1-877-367-4942
FAX: 1-818-871-1805

Jarrod Tsukada
TEL: 1-877-367-4942
FAX: 1-818-871-1805

CST Lab: NVLAP 200996-0
Net Tool Optimizer (NTO) 7303
(Hardware Versions: NTO 7303 Chassis P/N 991-0082-01, NTO 7300 Series Supervisor Module P/N 992-0059-01 (QTY: 2), NTO 7300 Series Line Card with 16 QSFP+ ports P/N 992-0045-01, NTO 7300 Series Carrier Line Card Hydra P/N 992-0075-01 with NTO 7300 Series Advanced Feature Module Cassette with 16 SFP+ ports P/N 992-0067-01 (QTY: 2), NTO 7300 Series Carrier Line Card Hydra P/N 992-0075-01 with NTO 7300 Series 100G Port Interface Cassette P/N 992-0066-01 (QTY: 2), NTO 7300 Series Smart Blank Line Card P/N 992-0043-01, NTO 7300 Series PCM Line Card with 48 SFP+ ports P/N 992-0051-01, NTO 7300 Series ATIP Line Card with 48 SFP+ ports P/N 992-0050-01, NTO 7300 Series Fan Module Unit P/N 991-2013-01 (QTY: 6); Firmware Version: 4.5.0.16)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/03/20178/2/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4089); CKG (vendor affirmed); CVL (Cert. #904); DRBG (Cert. #1227); HMAC (Cert. #2669); PBKDF (vendor affirmed); RSA (Cert. #2213); SHS (Cert. #3365)

-Allowed algorithms: NDRNG; RSA (key transport; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"Designed to sit between a customer’s network and security tools, the NTO 7303 is a solution that controls the flow of network traffic to destination security devices and applications. The module uses a pool of high-speed data interfaces that are intended to forward different classes of traffic based on filters applied to each interface."
2982Ixia
26601 W. Agoura Road
Calabasas, CA 91302
USA

Tom Casella
TEL: 1-877-367-4942
FAX: 1-818-871-1805

Jarrod Tsukada
TEL: 1-877-367-4942
FAX: 1-818-871-1805

CST Lab: NVLAP 200996-0
Vision ONE
(Hardware Versions: Vision ONE Chassis P/N 991-0114-01, Vision ONE AC Power Supply P/N 991-3023-01 (QTY: 2), Vision ONE Fan Assembly P/N 991-2020-02 (QTY: 2); Firmware Version: 4.5.0.16)
(When operated in FIPS mode and with tamper evident seals installed)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/03/20178/2/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4089); CKG (vendor affirmed); CVL (Cert. #904); DRBG (Cert. #1227); HMAC (Cert. #2669); PBKDF (vendor affirmed); RSA (Cert. #2213); SHS (Cert. #3365)

-Allowed algorithms: NDRNG; RSA (key transport; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"Designed to sit between a customer’s network and security tools, Vision ONE is a solution that controls the flow of network traffic to destination security devices and applications. The module uses a pool of high-speed data interfaces that are intended to forward different classes of traffic based on filters applied to each interface."
2981BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario N2K OA7
Canada

Security Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0
BlackBerry Cryptographic Java Module
(Software Version: 2.9)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/01/20177/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950
Android 6.0.1 with processor Qualcomm 8992 Snapdragon running on BlackBerry PRIV
Android OS API Level 17 with processor NXP ARM Cortex-A9 running on Ricoh MP C3004 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3988, #4299 and #4300); CKG (vendor affirmed); DRBG (Certs. #1180, #1359 and #1360); DSA (Certs. #1084, #1142 and #1143); ECDSA (Certs. #884, #1009 and #1010); HMAC (Certs. #2603, #2835 and #2836); KAS (Certs. #83, #98 and #99); KTS (vendor affirmed); RSA (Certs. #2046, #2320 and #2321); SHS (Certs. #3292, #3537 and #3538); Triple-DES (Certs. #2188, #2320 and #2321)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry products such as the BlackBerry PlayBook Administration Service, and other BlackBerry products."
2980Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0
Security Builder FIPS Java Module
(Software Version: 2.9)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/01/20177/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950
Android 6.0.1 with processor Qualcomm 8992 Snapdragon running on BlackBerry PRIV
Android OS API Level 17 with processor NXP ARM Cortex-A9 running on Ricoh MP C3004 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3988, #4299 and #4300); CKG (vendor affirmed); DRBG (Certs. #1180, #1359 and #1360); DSA (Certs. #1084, #1142 and #1143); ECDSA (Certs. #884, #1009 and #1010); HMAC (Certs. #2603, #2835 and #2836); KAS (Certs. #83, #98 and #99); KTS (vendor affirmed); RSA (Certs. #2046, #2320 and #2321); SHS (Certs. #3292, #3537 and #3538); Triple-DES (Certs. #2188, #2320 and #2321)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
2979Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Adaptive Security Appliances Cryptographic Module
(Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4] or [CISCO-FIPS-KIT=][5]; Firmware Version: 9.6)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco Firepower Cryptographic Module validated to FIPS 140-2 under Cert. #2960 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/01/20177/31/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301, #4249 and #4266); CVL (Certs. #1002 and #1008); DRBG (Certs. #332, #336, #819, #1328 and #1337); ECDSA (Certs. #989 and #995); HMAC (Certs. #1247, #1514, #2095, #2787 and #2811); RSA (Certs. #2297 and #2298); SHS (Certs. #1794, #2091, #2737, #3486 and #3512); Triple-DES (Certs. #1321, #1513, #1881, #2304 and #2307)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"Enterprise-class firewall capabilities for the ASA devices in an array of form factors - standalone appliances tailor-made for small and midsize businesses, midsize appliances for businesses improving security . This solution offers the combination of the industry's most deployed stateful firewall with a comprehensive range of next-generation network security services."
2978Canonical Ltd.
5th floor, Blue Fin Building
110 Southwark Street
London SE1 0SU
United Kingdom

Joy Latten

Andrew Cloke

CST Lab: NVLAP 200658-0
Ubuntu Strongswan Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode and with module Ubuntu Kernel Crypto API Cryptographic Module validated to FIPS140-2 under Cert. #2962 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/31/20177/30/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374 and #4375); CVL (Cert. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1154, #1155, #1156, #1157, #1158, #1159 and #1160); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900, #2901, #2970, #2971, #2972, #2973, #2974, #2976 and #2977); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598, #3599, #3687, #3688, #3689, #3690, #3691, #3693 and #3694); Triple-DES (Certs. #2355, #2356 and #2357)

-Allowed algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"Ubuntu Strongswan Cryptographic Module provides cryptographic services for the Internet Key Exchange (IKE) protocol in the Ubuntu Operating System user space."
2977Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Liu Pinping
TEL: +86 15850529039

CST Lab: NVLAP 100432-0
Huawei S7700 Series Switches
(Hardware Versions: S7703 P/N 02113959 Version P.3 with [1, 2 and 7], S7706 P/N 02113960 Version N.2 with [1, 3, 5 and 7] and S7712 P/N 02113961 Version P.2 with [1, 4, 6 and 7]; LPU P/N 03030MQP [1], MPU P/N 03030MPV [2], MPU P/N 03030MQS [3], MPU P/N 03031FSL [4], CSS P/N 03030QHL [5], CSS P/N 03030XYD [6] and Tamper Seals P/N 4057-113016 [7]; Firmware Version: V200R010C00SPC900B900)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/31/20177/30/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The S7700 Smart Routing Switch (S7700 for short) is a high-end smart routing switch designed for next-generation enterprise networks. The S7700 design is based on Huawei's intelligent multi-layer switching technology to provide intelligent service optimization methods, such as MPLS VPN, traffic analysis, comprehensive QoS policies, controllable multicast, load balancing, and security, in addition to high-performance Layer 2 to Layer 3 switching services."
2976D'Crypt Private Limited
28 Sin Ming Lane, #06-133
Midview City 573972
Singapore

Sales & Marketing
TEL: (65)6933 1800
FAX: (65)6684 5142

Quek Gim Chye
TEL: (65)6933 1800
FAX: (65)6684 5142

CST Lab: NVLAP 100432-0
d’Cryptor® SC
(Hardware Versions: P/N: DC-SPC-1, HW Version: 1.0; Firmware Version: 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/31/20177/30/2022Overall Level: 4

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: ECDSA (Cert. #859); SHS (Cert. #3230)

-Allowed algorithms: N/A
Single Chip

"The d'cryptor SC is a single-chip (ASIC) hardware security module designed for high security assurance applications. Its bootloader accepts a firmware image after successful authentication, performs a cryptographic verification of the received image and hands control over to the firmware upon successful verification. The SC can be employed as a secure cryptographic coprocessor in security modules where it provides a secure operational environment and high-performance cryptographic support. The SC supports a multitude of interfaces, including several UARTs, SPIs, I²C and numerous GPIOs."
2975Western Digital Technologies, Inc. HGST, a Western Digital brand
5601 Great Oaks Parkway
San Jose, CA 95119
USA

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar® SS300 TCG Enterprise SSD
(Hardware Versions: P/Ns HUSMM3216ASS205 (001) [1, 2, 3, 4, 5], HUSMM3232ASS205 (001) [1, 2, 3, 4, 5], HUSMM3240ASS205 (001) [1, 2, 3, 4, 5], HUSMM3280ASS205 (001) [1, 2, 3, 4, 5], HUSMR3216ASS205 (001) [1, 2, 3, 4, 5], HUSMR3232ASS205 (001) [1, 2, 3, 4, 5], HUSMR3240ASS205 (001) [1, 2, 3, 4, 5] and HUSMR3280ASS205 (001) [1, 2, 3, 4, 5]; Firmware Versions: R098 [1], R100 [2], R110 [3], R116 [4] or R118 [5])
(When operated in FIPS mode, installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/28/20177/27/2022Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4281 and #4309); CKG (vendor affirmed); DRBG (Cert. #1341); HMAC (Cert. #2817); PBKDF (vendor affirmed); RSA (Cert. #2302); SHS (Certs. #3517 and #3519)

-Allowed algorithms: NDRNG
Multi-Chip Embedded

"HGST Self-Encrypting TCG Enterprise drives meet or exceed the most demanding performance and security requirements. Ultrastar® SS300 solid-state TCG Enterprise 2.5-inch SAS drives support multiple MLC capacities, the 12 Gbps SAS-3 Interface and multiple Drive Write Day rates."
2974Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

Jung Ha Paik
TEL: +82-10-8861-0858

CST Lab: NVLAP 200002-0
Samsung Kernel Cryptographic Module
(Software Versions: 1.6.1 [1] and 1.8 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/20177/26/2022Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0.1 (Kernel 3.10) running on Samsung Galaxy J3 [1]
Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 with PAA [2]
Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 without PAA [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4403, #4424, #4425, #4426 and #4427); HMAC (Certs. #2926, #2936, #2937, #2938 and #2939); SHS (Certs. #3630, #3641, #3642, #3643 and #3644)

-Allowed algorithms: NDRNG
Multi-Chip Stand Alone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2973Bluechip Systems LLC
2350 Mission College Blvd
Suite 290
Santa Clara, CA 95054
USA

Uri Kreisman
TEL: 650-257-8000
FAX: 650-241-1895

CST Lab: NVLAP 100432-0
MicroCloud X4
(Hardware Versions: P/Ns MCX4-004, MCX4-008; Firmware Versions: X4 Linux 3.4.110.1, MicroCloud Manager 1.9)
(No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/20177/26/2022Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4250 and #4251); DRBG (Cert. #1329); ECDSA (Certs. #990, #991 and #992); HMAC (Cert. #2789); KTS (AES Cert. #4251, key wrapping; key agreement methodology provides 256 bits of encryption strength); PBKDF (vendor affirmed); SHS (Certs. #3487, #3488 and #3489)

-Allowed algorithms: N/A
Multi-Chip Stand Alone

"The Module is a Linux computer in a microSD form factor, providing hardware isolated cryptographic services to host devices into which it is inserted. Main functions of the Module are Cryptographic Support, User Data Protection, Security Management and Protection of the Security Functionality. The cryptographic boundary is SD bus interface of the microSD."
2972Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Liu Pinping
TEL: +86 15850529039

CST Lab: NVLAP 100432-0
Huawei S5720-SI & S5720-LI Series Switches
(Hardware Versions: S5720-12TP-LI-AC P/N 98010567 Version E.3 with [1 and 2], S5720-12TP-PWR-LI-AC P/N 98010570 Version D.2 with [1 and 2], S5720-28X-LI-24S-AC P/N 98010629 Version D.2 with [1 and 2], S5720-28X-LI-AC P/N 98010581 Version C.2 with [1 and 2], S5720-28X-PWR-LI-AC P/N 98010593 Version C.2 with [1 and 2], S5720-28X-PWR-SI-AC P/N 02350DLW Version E.3 with [1 and 2], S5720-28X-SI-24S-AC P/N 98010625 Version C.22 with [1 and 2], S5720-28X-SI-AC P/N 02350DLT Version E.3 with [1 and 2], S5720-52P-LI-AC P/N 98010600 Version C.2 with [1 and 2], S5720-52P-PWR-LI-AC P/N 98010612 Version C.2 with [1], S5720-52P-SI-AC P/N 02350DLU Version E.3 with [1 and 2], S5720-52X-LI-AC P/N 98010606 Version D.2 with [1 and 2], S5720-52X-PWR-LI-AC P/N 98010619 Version C.2 with [1], S5720-52X-PWR-SI-AC P/N 02350DLX Version E.3 with [1 and 2], S5720-52X-SI-AC P/N 02350DLV Version E.3 with [1 and 2]; Tamper Seals P/N 4057-113016 [1] and External Baffle P/N 99089JEB [2]; Firmware Version: V200R010C00SPC900B900)
(When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy (applies to S5720-52X-LI-AC, S5720-28X-PWR-LI-AC, S5720-12TP-LI-AC and S5720-12TP-PWR-LI-AC).)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/20177/26/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The S5720 series Ethernet switches are next-generation energy-saving switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service aggregation. Based on cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the S5720 provides a large switching capacity, high reliability (double power slots and hardware Ethernet OAM), and high-density GE ports to accommodate 10 Gbit/s upstream transmissions. The S5720 is available in a lite (LI) series, a standard (SI) series, an enhanced (EI) series, and a hyper (HI) series."
2971Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Liu Pinping
TEL: +86 15850529039

CST Lab: NVLAP 100432-0
Huawei S5720-EI Series Switches
(Hardware Versions: S5720-36C-EI-28S-AC P/N 02359503 Version M.2, S5720-36C-EI-AC P/N 02359562 Version M.2, S5720-56C-EI-AC P/N 02359504 Version K.2, S5720-36C-PWR-EI-AC P/N 02359573 Version L.3 and S5720-56C-PWR-EI-AC P/N 02359576 Version L.2 all with Tamper Seals P/N 4057-113016 and External Baffle P/N 99089JEB; Firmware Version: V200R010C00SPC900B900)
(When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/20177/26/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The S5720 series Ethernet switches are next-generation energy-saving switches developed by Huawei to meet the demand for high-bandwidth access and Ethernet multi-service aggregation. Based on cutting-edge hardware and Huawei Versatile Routing Platform (VRP) software, the S5720 provides a large switching capacity, high reliability (double power slots and hardware Ethernet OAM), and high-density GE ports to accommodate 10 Gbit/s upstream transmissions. The S5720 is available in a lite (LI) series, a standard (SI) series, an enhanced (EI) series, and a hyper (HI) series."
2970Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 13705
France

Carlos ROMERO-LICERAS
TEL: +33 442365666
FAX: +33 442365545

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
Prime PIV v2.1 Applet on TOP DL V2.1 platform
(Hardware Version: NXP P60D144P VA (MPH149); Firmware Versions: TOPDLV2.1 (Filter04), PIV Applet version 2.1)
(When operated in FIPS mode)

PIV Certificate #38

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid07/26/20177/25/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3543); CVL (Certs. #597, #815 and #834); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); KTS (AES Cert. #3543; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984)

-Allowed algorithms: NDRNG
Single Chip

"« Prime PIV v2.1 » is a FIPS201-2 smart card running on TOP DL V2.1 platform, which complies with the latest version of NIST SP800-73-4 and NIST SP800-85A-4. The product can be used over Contact and Contactless interfaces (ISO 7816 & 14443).Algorithms have been optimized to comply with NIST SP800-78-4 (AES CMAC for OPACITY secure messaging)."
2969McAfee LLC
2200 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 972.963.7326

CST Lab: NVLAP 201029-0
McAfee OpenSSL FIPS Object Module
(Software Version: 1.0.1)
(When operated in FIPS mode. When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/25/20177/24/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Linux 3.10 on VMware ESXi 5.5 running on Intel Xeon (gcc Compiler Version 4.8.5) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4511); CVL (Cert. #1197); DRBG (Cert. #1474); DSA (Cert. #1201); ECDSA (Cert. #1097); HMAC (Cert. #2980); RSA (Cert. #2459); SHS (Cert. #3699); Triple-DES (Cert. #2408)

-Allowed algorithms: EC Diffie-Hellman (CVL Cert. #1197, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength)
Multi-Chip Stand Alone

"The McAfee OpenSSL FIPS module provides cryptographic services for McAfee products."
2968Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Shi Lisha
TEL: +86 13451902202

CST Lab: NVLAP 100432-0
Huawei AR2240, AR3260 and AR169FGVW-L Series Routers
(Hardware Versions: AR2240 P/N 03022UFU Version C.2, AR3260 P/N 03022NPN Version I.3 and AR169FGVW-L P/N 50010168 Version L.2; Tamper Evident Seals P/N 4057-113016 and External Baffle P/N 99089JEB; Firmware Version: V200R008C10SPC120)
(When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocols IKEv1 and SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/25/20177/24/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4323); CKG (vendor affirmed); CVL (Cert. #1036); DRBG (Cert. #1379); ECDSA (Cert. #1023); HMAC (Cert. #2861); KTS (AES Cert. #4323 and HMAC Cert. #2861; key establishment methodology provides 128 bits of encryption strength); KTS (Triple-DES Cert. #2335 and HMAC Cert. #2861; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #3565); Triple-DES (Cert. #2335)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"ARs are located between an enterprise network and a public network, functioning as the only ingress and egress for data transmitted between the two networks. The deployment of various network services over the ARs reduces operation & maintenance (O&M) costs as well as those associated with establishing an enterprise network."
2967

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/26/20177/25/2022Overall Level: 3

Multi-Chip Stand Alone
2966Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
USA

Loren Shade
TEL: 978-264-6600

CST Lab: NVLAP 200928-0
Allegro Cryptographic Engine
(Software Version: 6.2)
(When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/20/20177/19/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 10 running on a Microsoft Surface Pro 4 with PAA
Windows 10 running on a Microsoft Surface Pro 4 without PAA
Linux Mint 18 Cinnamon running on an Intel NUC System with PAA
Linux Mint 18 Cinnamon running on an Intel NUC System without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4121); CKG (vendor affirmed); CVL (Certs. #927 and #1074); DRBG (Cert. #1241); DSA (Cert. #1116); ECDSA (Cert. #936); HMAC (Cert. #2692); KTS (AES Cert. #4121, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2227); SHS (Cert. #3390); SHA-3 (Cert. #8); Triple-DES (Cert. #2251)

-Allowed algorithms: Diffie-Hellman (CVL Cert. #927, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #927, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; NDRNG
Multi-Chip Stand Alone

"Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace."
2965Dolby Laboratories, Inc.
1275 Market Street
San Francisco, CA 94103
USA

Jean-Philippe Viollet
TEL: 818-524-2956
FAX: N/A

CST Lab: NVLAP 200802-0
IMS3-SM
(Hardware Versions: IMS3-41 [A], IMS3-42 [A] and IMS3-43 [A]; Firmware Versions: (1.2.9-0, 1.2.9-3 and 1.2.4-0) [A])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/20177/18/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4418, #4419 and #4421); CKG (vendor affirmed); DRBG (Cert. #1427); HMAC (Cert. #2934); KTS (AES Cert. #4421); RSA (Cert. #2407); SHS (Cert. #3639)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Embedded

"The IMS3-SM is the module that contains the Security Manager present in the Dolby Laboratories, Inc. IMS3000 (for hardware models IMS3-41, IMS3-42, IMS3-43) that can be hosted inside D-Cinema DLP projectors. It supports highest JPEG-2000 decoding capabilities and accepts alternative content as well."
2964Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
USA

Adam Langley

CST Lab: NVLAP 201029-0
BoringCrypto
(Software Version: 24e5886c0edfc409c8083d10f9f1120111efd6f5)
(When installed, initialized and configured as specified in Section 12.1 of the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/19/20177/18/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Ubuntu Linux 14.04 LTS running on Intel Xeon E5 without PAA (clang Compiler Version 4.0.0)
Ubuntu Linux 16.04 running on Intel Xeon E5 with PAA (clang Compiler Version 4.0.0)
Ubuntu Linux 15.04 running on POWER8 without PAA (clang Compiler Version 4.0.0)
Ubuntu Linux 17.04 running on POWER8 with PAA (clang Compiler Version 4.0.0)
Ubuntu Linux 17.04 running on POWER9 with PAA (clang Compiler Version 4.0.0) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4558); CVL (Cert. #1240); DRBG (Cert. #1507); ECDSA (Cert. #1112); HMAC (Cert. #3011); KTS (AES Cert. #4558; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #2485); SHS (Cert. #3736); Triple-DES (Cert. #2428)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"A software library that contains cryptographic functionality to serve BoringSSL and other user-space applications."
2963HGST, a Western Digital company
5601 Great Oaks Parkway
San Jose, CA 95119
USA

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar® He¹² TCG Enterprise HDD
(Hardware Versions: P/Ns HUH721212AL5205 (0001) [1, 2], and HUH721212AL4205 (0001) [1, 2];; Firmware Version: R39C [1] or R3D0 [2])
(When operated in FIPS mode, installed, initialized and configured asspecified in Sections 2.1 and 7.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/18/2017
08/31/2017
7/17/2022Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3880 and #3881); DRBG (Cert. #1108); HMAC (Cert. #2522); PBKDF (vendor affirmed); RSA (Cert. #1978); SHS (Certs. #3203 and #3204)

-Allowed algorithms: NDRNG
Multi-Chip Embedded

"HGST self-encrypting Ultrastar® He¹² TCG Enterprise Hard-Disk drives meet or exceed the most demanding performance and security requirements. The Ultrastar He¹² TCG is based on fourth-generation HelioSeal® technology, uses PMR technology and is the industry's first 12TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He¹² TCG provides the highest reliability rating available of all HDDs on the market today by building on the successful design of its 10TB, 8TB and 6TB predecessors."
2962Canonical Ltd.
5th floor, Blue Fin Building
110 Southwark Street
London SE1 0SU
United Kingdom

Joy Latten

Andrew Cloke

CST Lab: NVLAP 200658-0
Ubuntu Kernel Crypto API Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/18/20177/17/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4478, #4479, #4480, #4481, #4482, #4483, #4484, #4485, #4486, #4487, #4488, #4489, #4490, #4491, #4492, #4493, #4494, #4495, #4496, #4497, #4498, #4500, #4501, #4502, #4503, #4504, #4505, #4506 and #4507); DRBG (Certs. #1457, #1458, #1459, #1460, #1461, #1462, #1463, #1464, #1465, #1466, #1467, #1469 and #1470); HMAC (Certs. #2970, #2971, #2972, #2973, #2974, #2975, #2976 and #2977); KTS (AES Certs. #4478, #4481, #4484, #4489, #4492, #4498 and #4502; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #2447, #2448, #2449, #2450, #2451, #2452, #2453 and #2454); SHS (Certs. #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694 and #3695); Triple-DES (Certs. #2401, #2402, #2403, #2404, #2405, #2406 and #2407)

-Allowed algorithms: NDRNG
Multi-Chip Stand Alone

"Ubuntu Kernel Crypto API module is a software module running as part of the operating system kernel that provides general purpose cryptographic services."
2961128 Technology
200 Summit Drive
Burlington, MA 01803
USA

Patrick Melampy
TEL: N/A
FAX: N/A

Prashant Kumar
TEL: N/A
FAX: N/A

CST Lab: NVLAP 201029-0
128 Technology Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/18/20172/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"The 128T Networking Platform is a software-based, distributed routing and network services solution. The 128T Networking Platform uses Secure Vector Routing to simplify network architectures and provide fine-grained, end-to-end control and visibility. 128T runs on general-purpose computer and allows a wide range of deployment models - from remote branch offices to high-capacity network edges to hyper-scale data centers. The platform enables greater security and agility by distributing intelligence throughout the network - without disrupting your existing network infrastructure. The 128 Tech"
2960Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Firepower Cryptographic Module
(Firmware Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/17/20177/16/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): [Cisco ASA 5506-X, Cisco ASA 5506H-X, Cisco ASA 5506W-X, Cisco ASA 5508-X, Cisco ASA 5516-X, Cisco ASA 5512-X, Cisco ASA 5515-X, Cisco ASA 5525-X, Cisco ASA 5545-X, Cisco ASA 5555-X] with Fire Linux OS 6.1

-FIPS Approved algorithms: AES (Cert. #4266); CVL (Cert. #1008); DRBG (Cert. #1337); ECDSA (Cert. #995); HMAC (Cert. #2811); RSA (Cert. #2297); SHS (Cert. #3512); Triple-DES (Cert. #2307)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The module is designed to help you handle network traffic in a way that complies with your organization's security policy for protecting your network. The system can affect the flow of traffic using access control, which allows you to specify, in a granular fashion, how to handle the traffic entering, exiting, and traversing your network. All the information gathered from it can be used to filter and control that traffic."
2959Infineon Technologies AG
Am Campeon 1-12
Neubiberg, BY 85579
Germany

Roland Ebrecht
TEL: +49-821-25851-68
FAX: +49-821-25851-40

Thomas Hoffmann
TEL: +49-821-25851-24
FAX: +49-821-25851-40

CST Lab: NVLAP 100432-0
Trusted Platform Module 2.0 SLB 9660/SLB 9665/SLB 9670
(Hardware Versions: P/Ns SLB 9660 (Package PG-TSSOP-28-2 or PG-VQFN-32-13) [1], SLB 9665 (Package PG-TSSOP-28-2 or PG-VQFN-32-13) [1] and SLB 9670 (Package PG-VQFN-32-13) [2]; Firmware Version: 5.80 [1] or 7.80 [2])
(When operated in FIPS mode as specified in Security Policy Sections 1.1 and 8.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/17/20177/16/2022Overall Level: 2

-EMI/EMC: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4318 and #4319); CKG (vendor affirmed); CVL (Certs. #1030, #1032, #1033 and #1035); DRBG (Certs. #1374 and #1375); ECDSA (Certs. #1020 and #1021); HMAC (Certs. #2851 and #2852); KAS (Certs. #105 and #106); KBKDF (Certs. #117 and #118); KTS (AES Certs. #4318 and #4319 and HMAC Certs. #2851 and #2852; key establishment methodology provides 128 bits of encryption strength); KTS (vendor affirmed); RSA (Certs. #2332 and #2333); SHS (Certs. #3554 and #3555)

-Allowed algorithms: NDRNG
Single Chip

"The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the Trusted Platform Module Library Specification, Family "2.0", Level 00, Revision 01.16, October 2014 (ISO/IEC 11889:2015, Parts 1-4). See http://www.trustedcomputinggroup.org/ for further information on TCG and TPM."
2958UTC Fire & Security Americas Corporation, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

Michael O'Brien
TEL: 585-267-8345
FAX: 585-248-9185

Robert Pethick
TEL: 585-267-8046
FAX: 585-248-9185

CST Lab: NVLAP 100432-0
Lenel OnGuard Access Control Cryptographic Module
(Software Version: 7.3.345.54)
(When operated in FIPS mode with [(Windows 10 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #2606 operating in FIPS mode), (Windows Server 2012 R2 and Windows 8.1 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #2357 operating in FIPS mode), or (Windows 8 and Windows Server 2012 Cryptographic Primitives Library (BCRYPT) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode)])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/13/20177/12/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Intel i7-6700 w/ Microsoft Windows 8.1 64-bit on Vmware ESXi 6.0
Intel i7-6700 w/ Microsoft Windows 8 64-bit on Vmware ESXi 6.0
Intel i7-6700 w/ Microsoft Windows Server 2012 64-bit on Vmware ESXi 6.0
Intel i7-6700 w/ Microsoft Windows Server 2012 R2 64-bit on Vmware ESXi 6.0
Intel i7-6700 w/ Microsoft Windows 10 64-bit on Vmware ESXi 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197, #2832, #3497 and #4149); DRBG (Certs. #258, #489 and #868); RSA (Certs. #1134, #1493 and #1783); SHS (Certs. #1903, #2373 and #2886)

-Allowed algorithms: AES (Cert. #4149, key wrapping; key establishment methodology provides 128 bits of encryption strength)
Multi-Chip Stand Alone

"The Lenel OnGuard Access Control Cryptographic Module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system which is built on an open architecture platform and offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
2957Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Gokul Karthik Balaswamy
TEL: 425-706-8583
FAX: 425-708-0107

Christine Ahonen
TEL: 425-706-8675
FAX: 425-936-7329

CST Lab: NVLAP 200427-0
Microsoft Corporation Windows Embedded Compact Enhanced Cryptographic Provider 7.00.2872 and Microsoft Corporation Windows Embedded Compact Enhanced Cryptographic Provider 8.00.6246
(Software Versions: 7.00.2872 [1] and 8.00.6246 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/12/20177/11/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows Embedded Compact 7 (MIPS II) running on a Sigma Designs Vantage 8654 Development Kit [1]
Windows Embedded Compact 7 (MIPS II FP) running on a Sigma Designs Vantage 8654 Development Kit [1]
Windows Embedded Compact 7 (ARMv7) running on a TI OMAP TMDSEVM3530 [1]
Windows Embedded Compact 7 (ARMv6) running on a Samsung SMDK6410 Development Kit [1]
Windows Embedded Compact 7 (ARMv5) running on a Freescale i.MX27 Development Kit [1]
Windows Embedded Compact 2013 (x86) running on an eBox-330-A [2]
Windows Embedded Compact 2013 (ARMv7) running on a TI TMDSEVM3730 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4433 and #4434); CKG (vendor affirmed); DRBG (Certs. #1432 and #1433); HMAC (Certs. #2945 and #2946); RSA (Certs. #2414 and #2415); SHS (Certs. #3651 and #3652); Triple-DES (Certs. #2383 and #2384)

-Allowed algorithms: HMAC-MD5; MD5; NDRNG
Multi-Chip Stand Alone

"Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography."
2956Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Gokul Karthik Balaswamy
TEL: 425-706-8583
FAX: 425-708-0107

Christine Ahonen
TEL: 425-706-8675
FAX: 425-936-7329

CST Lab: NVLAP 200427-0
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll)
(Software Versions: 7.00.2872 [1] and 8.00.6246 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/11/20177/10/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows Embedded Compact 7 (MIPS II) running on a Sigma Designs Vantage 8654 Development Kit [1]
Windows Embedded Compact 7 (MIPS II FP) running on a Sigma Designs Vantage 8654 Development Kit [1]
Windows Embedded Compact 7 (ARMv7) running on a TI OMAP TMDSEVM3530 [1]
Windows Embedded Compact 7 (ARMv6) running on a Samsung SMDK6410 Development Kit [1]
Windows Embedded Compact 7 (ARMv5) running on a Freescale i.MX27 Development Kit [1]
Windows Embedded Compact 2013 (x86) running on an eBox-330-A [2]
Windows Embedded Compact 2013 (ARMv7) running on a TI TMDSEVM3730 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4430 and #4431); CKG (vendor affirmed); CVL (Certs. #1139 and #1140); DRBG (Certs. #1429 and #1430); DSA (Certs. #1187 and #1188); ECDSA (Certs. #1072 and #1073); HMAC (Certs. #2942 and #2943); KAS (Certs. #114 and #115); RSA (Certs. #2411 and #2412); SHS (Certs. #3648 and #3649); Triple-DES (Certs. #2381 and #2382)

-Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Multi-Chip Stand Alone

"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (versions 7.00.2872 and 8.00.6246), subject to FIPS 140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 and 2013 components and applications running on Windows Embedded Compact 7 and 2013."
2955Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexNetwork 7500 and HPE FlexFabric 7900 and 12904 Switch Series
(Hardware Versions: HPE FlexNetwork 7502 Switch Chassis (JD242C) with (JH208A) [1], HPE FlexNetwork 7503 Switch Chassis (JD240C) with (JH207A) [1], HPE FlexNetwork 7503 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH331A) with (JH209A) [1], HPE FlexNetwork 7506 Switch Chassis (JD239C) with (JH207A) [1], HPE FlexNetwork 7506 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH332A) with (JH209A) [1], HPE FlexNetwork 7510 Switch Chassis (JD238C) with (JH207A) [1], HPE FlexNetwork 7510 Switch with 2x2.4Tbps Fabric and Main Processing Unit Bundle (JH333A) with (JH209A) [1], HPE FlexFabric 7904 Switch Chassis (JG682A) with (JG683B) [2], HPE FlexFabric 7910 Switch Chassis (JG841A) with (JH001A or JG842A) and (JG683B) [2], HPE FlexFabric 12904E Switch AC Chassis (JH262A) with (JH263A) [3];; Firmware Versions: HPE Comware 7.1.045, Release R7179 [1], HPE Comware 7.1.045, Release R2150 [2], HPE Comware 7.1.045, Release R1150 [3])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/20177/10/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4090, #4092, #4095 and #4097); CKG (vendor affirmed); CVL (Certs. #905, #906, #909 and #910); DRBG (Certs. #1228 and #1230); DSA (Certs. #1111 and #1113); ECDSA (Certs. #924 and #926); HMAC (Certs. #2670, #2672, #2675 and #2677); RSA (Certs. #2214 and #2216); SHS (Certs. #3366, #3368, #3371 and #3373)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #905 and #909, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
2954Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexNetwork MSR1000, MSR2000, MSR3000 and MSR4000 Router Series
(Hardware Versions: {HPE FlexNetwork MSR1002-4 Router (JG875A) with (JD574B, JD573B, and JD559A) or with (JD573B and JD559A) and opacity shield JG598A, HPE FlexNetwork MSR1003-8S AC Router (JH060A) with (JD560A, JD559A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR2003 AC Router (JG411A) with (JD558A and JD574B) or with (JD559A, JD576A, and JF821A) and opacity shield JG598A, HPE FlexNetwork MSR2003 TAA-compliant AC Router (JG866A) with (JD558A and JD574B) or with (JD559A, JD576A, and JF821A) and opacity shield JG598A, HPE FlexNetwork MSR2004-24 AC Router (JG734A) with (JD560A, JD559A, JF821A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR2004-48 Router (JG735A) with (JD560A, JD559A, JF821A, and JD576A) and opacity shield JG598A, HPE FlexNetwork MSR3012 AC Router (JG409A) with (JG604A, JF281A, and JG430A) and opacity shield JG599A, HPE FlexNetwork MSR3044 Router (JG405A) with (JD559A, JD560A, JD561A, JG438A, JG442A, JG443A, and JG447A) and opacity shield JG600A, HPE FlexNetwork MSR3064 Router (JG404A) with (JG604A, JF281A, JG211A, JG737A, JG430A, JG447A, JD624A, JG415A, JD613A, JG457A, and JG435A) and opacity shield JG601A, HPE FlexNetwork MSR4060 Router Chassis (JG403A) with JG869A and (JG415A, JF254B, JG435A, and JG447A) and opacity shield JG602A, HPE FlexNetwork MSR4080 Router Chassis (JG402A) with JG869A and (JF841A, JG416A, JF841A, JG415A, JF254B, JC160A, JC159A, and JF837A) and opacity shield JG603A} with tamper evidence labels: JG585A or JG586A; Firmware Version: HPE Comware 7.1.045 Release R0305P08)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/20177/10/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4091, #4094 and #4096); CKG (vendor affirmed); CVL (Certs. #907 and #908); DRBG (Cert. #1229); DSA (Cert. #1112); ECDSA (Cert. #925); HMAC (Certs. #2671, #2674 and #2676); RSA (Cert. #2215); SHS (Certs. #3367, #3370 and #3372)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #907, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
2953Attivo Networks Inc.
47697 Westinghouse Drive,
Suite 201
Fremont, CA
USA

Satya Das
TEL: 510-623-1000

CST Lab: NVLAP 200968-0
Attivo Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/07/20171/29/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Mac OS X El Capitan 10.11.3 running on an Intel Core i5 1.4GHz system with PAA
CentOS 6.5 on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
CentOS 6.5 on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
Ubuntu 12.04 LTS on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
Windows Server 2008 SP2 (32 bit) on CentOS 6.5 – KVM running on and Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
Ubuntu 12.04 LTS on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
Windows Server 2008 SP2 32-bit on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz system with PAA
Windows 7 Professional 64-bit on VMware ESXi 6.0.0 running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA
Windows 7 Professional 64-bit on CentOS 6.5 – KVM running on an Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3983); CVL (Cert. #812); DRBG (Cert. #1176); DSA (Cert. #1083); ECDSA (Cert. #881); HMAC (Cert. #2599); RSA (Cert. #2044); SHS (Cert. #3288); Triple-DES (Cert. #2186)

-Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"Attivo Cryptographic Module is a component of Attivo Networks’ products such as the Attivo Central Manager 200, BOTsink 3200, and BOTsink 5100. These products constitute the Attivo ThreatMatrix Deception and Response Platform which detects stolen credentials, ransomware, and targeted attacks within user networks, data centers, clouds, SCADA, and IoT environments by deceiving attackers into revealing themselves. The detections along with comprehensive attack analysis and actionable alerts empower accelerated incident response."
2952Singlewire Software
Singlewire Software
Madison, WI 53717
USA

Sales
TEL: N/A
FAX: N/A

N/A
TEL: N/A
FAX: N/A

CST Lab: NVLAP 201029-0
InformaCast Java Crypto Library
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2804)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/07/201712/7/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090)

-Allowed algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"InformaCast transforms devices on your network into a powerful system for IP paging and emergency alerting. InformaCast contains Java libraries that feature robust FIPS 140-2 validated algorithm support."
2951Singlewire Software
1002 Deming Way
Madison, WI 53717
USA

Sales
TEL: N/A
FAX: N/A

N/A
TEL: N/A
FAX: N/A

CST Lab: NVLAP 201029-0
InformaCast C Crypto Library
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/07/20172/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"InformaCast transforms devices on your network into a powerful system for IP paging and emergency alerting. InformaCast contains C libraries that feature robust FIPS 140-2 validated algorithm support."
2950Hypersecu Information Systems Inc.
#200-6191 Westminster Hwy
Richmond, BC V7C 4V4
Canada

James Li
TEL: +1 (604) 279-2000
FAX: +1 (604) 272-1233

Gregory Dunn
TEL: +1 (604) 279-2000
FAX: +1 (604) 272-1233

CST Lab: NVLAP 100432-0
HyperPKI™ HYP2003
(Hardware Version: 1.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/06/20177/6/2019Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Allowed algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"HyperPKI™ HYP2003 token is a portable two-factor USB token advanced with smart card technology. HYP2003 utilizes digital certificate based technologies to generate and store credentials, such as private keys, passwords and digital certificates inside the secured smart card chip. It is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection."
2949Hewlett Packard Enterprise
8000 Foothills Blvd
Roseville, CA 95747
USA

Susan Scotten
TEL: 916-785-8742

CST Lab: NVLAP 200002-0
Aruba 5400R zl2 Switch Series
(Hardware Versions: 5406R zl2 J9821A [1] and 5412R zl2 J9822A [2]; Interface Modules: (J9537A [2], J9546A [2], J9986A [1,2], 9987A [1,2], J9988A [1,2], J9989A [2], J9990A [1,2], J9991A [2], J9992A [2], J9993A [1,2], J9995A [1,2], J9996A [2]); Management Module: J9827A [1,2]; Firmware Version: KB.16.02.0015)
(When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 11)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/06/20177/5/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4304); CVL (Cert. #1018); DRBG (Cert. #1365); DSA (Cert. #1144); HMAC (Cert. #2840); RSA (Cert. #2325); SHS (Cert. #3543); Triple-DES (Cert. #2325)

-Allowed algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO."
2948Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Bill Shelton
TEL: 408-745-2000

Vann (Vanna) Nguyen
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways with Junos 15.1X49-D75
(Hardware Versions: SRX5400, SRX5600, SRX5800 with components identified in Security Policy Table 1 and JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS-MODE 15.1X49-D75)
(When operated in FIPS mode and with tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/06/2017
07/28/2017
7/5/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4393, #4394 and #4395); CKG (vendor affirmed); CVL (Certs. #1095 and #1096); DRBG (Certs. #1415 and #1423); DSA (Certs. #1172 and #1173); ECDSA (Certs. #1053 and #1054); HMAC (Certs. #2919, #2920 and #2921); KTS (AES Cert. #4393 and HMAC Cert. #2919; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (AES Cert. #4394 and HMAC Cert. #2920; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2368 and HMAC Cert. #2919; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2369 and HMAC Cert. #2920; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #2377 and #2383); SHS (Certs. #3621, #3622, #3623 and #3624); Triple-DES (Certs. #2368, #2369 and #2370)

-Allowed algorithms: Diffie-Hellman (CVL Certs. #1095 and #1096, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1095 and #1096, key agreement; key establishment methodology provides 128 or 192 bit of encryption strength); NDRNG
Multi-Chip Stand Alone

"Juniper Networks® SRX5400, SRX5600, and SRX5800 Services Gateways are next-gen intelligent security platforms ideally suited for service provider, large enterprise, and public sector networks. Based on a revolutionary architecture offering superior protection, performance, scalability, services integration, and six nines of carrier-grade reliability the SRX5000 series are custom designed to deliver the highest level of protection incorporating advanced services such as application security, Unified Threat Management (UTM), Intrusion Prevention (IPS), and integrated threat intelligence."
2947NCoded Communications LLC
17633 Gunn Hwy
#188
Odessa, FL 33556
USA

Peter Rung
TEL: N/A
FAX: N/A

Shad Epolito
TEL: N/A
FAX: N/A

CST Lab: NVLAP 201029-0
NCoded Cryptographic Mobile Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #1938.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/05/20172/9/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Allowed algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength);
Multi-Chip Stand Alone

"NCoded Cryptographic Mobile (NCM) Module is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to the mobile devices and features robust algorithm support, including Suite B algorithms. NCM offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2946Bull Atos Technologies
Rue Jean JaurFs
B.P.68
Les Clayes sous Bois 78340
France

Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200928-0
CHR Cryptographic Module
(Hardware Version: 006/A; Firmware Version: V1.06-00L)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/29/20176/28/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: RSA (Cert. #1884); SHS (Cert. #3067)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
2945TCL Communication Ltd.
25 Edelman Suite 200
Irvine, CA 92618
USA

Alain Perrier
TEL: 214-316-2312

Nikhil Mhatre
TEL: 954-914-9952

CST Lab: NVLAP 200658-0
TCT Crypto Engine
(Hardware Version: 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/23/20173/21/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4513 and #4514)

-Other algorithms: N/A
Single Chip

"TCT Crypto Engine high throughput storage data encryption and decryption."
2944TCL Communication Ltd.
25 Edelman Suite 200
Irvine, CA 92618
USA

Alain Perrier
TEL: 214-316-2312

Nikhil Mhatre
TEL: 954-914-9952

CST Lab: NVLAP 200658-0
TCT Random Number Generator
(Hardware Version: 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/23/20174/7/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: DRBG (Cert. #1475); SHS (Certs. #3700 and #3702)

-Other algorithms: NDRNG
Single Chip

"TCT Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG"
2943TCL Communication Ltd.
25 Edelman Suite 200
Irvine, CA 92618
USA

Alain Perrier
TEL: 214-316-2312

Nikhil Mhatre
TEL: 954-914-9952

CST Lab: NVLAP 200658-0
TCT Crypto Engine Core
(Hardware Version: 5.3.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/23/20174/10/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4512); HMAC (Cert. #2981); SHS (Cert. #3701); Triple-DES (Cert. #2409)

-Other algorithms: AEAD; DES
Single Chip

"TCT Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments"
2942Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

Jung Ha Paik
TEL: +82-10-8861-0858

CST Lab: NVLAP 200002-0
Samsung Flash Memory Protector V1.2
(Hardware Version: 3.0.2; Software Version: 1.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid06/23/20176/22/2022Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 7.0 (Kernel 4.4) running on Samsung Galaxy S8 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4423)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The hardware module supports AES with CBC mode and XTS-AES cryptographic services."
2941Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield Solo XC F3 [1] and nShield Solo XC F3 for nShield Connect XC [2]
(Hardware Versions: NC4035E-000 [1] and NC4335N-000 [2], Build Standard A; Firmware Version: 3.3.21)
(When installed, initialized and configured as specified in Section 5.2.3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/23/20176/22/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3664, #3697 and #3711); CVL (Certs. #669, #682, #696 and #1111); DRBG (Cert. #985); DSA (Certs. #1034 and #1039); ECDSA (Certs. #771, #776, #790 and #805); HMAC (Cert. #2414); KBKDF (Certs. #73 and #75); KTS (AES Cert. #3664 and #3711; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1897, #1903 and #1917); SHS (Certs. #3082 and #3130); Triple-DES (Certs. #2046 and #2073)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The nShield XC F3 PCIe card, sold as nShield XC F3 PCIe server-embedded hardware security modules (HSMs) and also used in the nShield Connect XC network appliance HSMs, are multi-tasking HSMs optimized for symmetric and asymmetric operations on protected keys. The nShield modules are FIPS 140-2 Level 3 embedded devices for applications including but not limited to PKI, SSL/TLS, Secure Manufacturing, Data Protection, Key Management and Provisioning."
2940Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexNetwork 10500 and HPE FlexFabric 12500 and 12900 Switch Series
(Hardware Versions: {HPE FlexNetwork 10504 Switch Chassis JC613A with (JG496A or JH198A) and opacity shield JG710A [1], HPE FlexNetwork 10504 Switch TAA-Compliant Chassis JG820A with JH206A and opacity shield JG710A [1], HPE FlexNetwork 10508 Switch Chassis JC612A with (JG496A or JH198A) and opacity shield JG711A [1], HPE FlexNetwork 10508 Switch TAA-Compliant Chassis JG821A with JH206A and opacity shield JG711A [1], HPE FlexNetwork 10508-V Switch Chassis JC611A with (JG496A or JH198A) and opacity shield JG712A [1], HPE FlexNetwork 10508-V Switch TAA-Compliant Chassis JG822A with JH206A and opacity shield JG712A [1], HPE FlexNetwork 10512 Switch Chassis JC748A with (JG496A or JH198A) and opacity shield JG713A [1], HPE FlexNetwork 10512 Switch TAA-Compliant Chassis JG823A with JH206A and opacity shield JG713A [1], HPE FlexFabric 12504 AC Switch Chassis JC654A with (JC072B or JG497A), JG794A and opacity sheild JG721A [2], HPE FlexFabric 12508E AC Switch Chassis JG782A with JG802A and JG794A [2], HPE FlexFabric 12518E AC Switch Chassis JG784A with JG802A and JG794A [2], HPE FlexFabric 12908E Switch Chassis JH255A with JH104A [3], HPE FlexFabric 12910 Switch AC Chassis JG619A with JG621A [3], HPE FlexFabric 12910 TAA Compliant Switch AC Chassis JH113A with JH114A [3], HPE FlexFabric 12916E Switch Chassis JH103A with JH104A [3]} with tamper evidence labels: JG585A or JG586A; Firmware Versions: HPE Comware 7.1.045, Release R7179[1], HPE Comware 7.1.045, Release R7377[2], HPE Comware 7.1.045, Release R1150[3])
(When operated in FIPS mode with tamper evident labels and opacity kits installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/28/20176/27/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4090, #4092, #4093, #4095, #4097 and #4098); CKG (vendor affirmed); CVL (Certs. #905, #906, #909, #910, #911 and #912); DRBG (Certs. #1228, #1230 and #1231); DSA (Certs. #1111, #1113 and #1114); ECDSA (Certs. #924, #926 and #927); HMAC (Certs. #2670, #2672, #2673, #2675, #2677 and #2678); RSA (Certs. #2214, #2216 and #2217); SHS (Certs. #3366, #3368, #3369, #3371, #3373 and #3374)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #905, #909 and #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant)
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
2939NCoded Communications LLC
17633 Gunn Hwy
#188
Odessa, FL 33556
USA

Peter Rung
TEL: N/A
FAX: N/A

Shad Epolito
TEL: N/A
FAX: N/A

CST Lab: NVLAP 201029-0
NCoded Cryptographic Server Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/22/20172/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Mac OS X 10.8 on a MacBook Air
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG
Multi-Chip Stand Alone

"NCoded Cryptographic Server Module is a standards-based "Drop-in Compliance" cryptographic engine for servers and appliances. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. NCoded Cryptographic Server Module offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2938Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Secure Kernel Code Integrity (skci.dll) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode)

-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

-Other algorithms: MD5
Multi-Chip Stand Alone

"Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed."
2937Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the modules Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode and Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2936 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography."
2936Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)."
2935Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: AES (non-compliant); MD5
Multi-Chip Stand Alone

"Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk."
2934Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064)

Multi-Chip Stand Alone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2933Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: MD5
Multi-Chip Stand Alone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2932Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: NDRNG; MD5
Multi-Chip Stand Alone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2931Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: MD5; PBKDF (non-compliant); VMK KDF
Multi-Chip Stand Alone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2930Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexNetwork 5130EI, 5130HI, 5510HI and FlexFabric 5930 Switch Series
(Hardware Versions: HPE FlexNetwork 5130 24G 4SFP+ EI Switch (JG932A) [1], HPE FlexNetwork 5130 24G SFP 4SFP+ EI Switch (JG933A) [1], HPE FlexNetwork 5130 48G 4SFP+ EI Switch (JG934A) [1], HPE FlexNetwork 5130 24G PoE+ 4SFP+ (370W) EI Switch (JG936A) [1], HPE FlexNetwork 5130 48G PoE+ 4SFP+ (370W) EI Switch (JG937A) [1], HPE FlexNetwork 5130 24G 2SFP+ 2XGT EI Switch (JG938A) [1], HPE FlexNetwork 5130 48G 2SFP+ 2XGT EI Switch (JG939A) [1], HPE FlexNetwork 5130 24G POE+ 2SFP+ 2XGT (370W) EI Switch (JG940A) [1], HPE FlexNetwork 5130 48G POE+ 2SFP+ 2XGT (370W) EI Switch (JG941A) [1], HPE 5130 24G 4SFP+ 1-slot HI Switch (JH323A) [2], HPE 5130 48G 4SFP+ 1-slot HI Switch (JH324A) [2], HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch (JH325A) [2], HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch (JH326A) [2], HPE 5510 24G 4SFP+ HI 1-slot Switch (JH145A) [3], HPE 5510 48G 4SFP+ HI 1-slot Switch (JH146A) [3], HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch (JH147A) [3], HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch (JH148A) [3], HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A) [3], HPE FlexFabric 5930 32QSFP+ Switch (JG726A) [4], HPE FlexFabric 5930 32QSFP+ Switch TAA version (JG727A) [4], HPE FlexFabric 5930 4-slot Switch (JH179A) [4], HPE FlexFabric 5930 4-slot Switch TAA1 version (JH188A) [4], HPE FlexFabric 5930 2QSFP+ 2-slot Switch (JH178A) [4], HPE FlexFabric 5930 2QSFP+ 2-slot Switch TAA1 version (JH187A) [4]; Firmware Versions: HPE Comware 7.1.045, Release R3113 [1], HPE Comware 7.1.045, Release R1120P05 [2], HPE Comware 7.1.045, Release R1120 [3], HPE Comware 7.1.045, Release R2423 [4])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/20176/20/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3854, #3855, #4092, #4093, #4097 and #4098); CKG (vendor affirmed); CVL (Certs. #738, #739, #909, #910, #911 and #912); DRBG (Certs. #1094, #1230 and #1231); DSA (Certs. #1055, #1113 and #1114); ECDSA (Certs. #834, #926 and #927);HMAC (Certs. #2499, #2503, #2672, #2673, #2677 and #2678); RSA (Certs. #1969, #2216 and #2217); SHS (Certs. #3173, #3177, #3368, #3369, #3373 and #3374)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #738, #909 and #911, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant)
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
2929DataLocker Inc.
7007 College Blvd., Suite 240
Overland Park, KS 66211
USA

Jay Kim
TEL: 913-310-9088

CST Lab: NVLAP 100432-0
Sentry - Encrypted USB Flash Drive
(Hardware Versions: SEMS04, SEMS08, SEMS16, SEMS32, SEMS64, SSC004M, SSC008M, SSC016M, SSC032M, SSC064M, SONE004, SONE008, SONE016, SONE032, SONE064, SONE004M, SONE008M, SONE016M, SONE032M and SONE064M; Firmware Version: 3.05)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/201711/30/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Sentry - Encrypted USB Flash Drive is a Secure USB 3.0 flash drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to sensitive data and critical applications. The Sentry - Encrypted USB Flash Drive allows enterprise class device management features like policy updates, password recovery and remote kill features."
2928Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-435-2604
FAX: 714-438-2765

CST Lab: NVLAP 200983-0
Kingston DataTraveler 2000
(Hardware Version: DT2000/4GB; DT2000/8GB; DT2000/16GB; DT2000/32GB; DT2000/64GB; Firmware Version: Encryption Controller: V1.01.10; Security Controller: v1.11)
(This validation entry is rebranding from Cert. #2688)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/20/2017
07/14/2017
7/25/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); PBKDF (vendor affirmed); SHS (Cert. #3127)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"Kingston DataTraveler 2000 Secure USB Flash Drive ("Kingston DT2000" or "DT2000") is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an on-board keypad. User data is protected by hardware-based 256-bit AES encryption to secure sensitive information in the event that the drive is lost or stolen."
2927Hewlett Packard Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Rick Stanley
TEL: 603-315-7746
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE FlexNetwork MSR3024 Router Series
(Hardware Versions: HPE FlexNetwork MSR3024 AC Router (JG406A), HPE FlexNetwork MSR3024 PoE Router (JG408A); Firmware Versions: HPE Comware 7.1.045, Release R0305P08)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/20/20176/19/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4091, #4094 and #4096); CKG(vendor affirmed); CVL (Certs. #907 and #908); DRBG (Cert. #1229); DSA (Cert. #1112); ECDSA (Cert. #925); HMAC (Certs. #2671, #2674 and #2676); RSA (Cert. #2215); SHS (Certs. #3367, #3370 and #3372)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #907, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2671, #2674 and #2676); NDRNG; AES (non-compliant); Camellia; DES; HMAC-MD5; MD5; PRNG; RC2; RC4; RSA (non-compliant)
Multi-Chip Stand Alone

"The HPE Networking devices are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. Each device is based on the HPE Comware Software, Version 7.1.045 platform."
2926Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Jaz Lin
TEL: 408-745-2000

Vann (Vanna) Nguyen
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways
(Hardware Versions: SRX5400, SRX5600, and SRX5800 with components identified in Security Policy Table 1; Firmware Version: JUNOS-FIPS 12.3X48-D30)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/19/20176/18/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4054, #4055, #4056, #4070 and #4329); CVL (Certs. #880 and #926); DRBG (Certs. #1216, #1399 and #1401); DSA (Certs. #1096, #1103 and #1104); ECDSA (Certs. #909, #916 and #917); HMAC (Certs. #2646, #2647, #2648, #2657 and #2867); KTS (AES Cert. #4054 and HMAC Cert. #2646); KTS (AES Cert. #4055 and HMAC Cert. #2647); KTS (AES Cert. #4056 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2223 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2646); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2647); RSA (Certs. #2087, #2201 and #2202); SHS (Certs. #3341, #3342, #3343, #3353 and #3571); Triple-DES (Certs. #2221, #2222, #2223 and #2224)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; ARCFOUR; Blowfish; CAST; HMAC-MD5; HMAC-RIPEMD160; UMAC
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2925Huawei Technologies Co., Ltd.
No.328, Xinghu Street
SuZhou, JIANGSU 215000
CHINA

Yan Ze (Allen)
TEL: +86 15919432118

Ji Xiang
TEL: +8615261806635

CST Lab: NVLAP 100432-0
Huawei AC6605 Wireless Access Controller
(Hardware Versions: P/Ns AC6605-26, 99089JEB [Baffles] and 4057-113016 [Tamper-Evident Seals]; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper-evident seals and external baffles installed as indicated in the Security Policy. The protocols IKEv1, SNMP and TLS shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/19/20176/18/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Other algorithms: Diffe-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2930); NDRNG; AES (non-compliant); Blowfish; DES; HMAC-MD5; IKEv1 KDF (non-compliant); MD5; PBKDF2 (non-compliant); RC4; RSA (non-compliant); SM1; SM3; SM4; SNMP KDF (non-compliant); TLS KDF (non-compliant)
Multi-Chip Stand Alone

"The Huawei Access Controller (AC) are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to handle the configuration of wireless access-points. The modules provide network interfaces for data input and output."
2924Huawei Technologies Co., Ltd.
No.328, Xinghu Street
Yuhuatai District
SuZhou, JIANGSU 215000
CHINA

Yan Ze (Allen)
TEL: +86 15919432118

Ji Xiang
TEL: +86 15261806635

CST Lab: NVLAP 100432-0
Huawei AC6005 Wireless Access Controller
(Hardware Versions: P/Ns AC6005-8, 99089JEB [Baffles] and 4057-113016 [Tamper-Evident Seals]; Firmware Version: V200R007C10SPC100)
(When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocols IKE, SNMP and TLS shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/19/20176/18/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4408); CKG (vendor affirmed); CVL (Cert. #1114); DRBG (Cert. #1421); ECDSA (Cert. #1060); HMAC (Cert. #2930); SHS (Cert. #3634); Triple-DES (Cert. #2375)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2930); NDRNG; AES (non-compliant); Blowfish; DES; KDF (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); MD5; PBKDF2 (non-compliant); RC4; RSA (non-compliant); SM1; SM3; SM4; SNMP KDF (non-compliant); TLS KDF (non-compliant)
Multi-Chip Stand Alone

"The Huawei Access Controller (AC) are multi-chip standalone cryptographic modules enclosed in hard, commercial grade metal cases. The cryptographic boundary for these modules is the enclosure. The primary purpose of these modules is to handle the configuration of wireless access-points. The modules provide network interfaces for data input and output."
2923Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

Diana Robinson
TEL: 845.454.6397
FAX: N/A

CST Lab: NVLAP 201029-0
Security Analytics Appliance (Models: SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, and SA-S500-40-FA)
(Hardware Versions: P/N 090-03645, P/N 080-03938, P/N 090-03646, P/N 080-03939, P/N 090-03648, P/N 080-03940, P/N 090-03649, and P/N 080-03941 with FIPS Kit: HW-KIT-FIPS-500; Firmware Version: 7.2.3)
(When configured as specified in Section 3.1 and tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/19/2017
06/22/2017
6/18/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4390); CVL (Certs. #1108 and #1109); DRBG (Cert. #1413); HMAC (Cert. #2917); RSA (Cert. #2373); SHS (Cert. #3619)

-Other algorithms: Diffie-Hellman (CVL Cert. #1108 with CVL Cert #1109, key agreement, key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1108 with CVL Cert #1109, key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Multi-Chip Stand Alone

"The Security Analytics Appliances (SA-S500-10-CM, SA-S500-20-FA, SA-S500-30-FA, and SA-S500-40-FA) are part of Symantec’s Incident Response and Forensics solutions. The appliances harness the Security Analytics software to capture, enrich and reconstruct all network traffic (including full packets) in real time. The appliances can be deployed anywhere in the network to deliver clear, actionable intelligence for swift incident response and resolution and real-time network forensics."
2922STMicroelectronics
Green Square Building B
Lambroekstraat 5
Diegem/Machelen B-1831
Belgium

Olivier COLLART
TEL: +32 272 450 77
FAX: +32 272 451 43

Fabien ARRIVE
TEL: +33 223 470 633
FAX: +33 223 470 400

CST Lab: NVLAP 200002-0
Trusted Platform Module ST33TPHF2ESPI
(Hardware Versions: ST33HTPH2E28AAF0, ST33HTPH2E32AAF0, ST33HTPH2E28AAF1 and ST33HTPH2E32AAF1; Firmware Version: 49.00)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/16/20176/15/2022Overall Level: 1

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4338); CKG (vendor affirmed); CVL (Certs. #1044 and #1045); DRBG (Cert. #1361); ECDSA (Cert. #1025); HMAC (Certs. #2870 and #2878); KAS (Cert. #110); KBKDF (Cert. #123); KTS (AES Cert. #4338 and HMAC Cert. #2870; key establishment methodology provides 128 bits or 256 bits of encryption strength); RSA (Cert. #2342); SHS (Cert. #3539); Triple-DES (Cert. #2345)

-Other algorithms: NDRNG; RSA (CVL Cert. #1045, key wrapping; key establishment methodology provides 112 bits of encryption strength); ECDAA; ECSchnorr; MGF1
Single Chip

"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 and version 2.0 specification."
2921Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Jaz Lin
TEL: 408-745-2000

Vann (Vanna) Nguyen
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways
(Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.3X48-D30)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/20176/13/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4054, #4056 and #4329); CVL (Certs. #880 and #926); DRBG (Certs. #1216 and #1399); DSA (Certs. #1096 and #1104); ECDSA (Certs. #909 and #917); HMAC (Certs. #2646, #2648 and #2867); KTS (AES Cert. #4054 and HMAC Cert. #2646); KTS (AES Cert. #4056 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2223 and HMAC Cert. #2648); KTS (Triple-DES Cert. #2224 and HMAC Cert. #2646); RSA (Certs. #2087 and #2202); SHS (Certs. #3341, #3343 and #3571); Triple-DES (Certs. #2222, #2223 and #2224)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; ARCFOUR; Blowfish; CAST; HMAC-MD5; HMAC-RIPEMD160; UMAC
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2920NXP Semiconductors
411 E. Plumeria Dr.
San Jose, CA 95134
USA

Sylvain Bonfardin
TEL: 408-518-5500

CST Lab: NVLAP 100432-0
NXP JCOP 3 SecID P60 OSA
(Hardware Version: P6022y VB; Firmware Version: 0503.8211)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/20176/13/2022Overall Level: 3

-Physical Security: Level 4
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3997); CVL (Cert. #824); DRBG (Cert. #1187); ECDSA (Cert. #890); KBKDF (Cert. #91); KTS (AES Cert. #3997); RSA (Certs. #2053 and #2086); SHS (Cert. #3299); Triple-DES (Cert. #2195); Triple-DES MAC (Triple-DES Cert. #2195, vendor affirmed)

-Other algorithms: NDRNG
Single Chip

"NXP Semiconductors offers JCOP, a secure Java Card Operating System based on several independent 3rd party specifications, such as Java Card 3.0.4 specifications, the GlobalPlatform card specifications 2.2.1 and few International Organization for Standards (like ISO7816), EMV (Europay, MasterCard and VISA) and others. By adhering to these standards JCOP 3 SECID P60 ensures large interoperability with third-party applets providers, card issuers as well as all existing Smart Card infrastructures."
2919Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Firepower 4100 and Cisco Firepower 9300 Series
(Hardware Versions: FPR4110[1], FPR4120[1], FRP4140[1], FRP4150[1], FPR9300-SM24[2] and FPR9300-SM36[2] with FIPS Kit (Cisco_TEL.FIPS_Kit), and opacity shield 69-100250-01[1] or 800-102843-01[2]; Firmware Version: 2.0)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy. This module contains the embedded module Cisco ASA Cryptographic Module validated to FIPS 140-2 under Cert. #2898 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/01/20175/31/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2034, #2035, #4249 and #4307); CVL (Certs. #1002 and #1023); DRBG (Certs. #197, #1328 and #1368); ECDSA (Cert. #989); HMAC (Certs. #1233, #2787 and #2843); RSA (Certs. #2298 and #2328); SHS (Certs. #1780, #3486 and #3546); Triple-DES (Certs. #1311, #2304 and #2328)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"Next generation security services platforms capable of running multiple security services simultaneously. Providing firewall (NGFW), traffic management Cisco Firepower 4100 Series is a family of four threat threat-focused NGFW security platforms. While the Cisco Firepower 9300 is a scalable carrier-grade, modular platform designed for service providers, high-performance computing centers. These are all next generation security services platforms capable of running multiple (firewall (NGFW), traffic management) security services simultaneously."
2918Viptela
1730 North First St
Suite 500
San Jose, CA 95112
USA

Venu Hemige

Chandrodaya Prasad

CST Lab: NVLAP 201029-0
Viptela Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/30/2017
06/02/2017
2/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG
Multi-Chip Stand Alone

"The Viptela Cryptographic Module is a fundamental component of Viptela's security functionality. It is used for authentication of users and devices as well as to provide high scalability data protection for Software Defined Wide Area Networks (SD-WANs)."
2917Futurex
864 Old Boerne Road
Bulverde, TX 78163
USA

Futurex Security Certifications
TEL: +1 830-980-9782

CST Lab: NVLAP 100432-0
GSP3000 Hardware Security Module
(Hardware Version: P/N 9800-2079 Rev7; Firmware Version: 6.2.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/30/20175/29/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4117 and #4118); CVL (Cert. #925); DRBG (Cert. #1240); ECDSA (Cert. #935); HMAC (Cert. #2689); KBKDF (Cert. #104); KTS (AES Cert. #4118); KTS (AES Cert. #4117 and HMAC Cert. #2689); KTS (Triple-Des Cert. #2248 and HMAC Cert. #2689; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2226); SHS (Cert. #3387); Triple-DES (Certs. #2248 and #2254)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #2248, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AKB/TR-31; DES; DUKPT; HMAC MD5; HMAC RIPEMD-160; MD5; RIPEMD-160
Multi-Chip Embedded

"The GSP3000 is a general purpose cryptographic module incorporated into multiple Futurex products to ensure data confidentiality, integrity, and authenticity. It is designed to meet and exceed compliance mandates and security best practices in environments requiring enterprise-class protection for sensitive information."
2916Kaspersky Lab UK Ltd.
1st Floor, 2 Kingdom Street
Paddington, London, W2 6BD
United Kingdom

Oleg Andrianov
TEL: +7 495 797 8700

CST Lab: NVLAP 200968-0
Kaspersky Cryptographic Module (Pre-Boot)
(Software Version: 3.0.1.25)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/30/20175/29/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Kaspersky Preboot OS with BIOS running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA
Kaspersky Preboot OS with BIOS running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA
Kaspersky Preboot OS with UEFI running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA
Kaspersky Preboot OS with UEFI running on an Intel® Core™ i7-3770S CPU@ 3.10GHz system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2849, #2959, #2960 and #2980); DRBG (Certs. #502, #561, #890, #891, #896 and #897); HMAC (Certs. #1789 and #1879); PBKDF (vendor affirmed); RSA (Certs. #1490 and #1558); SHA-3 (vendor affirmed); SHS (Certs. #2391 and #2492)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength), RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Kaspersky Cryptographic Module (Pre-Boot) is a set of software libraries that provide cryptographic services for Kaspersky Lab FDE solution in pre-boot environment."
2915Hewlett Packard Enterprise
3000 Hanover St
Palo Alto, CA 94304
USA

Fernie Fuentes

CST Lab: NVLAP 201029-0
Hewlett Packard Enterprise libgcrypt Crypto Module
(Software Version: 4.0)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #2657.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/30/20176/12/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645 and #3646); DRBG (Certs. #972, #973, #974, #975, #979 and #980); DSA (Certs. #1020 and #1021); HMAC (Certs. #2398 and #2399); RSA (Certs. #1882 and #1883); SHS (Certs. #3065 and #3066); Triple-DES (Certs. #2033 and #2034)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; Blowfish; Camellia; CAST5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; SEED; Serpent; Tiger; Twofish; Whirlpool
Multi-Chip Stand Alone

"The Hewlett Packard Enterprise libgcrypt Crypto Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for Hewlett Packard Enterprise components."
2914Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Liu Pinping
TEL: +86 15850529039

CST Lab: NVLAP 100432-0
Huawei S6720EI Series Switches
(Hardware Versions: P/Ns 02350DMN Version H.3 (S6720-30C-EI-24S-AC) and 02350DMP Version H.3 (S6720-54C-EI-48S-AC) both with P/Ns 4057-113016 (Tamper Evident Seals) and 99089JEB (External Baffle); Firmware Version: V200R010C00SPC900B900)
(When operated in FIPS mode and with the tamper evident seals and external baffles installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/26/20175/25/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2924); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES-XCBC-MAC (non-compliant); DES; HMAC-MD5; RC4; SNMP KDF (non-compliant)
Multi-Chip Stand Alone

"The S6720 has industry-leading performance and provides up to 24 or 48 line-speed 10GE ports. It can be used in a data center to provide 10 Gbit/s access to servers or function as a core switch on a campus network to provide 10 Gbit/s traffic aggregation. In addition, the S6720 provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable, manageable, reliable, and secure data centers."
2913Mocana Corporation
20 California Street
San Francisco, CA 94111
USA

Srinivas Kumar
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Loadable Kernel Module
(Software Version: 6.4.1f)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/24/20175/23/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Wind River Linux 6.0 running on Intel Atom E3800 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4265); DRBG (Cert. #1336); HMAC (Cert. #2810); SHS (Cert. #3511); Triple-DES (Cert. #2306)

-Other algorithms: DES; HMAC-MD5; MD2; MD4; MD5; PRNG
Multi-Chip Stand Alone

"The Mocana Cryptographic Loadable Kernel Module (Software Version 6.4.1f) is a software only, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface."
2912EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

Compliance Certification
TEL: 508-249-6911

CST Lab: NVLAP 200996-0
Unity 12 Gb/s SAS I/O Module with Encryption
(Hardware Versions: Storage Processor SAS Module with P/N 362-000-332, P/N 363-000-071, P/N 363-000-084 and P/N 364-000-096 and Pluggable I/O SAS Module with P/N 362-000-333, P/N 363-000-071, P/N 363-000-084 and P/N 364-000-063; Firmware Version: 03.90)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/16/20175/15/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3586 and #3598); KTS (AES Cert. #3598)

-Other algorithms: N/A
Multi-Chip Embedded

"The EMC Unity 12 Gb/s SAS I/O Module with Encryption is a high-density SAS controller chipset executing specialized firmware that provides Data At Rest Encryption (D@RE) for EMC Unity storage arrays. It implements 256-bit AES-XTS encryption/decryption to encrypt and decrypt data as it is being written to or read from a SAS drive. The two variants are the Storage Processor SAS Module variant which is embedded on the printed circuit board (PCB) of the Storage Processor and the Pluggable I/O SAS Module variant which is embedded on the PCB of a pluggable I/O Module."
2911F5 Networks
401 Elliott Avenue West
Seattle, WA 98119
USA

Maryrita Steinhour
TEL: 206-272-7351
FAX: n/a

John Hughes
TEL: 206-272-6038
FAX: n/a

CST Lab: NVLAP 200658-0
Cryptographic Module for BIG-IP®
(Software Version: 12.1.2 HF1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/15/20175/14/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with BIG-IP 12.1.2 HF1 on VMware ESXi™ 5.5 hypervisor running on HP ProLiant BL490c with PAA
BIG-IP 12.1.2 HF1 on VMware ESXi™ 5.5 hypervisor running on HP ProLiant BL490c without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4436 and #4437); CVL (Cert. #1144); DRBG (Certs. #1435 and #1436); ECDSA (Cert. #1076); HMAC (Certs. #2948 and #2949); RSA (Cert. #2418); SHS (Certs. #3655 and #3656)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #1144, shared secret computation provides 128 or 192 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); IDEA; JPAKE; MD4; MD5; MDC2; PRNG; RC2; RC4; RIPEMD; RSA (encrypt/decrypt); SEED; SRP; Triple-DES (non-compliant); Whirlpool
Multi-Chip Stand Alone

"Cryptographic library offering various cryptographic mechanisms to BIG-IP® Virtual Edition."
2910Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Liu Pinping
TEL: +86 15850529039

CST Lab: NVLAP 100432-0
Huawei S12700 Series Switches
(Hardware Versions: S12704 P/N 02114480 Version E.3, S12708 P/N 02114178 Version Q.3 and S12712 P/N 02114180 Version P.3 all with MPU P/N 03030RPE, SFU P/N 03030RPF, LPU P/N 03030SGN and Tamper Seals P/N 4057-113016; Firmware Version: V200R010C00SPC900B900)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/15/20175/14/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4400); CKG (vendor affirmed); CVL (Cert. #1107); DRBG (Cert. #1418); DSA (Cert. #1175); ECDSA (Cert. #1057); HMAC (Cert. #2924); KTS (AES Cert. #4400 and HMAC Cert. #2924; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (Triple-DES Cert. #2372 and HMAC Cert. #2924; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2380); SHS (Cert. #3627); Triple-DES (Cert. #2372)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2924); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES-XCBC-MAC (non-compliant); DES; HMAC-MD5; RC4; SNMP KDF (non-compliant)
Multi-Chip Stand Alone

"Huawei S12700 series agile switches are core switches designed for next-generation campus networks. Using a fully programmable switching architecture, the S12700 series allows fast, flexible function customization and supports a smooth evolution to software-defined networking (SDN) The S12700 series uses Huawei Ethernet Network Processor (ENP) and provides native wireless access controller (AC) to help build a wired and wireless converged network. Its uniform user management capabilities deliver refined user and service management."
2909Arista Networks, Inc.
5453 Great America Parkway
Santa Clara, CA 95054

Richard Whitney
TEL: 703-627-6092
FAX: 408-538-8920

Ethan Rahn

CST Lab: NVLAP 100432-0
Arista Networks OpenSSL Module
(Software Version: openssl-1.0.2h-fips)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/15/20175/14/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): EOSv4 running on an Arista 7150S with AMD Athlon NEO X2
EOSv4 running on an Arista 7508 with Intel Sandy Bridge EN
EOSv4 running on an Arista 7308 with Intel Broadwell-DE
EOSv4 running on an Arista 7010T with AMD G Series: eKabini
EOSv4 running on an Arista 7060CX with AMD G Series: Steppe Eagle (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4280); CVL (Cert. #1012); DRBG (Cert. #1340); DSA (Cert. #1141); ECDSA (Cert. #998); HMAC (Cert. #2816); RSA (Cert. #2301); SHS (Cert. #3516); Triple-DES (Cert. #2309)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key transport; key establishment methodology provides 112 or 128 bits of encryption strength); AES KW (non-compliant); AES-XTS (non-compliant); Blowfish; Camellia; CAST5; DES; DES-X; HMAC-MD5; IDEA; MD4; RC2; RC4; RC5; RIPEMD-160; SEED; Triple-DES KW (non-compliant); Whirlpool
Multi-Chip Stand Alone

"Arista’s crypto library is a comprehensive suite of FIPS Approved algorithms. Many key sizes and modes have been implemented to allow flexibility and efficiency."
2908Hewlett Packard Enterprise
3000 Hanover St
Palo Alto, CA 94304
USA

Fernie Fuentes

CST Lab: NVLAP 201029-0
Hewlett Packard Enterprise NSS Crypto Module
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2711.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/13/201712/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAARed Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3605, #3606, #3607 and #3609); CVL (Certs. #626 and #627); DRBG (Certs. #936 and #937); DSA (Certs. #1002 and #1003); ECDSA (Certs. #739 and #740); HMAC (Certs. #2300 and #2301); RSA (Certs. #1854, #1855, #2034 and #2035); SHS (Certs. #2966 and #2967); Triple-DES (Certs. #2007 and #2008)

-Other algorithms: AES (Certs. #3605, #3606, #3607 and #3609, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Certs.#2007 and #2008, key wrapping; key establishment methodology provides 112 bits of encryption strength); Camellia; DES; JPAKE; MD2; MD5; RC2; RC4; RC5; SEED;
Multi-Chip Stand Alone

"The Hewlett Packard Enterprise NSS Crypto Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for Hewlett Packard Enterprise components."
2907Canonical Ltd.
5th floor, Blue Fin Building
110 Southwark Street
London SE1 0SU
United Kingdom

Joy Latten

Andrew Cloke

CST Lab: NVLAP 200658-0
Ubuntu OpenSSH Client Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/10/20175/9/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360 and #4361); CVL (Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1085, #1086, #1087, #1088, #1089, #1090 and #1091); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357)

-Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; Ed25519
Multi-Chip Stand Alone

"Ubuntu OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2906Canonical Ltd.
5th floor, Blue Fin Building
110 Southwark Street
London SE1 0SU
United Kingdom

Joy Latten

Andrew Cloke

CST Lab: NVLAP 200658-0
Ubuntu OpenSSH Server Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module Ubuntu OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #2888 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/10/20175/9/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360 and #4361); CVL (Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1062, #1063, #1065, #1067, #1068, #1069, #1085, #1086, #1087, #1088, #1089, #1090 and #1091); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357)

-Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; Ed25519
Multi-Chip Stand Alone

"Ubuntu OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2905Becrypt Limited
Artillery House
11-19 Artillery Row
London, England SW1P 1RT
United Kingdom

Mark Wilce
TEL: +44 207 557 6515
FAX: +44 845 838 2060

CST Lab: NVLAP 200416-0
Becrypt Cryptographic Library
(Hardware Version: Intel Core i5-4300Y; Software Version: 3.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid05/10/20175/9/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): MS-DOS 6.22 (16-bit) running on a Fujitsu LifeBook S7020 laptop
Microsoft Windows 7 Ultimate Edition (32-bit) running on a Dell D630
Microsoft Windows 7 Enterprise Edition (64-bit) running on a Dell Vostro 1500
Microsoft Windows 8.1 Professional (64-bit) running on a Dell Venue 11 Pro (7130) with PAA
Ubuntu Linux 12.04 LTS (32-bit) running on a Dell D630
Ubuntu Linux 12.04 LTS (64-bit) running on a Dell Vostro 1500
Android v4.2.2 running on a Google Nexus 7 (2012) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2883 and #2885); DRBG (Cert. #520); HMAC (Certs. #1817 and #1819); RSA (Cert. #1516); SHS (Certs. #2423 and #2426)

-Other algorithms: AES (Certs. #2883 and #2885, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); AES (non-compliant); PRNG
Multi-Chip Stand Alone

"The Becrypt Cryptographic Library provides core cryptographic functionality for Becrypt's security products providing a capability to develop complex and flexible security applications that require cryptographic functionality for pre-OS (16-bit), 32-bit and 64-bit operating environments."
2904Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Hamid Sobouti
TEL: 408-333-4150
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches
(Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01) with RPS9 (80-1003868-01) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024C-4X-RT-DC (80-1007213-01) with RPS9DC (80-1003869-02) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024F-4X-RT-AC (80-1006529-01) with RPS9 (80-1003868-01) and SW-CER-2024-RTUPG (80-1004848-01), BR-CER-2024F-4X-RT-DC (80-1007212-01) with RPS9DC (80-1003869-02) and SW-CER-2024-RTUPG (80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01) with RPS9 (80-1003868-01), BR-CES-2024C-4X-DC (80-1007215-01) with RPS9DC (80-1003869-02), BR-CES-2024F-4X-AC (80-1000037-01) with RPS9 (80-1003868-01), BR-CES-2024F-4X-DC (80-1007214-01) with RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R06.0.00aa)
(When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 12 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/10/20175/9/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2715 and #3143); CVL (Certs. #173, #394 and #403); DRBG (Cert. #452); HMAC (Cert. #1694); RSA (Cert. #1411); SHS (Cert. #2280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor."
2903Toshiba Memory Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type B1
(Hardware Versions: A2 with PX05SVQ040B, A2 with PX05SRQ192B, A2 with PX05SRQ384B; Firmware Version: PX05PD43)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/10/20175/9/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2902Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Firepower Next-Generation IPS Virtual (NGIPSv) Cryptographic Module
(Software Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/09/20175/8/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): NGIPSv 6.1 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4411); CVL (Cert. #1117); DRBG (Cert. #1425); ECDSA (Cert. #1063); HMAC (Cert. #2932); RSA (Cert. #2397); SHS (Cert. #3637); Triple-DES (Cert. #2377)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"The virtualized offering of the Cisco FirePOWER next-generation IPS (NGIPS) solution providing the Industry-leading threat protection. Real-time contextual awareness. Full-stack visibility. Intelligent security automation. This virtualized highly effective intrusion prevention system provides reliable performance and a low total cost of ownership. Threat protection can be expanded with optional subscription licenses to provide Advanced Malware Protection (AMP), application visibility and control, and URL filtering capabilities."
2901Huawei Technologies Co., Ltd.
101 Software Avenue
Yuhuatai District
NANJING, JIANGSU 210000
CHINA

Yang Ze (Allen)
TEL: +86 15919432118

Shi Lisha
TEL: +86 13451902202

CST Lab: NVLAP 100432-0
Huawei AR1200 and AR2200 Series Routers
(Hardware Versions: AR1220E P/N 02350DQJ Version E.5 with [1], AR1220EVW P/N 02350DQL Version F.5 with [1] and AR2220E P/N 02350DQM Version E.6 with [1]; Tamper Evident Seals P/N 4057-113016 [1]; Firmware Version: V200R008C10SPC110)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IKEv1 and SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/08/20175/7/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4323, #4324 and #4325); CKG (vendor affirmed); CVL (Cert. #1036); DRBG (Cert. #1379); ECDSA (Cert. #1023); HMAC (Certs. #2861, #2862 and #2863); KTS (AES Cert. #4323 and HMAC Cert. #2861; key establishment methodology provides 128 bits of encryption strength); KTS (Triple-DES Cert. #2335 and HMAC Cert. #2861; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #3565, #3566 and #3567); Triple-DES (Certs. #2335, #2336 and #2337)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #2861); NDRNG; Blowfish; DES; HMAC-MD5; IKEv1 KDF (non-compliant); MD5; SM1; SM3; SM4; SNMP KDF (non-compliant)
Multi-Chip Stand Alone

"ARs are located between an enterprise network and a public network, functioning as the only ingress and egress for data transmitted between the two networks. The deployment of various network services over the ARs reduces operation & maintenance (O&M) costs as well as those associated with establishing an enterprise network."
2900SAP SE
Dietmar-Hopp-Allee 16
Walldorf 69190
Germany

Stephan André
TEL: +49-6227-7-47474
FAX: +49-6227-78-55975

Thomas Rothe
TEL: +49-6227-7-47474
FAX: +49-6227-78-55989

CST Lab: NVLAP 200636-0
SAP CommonCryptoLib Crypto Kernel
(Software Versions: 8.4.47.0 32-bit [1] and 64-bit [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/05/20175/4/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): AIX 5.2 64-bit running on a IBM eServer p5 505 without PAA [2]
AIX 6.1 64-bit on IBM PowerVM 2.2 running on a IBM Power 750 Express without PAA [1][2]
HP-UX 11.11 64-bit running on a HP Server rp3440 [2]
HP-UX 11.23 64-bit running on a HP Server rx5670 [2]
HP-UX 11.31 64-bit running on a HP Integrity rx6600 [1][2]
Linux 2.6.5 64-bit running on a HP ProLiant DL585 without PAA [1][2]
Linux 2.6.32 32-bit running on a HP ProLiant DL385-G2 DC [1]
Linux 2.6.32 64-bit running on a HP Integrity rx2660 [2]
Linux 2.6.32 64-bit on IBM PowerVM 2.2 running on a IBM Power 750 Express without PAA [1][2]
Linux 3.0.101 64-bit on IBM PowerVM 2.2 running on a IBM Power System S824 with PAA [2]
Linux 3.0.101 64-bit on Vmware ESXi 5.1.0 running on a HP ProLiant DL580 G7 with PAA [1][2]
Linux 3.0.101 64-bit on IBM z/VM 6.2.0 running on a IBM zEnterprise 196 (2817 series) [2]
SunOS 5.9 64-bit running on a Sun Fire V440 [2]
SunOS 5.10 64-bit running on a Fujitsu PrimePower 650 [1][2]
SunOS 5.10 64-bit running on a Sun Fire X4150 without PAA [1][2]
Windows Server 2008 SP2 64-bit running on a HP ProLiant DL380 G6 without PAA [1][2]
Windows Server 2008 R2 SP1 64-bit on Vmware ESXi 5.1.0 running on a HP ProLiant DL580 G7 with PAA [1][2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3665 and #3666); CVL (Certs. # 670, #671, #672, #673, #674, and #675); DRBG (Certs. #986 and #987); DSA (Certs. #1035 and #1036); ECDSA (Certs. #772 and #773); HMAC (Certs. #2415 and #2416); RSA (Certs. #1898 and #1899); SHS (Certs. #3083 and #3084); Triple-DES (Certs. #2047 and #2048)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; ElGamal; IDEA; MD2; MD4; MD5; RC2; RC4; RC5-32; RIPEMD-128; RIPEMD-160
Multi-Chip Stand Alone

"SAP CommonCryptoLib Crypto Kernel v8.4.47.0 is a shared library, i.e. it consists of software only. SAP CommonCryptoLib Crypto Kernel provides an API in terms of C++ methods for key management and operation of cryptographic functions."
2899Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Firepower Management Center Virtual (FMCv) Cryptographic Module
(Software Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/04/20175/3/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): FMC Virtual 6.1 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4411); CVL (Cert. #1117); DRBG (Cert. #1425); ECDSA (Cert. #1063); HMAC (Cert. #2932); RSA (Cert. #2397); SHS (Cert. #3637); Triple-DES (Cert. #2377)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"The Firepower Management Center Virtual working like the Firepower Management Center appliance aggregates and correlates network traffic information and performance data, assessing the impact of events on particular hosts. You can monitor the information that your device reports, and assess and control the overall activity that occurs on your network. The FMCv also controls the network management features on your devices: switching, routing, NAT and VPN."
2898Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA Cryptographic Module
(Hardware Versions: FPR4110-ASA-K9, FPR4120-ASA-K9, FPR4140-ASA-K9, FPR4150-ASA-K9, FPR9K-SM-24 (SM-24) and FPR9K-SM-36 (SM-36); Firmware Version: 9.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/04/2017
05/12/2017
5/3/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2034, #2035 and #4249); CVL (Cert. #1002); DRBG (Certs. #197 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1233 and #2787); RSA (Cert. #2298); SHS (Certs. #1780 and #3486); Triple-DES (Certs. #1311 and #2304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Embedded

"The market-leading Cisco ASA delivering robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA provides comprehensive security, performance, and reliability for network environments."
2897Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Firepower Management Center Cryptographic Modules
(Hardware Versions: FS750-K9, FS1500-K9, FS2000-K9, FS3500-K9 and FS4000-K9; Firmware Version: 6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/04/20175/3/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4266); CVL (Cert. #1008); DRBG (Cert. #1337); ECDSA (Cert. #995); HMAC (Cert. #2811); RSA (Cert. #2297); SHS (Cert. #3512); Triple-DES (Cert. #2307)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"Firepower Management Center provides complete and unified management over firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection, easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks. You can monitor the information that your device reports, and assess and control the overall activity that occurs on your network. The FMC also controls the network management features on your devices: switching, routing, NAT and VPN."
2896Pulse Secure, LLC
2700 Zanker Road, Suite 200
San Jose, CA 95134
USA

Yin Wei
TEL: 408-676-8868

Yvonne Sang
TEL: 844-807-8573

CST Lab: NVLAP 100432-0
Pulse Secure Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/03/20175/2/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IVE OS 2.0 32-bit with Intel Atom Processor N270 (x86) on Pulse Secure MAG 2600
IVE OS 2.0 64-bit with Intel Pentium Processor E2160 (x86) on Pulse Secure MAG 4610
IVE OS 2.0 64-bit with Intel Pentium Processor E2160 (x86) on Pulse Secure MAG SM160
IVE OS 2.0 64-bit with Intel Core2 Quad Q9400 (x86) on Pulse Secure MAG SM360
IVE OS 2.0 64-bit with Intel Celeron Processor J1900 (x86) on Pulse Secure PSA300
IVE OS 2.0 64-bit with Intel Celeron Processor J1900 (x86) on Pulse Secure PSA3000
IVE OS 2.0 64-bit with Intel Pentium Processor G3420 (x86) on Pulse Secure PSA5000
IVE OS 2.0 64-bit with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000f
IVE OS 2.0 64-bit with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000c
Pulse One version 2.0 with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000f
Pulse One version 2.0 with Intel Xeon E3-1275v3 (x86) on Pulse Secure PSA 7000c
IVE OS 2.0 64-bit on Vmware ESXi with Intel Xeon E5-2620 v4 on Dell Power Edge R430/R530, Intel Xeon E5-2620 v4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4334 and #4341); CVL (Cert. #1046); DRBG (Cert. #1384); DSA (Cert. #1152); ECDSA (Cert. #1026); HMAC (Cert. #2880); RSA (Cert. #2345); SHS (Cert. #3577); Triple-DES (Certs. #2346 and #2347)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #1046, key agreement, key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG
Multi-Chip Stand Alone

"Pulse Secure's portfolio delivers Secure Access solutions for people, devices, things and services. It includes Pulse Connect Secure - the most reliable and feature rich VPN, Pulse Policy Secure - powerful Network Access Control (NAC) with granular network visibility and access control, Pulse Workspace - simplified enterprise mobility management (EMM), Pulse One - centralized management, and the Pulse Unified Client - a single client to connest them all. Together they provide users with secure remote, campus, mobile, and cloud access based on their role, identity, device and location."
2895Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco Aironet 1532e/i, 1552e/i, 1572 EAC, 1602e/i, 1702i, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p, 3702e/i/p and IW3702-2E/4E Wireless LAN Access Points
(Hardware Versions: 1532e[5], 1532i[5], 1552e[2], 1552i[2], 1572 EAC[4], 1602e[3], 1602i[3], 1702i[4], 2602e[4], 2602i[4], 2702e[4], 2702i[4], 3502e[2], 3502i[2], 3602e[4], 3602i[4], 3602p[4], 3702e[4], 3702i[4], 3702p[4], 3602e[1,4], 3602i[1,4], 3602p[1,4], 3702e[1,4], 3702i[1,4], 3702p[1,4], IW3702-2E[4] and IW3702-4E[4] with AIR-RM3000M[1], Marvell 88W8364[2], Marvell 88W8763C[3], Marvell 88W8764C[4] and Qualcomm Atheros AES-128w10i[5]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.3)
(When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/02/20175/1/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2334, #2335, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441)

-Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant)
Multi-Chip Stand Alone

"Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments."
2894General Dynamics Mission Systems
150 Rustcraft Road
Dedham, MA 02026
USA

Ramin Taraz
TEL: 978-923-6400

CST Lab: NVLAP 200427-0
Fortress Mesh Points
(Hardware Versions: ES210, ES2440, ES520v1, ES520v2 and ES820; Firmware Version: 5.4.5)
(When operated in FIPS mode. The protocols SNMP and TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/20174/27/2022Overall Level: 2

-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1519, #1520 and #3506); CVL (Certs. #573, #937 and #938); DRBG (Certs. #66 and #874); DSA (Cert. #1053); ECDSA (Certs. #716 and #833); HMAC (Certs. #889, #890 and #2238); KAS (Cert. #95); KBKDF (Cert. #112); RSA (Certs. #1800 and #1967); SHS (Certs. #1357, #1358 and #2891)

-Other algorithms: MD5; NDRNG; PRNG; SNMP KDF (non-compliant); TLS KDF (non-compliant)
Multi-Chip Stand Alone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
2893Panasonic Corporation
4-1-62, Minoshima, Hakata-ku
Fukuoka, Fukuoka 812-8531
Japan

Masakatsu Matsuo
TEL: +81-50-3380-5930

CST Lab: NVLAP 200822-0
Panasonic Cryptographic Module
(Software Version: 1.04)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/27/20174/26/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Linux kernel 3.13 32 bit on running on HP Elite Desk (Intel Core i7) (gcc Compiler Version 4.8.2) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4366); DRBG (Cert. #1404); HMAC (Cert. #2905); RSA (Cert. #2364); SHS (Cert. #3603); Triple-DES (Cert. #2361)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DES; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"Panasonic Cryptographic Module provides high performance cryptographic processing for embedded devices."
2892Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet)
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN9000 Series Encryptors
(Hardware Version: Senetas Corp. Ltd. CN9000 Series: A9100B (AC); Senetas Corp. Ltd. & SafeNet Inc. CN9000 Series: A9100B (AC); Firmware Version: 3.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/26/20174/25/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4113 and #4122); CVL (Cert. #928); DRBG (Cert. #1242); ECDSA (Cert. #937); HMAC (Cert. #2693); KAS (Cert. #94); RSA (Cert. #2228); SHS (Cert. #3391); Triple-DES (Cert. #2252)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength)
Multi-Chip Stand Alone

"The CN9000 Series Encryptors are high-speed hardware encryption platforms that secure data over optical Ethernet networks. The model included is the CN9100 100G Ethernet Encryptor, operating at a line rate of 100Gb/s. Data privacy is provided by FIPS approved AES CTR algorithms."
2891Vormetric, Inc.
2860 Junction Ave
San Jose, CA 95134
USA

Peter Tsai
TEL: 669-770-6927

Janice Cheng
TEL: 669-770-6823

CST Lab: NVLAP 200002-0
Vormetric Application Encryption Module
(Software Version: 5.2.5)
(When installed, initialized and configured as specified in Section 10 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/25/20174/24/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on an ASUS Desktop PC M51AC-US002S
Windows Server 2012 R2 running on an ASUS Desktop PC M51AC-US002S (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4088); HMAC (Cert. #2668); SHS (Cert. #3364)

-Other algorithms: N/A
Multi-Chip Stand Alone

"Vormetric Application Encryption is a library to simplify integrating application-level encryption into existing corporate applications. The application encryption library provides a set of documented standard-based APIs used to perform cryptographic and encryption key management operations. The innovative product design enables developers to choose to standard AES encryption or schema maintaining Format Preserving Encryption (FPE). Vormetric Application Encryption removes the complexity and risk of implementing an in-house encryption and key management solution."
2890

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/25/20174/24/2022Overall Level: 1

Multi-Chip Embedded
2889Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco Aironet 1562 e/i/d/ps, 2802 e/i and 3802 e/i/p Wireless LAN Access Points
(Hardware Versions: 1562e, 1562i, 1562d, 1562ps, 2802e, 2802i, 3802e, 3802i, 3802p with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.3)
(When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/25/20174/24/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4114, #4340, #4367 and #4409); CVL (Certs. #1115 and #1116); DRBG (Cert. #1422); ECDSA (Cert. #1061); HMAC (Certs. #2906 and #2931); KBKDF (Cert. #126); KTS (AES Cert. #4409; key wrapping; key establishment methodology provides 128 and 256 bits of encryption strength); RSA (Certs. #2344 and #2396); SHS (Certs. #3576, #3604, and #3635)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1116, key agreement; key establishment methodology provides 128 and 192 bits of encryption strength); MD5; NDRNG
Multi-Chip Stand Alone

"Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments."
2888Canonical Ltd.
5th floor, Blue Fin Building
110 Southwark Street
London SE1 0SU
United Kingdom

Joy Latten

Andrew Cloke

CST Lab: NVLAP 200658-0
Ubuntu OpenSSL Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/24/2017
06/06/2017
4/23/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA
Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374 and #4375); CVL (Certs. #1055, #1058, #1061, #1064, #1066, #1068 and #1070); DRBG (Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396 and #1397); DSA (Certs. #1156, #1157, #1158, #1159, #1160, #1161 and #1162); ECDSA (Certs. #1031, #1032, #1033, #1034, #1035, #1036 and #1037); HMAC (Certs. #2895, #2896, #2897, #2898, #2899, #2900 and #2901); KTS (AES Certs. #4354, #4357, #4358 and #4360; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #2351, #2352, #2353, #2354, #2355, #2356 and #2357); SHS (Certs. #3593, #3594, #3595, #3596, #3597, #3598 and #3599); Triple-DES (Certs. #2355, #2356 and #2357)

-Other algorithms: Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068 and #1069; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; PRNG; RSA (non-compliant); SHA (non-compliant)
Multi-Chip Stand Alone

"OpenSSL is an open-source library of various cryptographic algorithms written mainly in C."
2887Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-VM Virtual Appliance
(Software Versions: FortiGate-VM64 v5.2.7,build0718,160328)
(When operated in FIPS mode. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/21/20174/20/2022Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Tested Configuration(s): FortiGate-VM on VMware ESXi 5.5 (single-user mode) running on Dell PowerEdge R720 with Intel Xeon E5-2620 processor with the Fortinet entropy token (part number FTR-ENT-1)

-FIPS Approved algorithms: AES (Certs. #4021 and #4022); CVL (Certs. #850 and #851); DRBG (Cert. #1199); HMAC (Certs. #2623 and #2624); RSA (Cert. #2191); SHS (Certs. #3317 and #3318); Triple-DES (Certs. #2201 and #2202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate-VM appliances are software modules designed to execute on a General Purpose Computer (GPC) hardware platform running the VMware hypervisor and FortiOS 5.2. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2886Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive
(Hardware Versions: ST10000NM0176 [1] and ST10000NM0186 [2]; Firmware Versions: SF02 [1] and NF02 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/20/20174/19/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947, #3759, #3760 and #4279); CKG (vendor affirmed); CVL (Certs. #828 and #852); DRBG (Cert. #1146); HMAC (Certs. #2613 and #2815); PBKDF (vendor affirmed); RSA (Certs. #2056 and #2300); SHS (Certs. #3304 and #3515)

-Other algorithms: Diffie-Hellman (CVL Cert. #852, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2885SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
SonicWall v11.4 EX6000, EX7000, EX9000, SMA 6200, SMA 7200
(Hardware Versions: P/Ns 101-500210-78 Rev A, 101-500188-79 Rev A, 101-500352-62 Rev A, 101-500399-61 Rev B, 101-500398-61 Rev B; Firmware Version: 11.4.0-512)
(When configured as specified in Section 8 and tamper-evident seals installed as indicated in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/19/2017
06/12/2017
4/18/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4044, #4045 and #4046); CVL (Certs. #869, #870, #871 and #872); DRBG (Cert. #1211); ECDSA (Certs. #906 and #907); HMAC (Certs. #2639, #2640 and #2641); RSA (Certs. #2076 and #2077); SHS (Certs. #3333, #3334 and #3335); Triple-DES (Certs. #2211, #2212 and #2213)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. 2641); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RC4
Multi-Chip Stand Alone

"SonicWall Software SRA EX6000, SMA 6200, SRA EX7000, SMA 7200 and SRA EX9000 are part of the SonicWall Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS, Google Android and Google Chromebook among others."
2884Mercury Systems, Inc.
3601 East University Drive
Phoenix, AZ 85034
USA

Bob Lazaravich
TEL: 602-437-1520

Iain Mackie
TEL: 602-458-3450

CST Lab: NVLAP 100432-0
Mercury Systems ASURRE-Stor™ SSD
(Hardware Versions: P/Ns ASD256AM2R-0yzIF, 3.0; ASD512AM2R-0yzIF, 3.0; ADR256AM2R-0yzIF, 3.0; ADR512AM2R-0yzIF, 3.0 (as described in Security Policy, Table 4); Firmware Version: 1.5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/19/20174/18/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2802, #3986 and #3987); DRBG (Cert. #1179); ECDSA (Cert. #883); HMAC (Cert. #2602); KTS (AES Cert. #3987); PBKDF (vendor affirmed); SHS (Cert. #3291)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Mercury Systems ASURRE-Stor™ SSD implements an industry standard 2.5" secure solid state hard drive. Unlike many secure SSDs, the ASURRE-Stor™ SSD does not depend on a TPM device, TCG, or OPAL to implement security. Instead the ASURRE-Stor™ SSD implements security using AES-256 XTS encryption and several key management techniques that are compatible with the ATA specification. These techniques provide superior and flexible solutions for mission critical defense applications and have no requirements for unencrypted shadow MBR sectors or 3rd party OPAL software."
2883HGST, a Western Digital company
5601 Great Oaks Parkway
San Jose, CA 95119
USA

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar C15K600 TCG Enterprise HDDs
(Hardware Versions: HUC156060CS4205 (2), HUC156045CS4205 (2), HUC156030CS4205 (2), HUC156060CSS205 (2), HUC156045CSS205 (2), HUC156030CSS205 (2); Firmware Version: RAA2 or RD02)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/18/2017
05/23/2017
4/17/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037)

-Other algorithms: NDRNG
Multi-Chip Embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs."
2882

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/25/20174/24/2022Overall Level: 2

Multi-Chip Stand Alone
2881SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYCOS 3.0 microSDHC™ TrustedFlash Module
(Hardware Versions: 851-315013F (16GB) and 851-315014F (32GB); Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/13/20174/12/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3028, #3115 and #4241); CKG (vendor affirmed); CVL (Cert. #419); DRBG (Cert. #658); ECDSA (Cert. #578); HMAC (Cert. #1913); KAS (Cert. #52); KBKDF (Cert. #111); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1611); SHS (Cert. #2529); Triple-DES (Cert. #1772)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Embedded

"The SPYCOS 3.0 microSDHC™ TrustedFlash Module integrates a FIPS 140-2 Level 3 PKI hardware security module employing efficient elliptic curve cryptography with a hardware-based AES 256-bit encrypted flash for secure user data storage. It provides high assurance hardware encryption services to protect data at rest and the authentication services for strong two-factor authentication for any network or cloud service."
2880HGST, a Western Digital company
5601 Great Oaks Parkway
San Jose, CA 95119
USA

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar C10K1800 TCG Enterprise HDDs
(Hardware Versions: HUC101818CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC101818CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CS4205 (2) [1, 4], HUC101812CS4205 (3) [1, 4], HUC101890CS4205 (2) [1, 2, 4, 6, 7, 8], HUC101890CS4205 (3) [1, 2, 4, 6, 7, 8], HUC101860CS4205 (2) [1, 4], HUC101860CS4205 (3) [1, 4], HUC101845CS4205 (2) [1, 4], HUC101845CS4205 (3) [1, 4], HUC101812CSS205 (2) [1, 4], HUC101812CSS205 (3) [1, 4], HUC101890CSS205 (2) [1, 4], HUC101890CSS205 (3) [1, 4], HUC101860CSS205 (2) [1, 4], HUC101860CSS205 (3) [1, 4], HUC101830CSS205 (2) [1, 4], HUC101830CSS205 (3) [1, 4]; Firmware Versions: RAA2 [1], RAG0 [2], RAH0 [3], RD02 [4], FM30 [5], NA01 [6], RD31 [7] or NA02 [8])
(When installed, initialized and configured as specified in Section 7.2 of the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/11/2017
05/23/2017
06/01/2017
08/15/2017
4/10/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); KTS (AES Cert. #2365); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037)

-Other algorithms: NDRNG
Multi-Chip Embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C10K1800 series are 12Gbs SAS, TCG Enterprise HDDs."
2879Barco n.v.
Beneluxpark 21
Kortrijk 8500
Belgium

Tom Bert
TEL: 32 (0) 56 36 89 67

CST Lab: NVLAP 200802-0
Barco ICMP
(Hardware Version: R7681272-02; Firmware Version: 1.3.0.15735B)
(When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/11/20174/10/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: RSA (Cert. #2295); SHS (Cert. #3491)

-Other algorithms: AES (non-compliant); DRBG (non-compliant); EC Diffie-Hellman (non-compliant); HMAC (non-compliant); HMAC-MD5; MD5; NDRNG; PRNG; SHS (non-compliant); TLS KDF (non-compliant)
Multi-Chip Embedded

"DCI compliant Barco integrated Image Media Block."
2878Axon Enterprise, Inc
17800 N 85th St.
Suite 350
Scottsdale, AZ 85255
USA

Gregory Hewes

Jenner Holden

CST Lab: NVLAP 201029-0
Axon Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/06/20172/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG
Multi-Chip Stand Alone

"The Axon Cryptographic Module is a software cryptographic module that provides core cryptographic functions for secure key management, data integrity, and secure communications to Axon cloud based services."
2877WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0
WatchGuard Firebox T10[1], T10-W[2], T30[3], T30-W[4], T50[5], T50-W[6]
(Hardware Version: DS1AE3 [1]; DS3AE3 [2]; BS3AE5 [3]; BS3AE5W [4]; BS5AE7 [5]; BS5AE7W [6]; FIPS Kit P/N: WG8566; Firmware Version: Fireware OS v11.11.2)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/06/20174/5/2022Overall Level: 2

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3673, #3674, #3675, and #3960); CVL (Cert. #793); DRBG (Cert. #1160); HMAC (Certs. #2420, #2421, #2422, and #2580); RSA (Cert. #2023); SHS (Certs. #3088, #3089, #3090, and #3266); Triple-DES (Certs. #2052, #2053, #2054, and #2171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; MD5; PBKDF (non-compliant); TKIP
Multi-Chip Stand Alone

"WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the FIREBOX appliances are completely configurable - turn on or off components and services to fit different network security deployment requirements."
2876Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
KMF/Wave/Traffic CryptR
(Hardware Version: P/N CLN8566A; Firmware Version: R02.01.05)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/06/20174/5/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #1901); ECDSA (Cert. #268); SHS (Cert. #1670)

-Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; DES; DVI-XL; DVP-XL; KAS (non-compliant)
Multi-Chip Stand Alone

"The KMF/Wave/Traffic CryptR provides encryption and decryption services for secure key management, Over-the-Air-Rekeying (OTAR), secure data traffics, and secure voice traffics for the Motorola’s Key Management Facility (KMF) and the Motorola's Wave Systems. The KMF and KMF CryptR combine to provide cryptographic services for Motorola’s APCO-25 compliant Astro™ radio systems."
2875Forcepoint
10900-A Stonelake Blvd.
Quarry Oaks 1
Ste. 350
Austin, TX 78759
USA

Matt Sturm
TEL: 858-320-9444

Matthew Noland
TEL: 512-644-1214

CST Lab: NVLAP 201029-0
Forcepoint C Cryptographic Module
(Software Versions: 2.0.2, 2.0.5 or 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy and operated in FIPS in mode. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/05/20171/29/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64) CentOS 7.2 on a Forcepoint V10000 G4 Appliance (gcc 4.4.7)iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)(single-user mode)

-FIPS Approved algorithms: AES (Certs. #2234, #3264 and #4401); CVL (Certs. #36, #472 and #1110); DRBG (Certs. #264, #723 and #1419); DSA (Certs. #693, #933 and #1176); ECDSA (Certs. #347, #620 and #1058); HMAC (Certs. #1363, #2063 and #2925); RSA (Certs. #1145, #1664 and #2381); SHS (Certs. #1923, #2702 and #3628); Triple-DES (Certs. #1398, #1853 and #2373)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG
Multi-Chip Stand Alone

"Forcepoint produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Forcepoint C Crypto Module provides support for cryptographic and secure communications services for these solutions."
2874Barracuda Networks
3175 Winchester Boulevard
Campbell, CA 95008
USA

Gerhard Schaber
TEL: +43-508-100

CST Lab: NVLAP 200423-0
Barracuda KTINA FIPS Crypto Module
(Software Version: 7.1)
(When operated with the module "Barracuda Cryptographic Software Module" validated to FIPS 140-2 under Cert. #2458)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/05/20174/4/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Barracuda NextGen Firewall and Control Center OS 7 on Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 with PAA
Barracuda NextGen Firewall and Control Center OS 7 on Microsoft Windows 2012 (64-bit) Hyper-V running on a Dell PowerEdge R320 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4150); HMAC (Cert. #2720); SHS (Cert. #3416); Triple-DES (Cert. #2267)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The Barracuda KTINA FIPS Crypto Module is a Linux kernel module library that provides fundamental cryptographic functions for applications in Barracuda security products that require FIPS 140-2 approved cryptographic functions."
2873Dell EMC
176 South Street
Hopkinton, MA 01748
USA

Kerry Bellefontaine

CST Lab: NVLAP 200556-0
VMAX 6 Gb/s SAS I/O Module with Encryption
(Hardware Version: 303-161-101B-05; Firmware Version: 2.13.46.00)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/04/20174/3/2022Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3255); HMAC (Cert. #2053); KTS (AES Cert. #3255); SHS (Cert. #2692)

-Other algorithms: N/A
Multi-Chip Embedded

"Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including the Symmetrix VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 6Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt and decrypt data as it is being written to or read from a drive."
2872Veeam Software Corporation
8800 Lyra Drive
Suite 350
Columbus, OH 43240
USA

Michael Miller

Scott Lillis

CST Lab: NVLAP 201029-0
Veeam Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/30/20172/4/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755, CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; PRNG
Multi-Chip Stand Alone

"The Veeam Cryptographic Module provides cryptographic functions for the Veeam Availability Suite. These functions are used for protecting data in transit and at rest using standards based and trusted algorithms."
2871Dell EMC
176 South Street
Hopkinton, MA 01748
USA

Kerry Bellefontaine

CST Lab: NVLAP 200556-0
VMAX 12 Gb/s SAS I/O Module with Encryption
(Hardware Version: 303-305-100A-06; Firmware Version: v3.08.41.00)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/28/20173/27/2022Overall Level: 1

-Physical Security: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3586 and #3598); HMAC (Cert. #2296); KTS (AES Cert. #3598); SHS (Cert. #2961)

-Other algorithms: N/A
Multi-Chip Embedded

"Dell EMC Data at Rest Encryption provides hardware-based, on-array, back-end encryption for Dell EMC storage systems, including VMAX. Data at Rest Encryption protects information from unauthorized access when drives are physically removed from the system and also offers a convenient means of decommissioning all drives in the system at once.Dell EMC 12Gb/s SAS I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt and decrypt data as it is being written to or read from a drive."
2870INTEGRITY Security Services
7585 Irvine Center Drive
Suite 250
Irvine, CA 92618
USA

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

CST Lab: NVLAP 201029-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Firmware Version: 3.0.3)
(When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware03/28/20173/27/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Silicon Labs EM3581 with ARM Cortex-M3

-FIPS Approved algorithms: AES (Cert. #4239); DRBG (Cert. #1319); ECDSA (Cert. #981); HMAC (Cert. #2778); SHS (Cert. #3477)

-Other algorithms: EC Diffie-Hellman (shared secret computation provides 128 bits of encryption strength)
Multi-Chip Embedded

"Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2869Aviat Networks, Inc.
860 N. McCarthy Blvd., Suite 200
Milpitas, CA 95035
USA

Ruth French
TEL: +44 7771 978599
FAX: +44 1698 717204

Martin Howard
TEL: +64 4 577 8735
FAX: +64 4 577 8822

CST Lab: NVLAP 100432-0
Aviat Networks Eclipse Cryptographic Module
(Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004 with FPGA_NCCV2_E1_DS1_004.bit and FPGA_NCCV2_STM1_006.bit), FIPS Installation Kit (P/N 179-530153-001 or 179-530153-002), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), RAC 6XE (P/N EXR-600-002 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), RAC 60 (P/N EXR-660-001 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit), or RAC 60E (P/N EXR-660-002 with FPGA_RAC6X_PDH_ACM-14.19.52.bit and FPGA_RAC6X_SDH-2.3.1.bit)] and all remaining slots filled by excluded components as specified in the Security Policy.; Firmware Version: 08.02.91 with Bootloader version 1.0.36)
(When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/27/20173/26/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2260 and #2418); CVL (Certs. #73, #860 and #970); DRBG (Cert. #323); ECDSA (Cert. #902); HMAC (Cert. #2634); RSA (Certs. #2071 and #2239); SHS (Certs. #3328 and #3397)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #860, key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; DES; Diffie-Hellman (non-compliant)
Multi-Chip Stand Alone

"This cryptographic module performs encryption of data carried over a microwave radio link."
2868Tavve Software Company
1 Copley Pkwy
Ste 480
Morrisville, NC 27560
USA

Louie Yilling
TEL: 919-654-1250

Jeff Olson
TEL: 919-654-1226

CST Lab: NVLAP 100432-0
Tavve Cryptographic Module
(Software Version: 6.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/24/2017
03/30/2017
12/7/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090)

-Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Multi-Chip Stand Alone

"The Tavve Cryptographic Module provides cryptographic functions for Tavve's ZoneRanger and Ranger Gateway applications."
2867Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Laura Loredo
TEL: 44 117 3162462

Dave Tuckett
TEL: 44 117 316 2692

CST Lab: NVLAP 100432-0
HPE LTO-6 Tape Drive
(Hardware Versions: P/Ns AQ278A #912 [1], AQ288D #103 [2] and AQ298C #103 [3]; Firmware Versions: J5SW [1], 35PW [2] and 25MW [3])
(When operated in FIPS mode and initialized to Overall Level 1 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/23/20173/22/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1442, #2189, #3534 and #3535); CVL (Cert. #588); DRBG (Cert. #889); HMAC (Cert. #2258); KTS (AES Cert. #3535); RSA (Certs. #1128 and #1821); SHS (Certs. #1897 and #2913)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2866VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0
VMware Java JCE (Java Cryptographic Extension) Module
(Software Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/22/20173/21/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment 1.7.0 on NSX Controller 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
Java SE Runtime Environment 1.7.0 on NSX Edge 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
Java SE Runtime Environment 1.7.0 on NSX Manager 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4153); CVL (Certs. #955, #956 and #957); DRBG (Cert. #1261); DSA (Cert. #1127); ECDSA (Cert. #955); HMAC (Cert. #2721); KAS (Cert. #96); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #107); KTS (vendor affirmed); KTS (AES Cert. #4153; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2269; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2261); SHA-3 (Cert. #10); SHS (Cert. #3417); Triple-DES (Cert. #2269)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Multi-Chip Stand Alone

"The VMware Java JCE (Java Cryptographic Extension) Module is a software cryptographic module based on the Legion of the Bouncy Castle Inc. FIPS Java API (BC-FJA) Module (SW Version 1.0.0). The module is a software library that provides cryptographic functions to various VMware applications via a well-defined Java-language application program interface (API)."
2865Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 and 6520 FC Switches, and 7800 Extension Switch
(Hardware Versions: {6510 FC Switch (P/N 80-1005272-03) with FRU (P/N 80-1001304-02) with Software License (P/N 80-1005356-02), 6520 FC Switch (P/N 80-1007257-03) with FRUs (P/Ns 80-1007263-01 and 80-1004580-02) with Software License (P/N 80-1007272-01), 7800 Extension Switch (P/N 80-1006977-02) with Software License (P/N 80-1002820-02); [DCX Backbone (P/N 80-1006752-01), DCX-4S Backbone (P/N 80-1006772-01), DCX 8510-4 Backbone (P/N 80-1006964-01), DCX 8510-8 Backbone (P/N 80-1007025-01)] with Blades (P/Ns 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1006771-01, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1006936-01, 80-1006779-01, 80-1006823-01, 80-1007000-01, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01))
(When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/21/20173/20/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2876 and #2893); CVL (Certs. #311, #312, #320 and #321); DRBG (Certs. #670 and #671); ECDSA (Certs. #942 and #943); HMAC (Certs. #1814 and #1829); RSA (Certs. #2234 and #2235); SHS (Certs. #2417 and #2436); Triple-DES (Certs. #1719 and #1724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #311 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; DES; DES3; DESX; HMAC-MD5-96; HMAC-SHA1-96 (non-compliant); HMAC-RIPEMD160; MD2; MD4; RC2; RC4; RIPEMD160; SNMPv3 KDF (non-compliant); UMAC-64
Multi-Chip Stand Alone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2864Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Hamid Sobouti
TEL: 408-333-4150
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® MLXe® Series Ethernet Routers, Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches
(Hardware Versions: {[BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-32-MR2-M-AC (80-1007253-04), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-32-MR2-X-AC (80-1007255-04), with Components (80-1005643-01, 80-1005644-03, 80-1005641-02, 80-1005642-03, 80-1007878-02, 80-1007911-02, 80-1008426-01, 80-1008427-02, 80-1007879-02, 80-1003891-02, 80-1002983-01, 80-1008686-01, 80-1003971-01, 80-1003969-02, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004469-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01)], [BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), with Components (80-1003868-01, 80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024F-4X-AC (80-1000037-01), with Component (80-1003868-01)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.9.00aa)
(When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 14 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/21/20173/20/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2154, #2715, #2717, #2946, #3143, #3144 and #3478); CVL (Certs. #173, #175, #393, #394, #403, #404, #712, #713 and #1029); DRBG (Certs. #452, #454 and #684); ECDSA (Certs. #761 and #809); HMAC (Certs. #1694, #1696 and #2848); KBKDF (Cert. #35); KTS (AES Cert. #2946); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1411 and #1413); SHS (Certs. #934, #2280 and #2282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #712; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #713, key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high performance Ethernet edge routing and MPLS applications.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. Brocade MLXe Series routers feature industry-leading Gigabit Ethernet ports with wire-speed density; advanced Layer 2 switching; rich IPv4, IPv6, Multi-VRF, MPLS, L2/L3 Virtual Private Networks (VPN),IKEv2/IPsec and PHY based MACsec capabilities without compromising performance."
2863WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0
WatchGuard Firebox M200[1], M300[2], M400[3], M500[4], M440[5], M4600[6], M5600[7]
(Hardware Versions: ML3AE8 [1,2]; SL1AE24 [5]; KL5AE8 [3,4]; CL4AE24 [6] with WG8583, WG8584 and WG8597; CL5AE32 [7] with WG8583, WG8584, WG8585, WG8022, and WG8598; FIPS Kit P/N: WG8566; Firmware Version: Fireware OS v11.11.2)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/16/20173/15/2022Overall Level: 2

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3670, #3671, #3672, #3676, #3677, and #3960); CVL (Cert. #793); DRBG (Cert. #1160); HMAC (Certs. #2417, #2418, #2419, #2423, #2424, and #2580); RSA (Cert. #2023); SHS (Certs. #3085, #3086, #3087, #3091, #3092, and #3266); Triple-DES (Certs. #2049, #2050, #2051, #2055, #2056, and #2171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; MD5; PBKDF (non-compliant); TKIP
Multi-Chip Stand Alone

"WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the FIREBOX appliances are completely configurable - turn on or off components and services to fit different network security deployment requirements."
2862Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Harjit Dhillon
TEL: 916-501-1426

CST Lab: NVLAP 200427-0
HPE Enterprise Secure Key Manager
(Hardware Versions: P/N M6H81AA , Version 5.0; Firmware Version: 7.0.1; Software Version: N/A)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/10/20173/9/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3995); CVL (Certs. #820, #821, #822, #823 and #842); DRBG (Certs. #1185 and #1186); ECDSA (Cert. #889); HMAC (Cert. #2609); KTS (AES Cert #3995; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (AES Cert #3995 and HMAC Cert. #2609; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert #2194 and HMAC Cert. #2609; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2051); SHS (Cert. #3297); Triple-DES (Cert. #2194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #842; key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RC4; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
2861Dell, Inc.
One Dell Way
Round Rock, Texas 78682
USA

Kylie Gallagher
TEL: +1 512 723 7550

Gang Liu
TEL: +1 512 728 5545

CST Lab: NVLAP 200002-0
Dell Crypto Library for Dell iDRAC and Dell CMC
(Software Version: 2.4)
(When operated in FIPS mode. This validation entry is rebranding from Cert. #2496)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/15/20173/14/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Linux 3.2.18 running on a PowerEdge M1000e Blade Server w/ Dell CMC
Linux 3.4.11 running on a PowerEdge R730 Rack Server w/ Dell iDRAC8 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4248); DRBG (Cert. #1327); DSA (Cert. #1138); HMAC (Cert. #2786); RSA (Cert. #2293); SHS (Cert. #3485); Triple-DES (Cert. #2303)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant); ANSI X9.31 RNG (non-compliant); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Triple-DES CMAC (non-compliant)
Multi-Chip Stand Alone

"Dell Cryptographic Module v2.4 is used within various Dell products including the Dell iDRAC8 and Dell CMC. The Integrated Dell Remote Access Controller 8 (Dell iDRAC8) is designed to improve the overall manageability and availability of Dell PowerEdge Servers. The Dell Chassis Management Controller (Dell CMC) is a systems management component designed to manage one or more Dell PowerEdge Systems containing Blade Servers."
2860DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
TEL: 972-39279529
FAX: 972-39230864

Moshe Harel
TEL: 972-3-9279578
FAX: 972-3-9230864

CST Lab: NVLAP 200002-0
DocuSign HSM Appliance
(Hardware Version: 5.0; Firmware Version: 5.0.0)
(When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4029 and #4031); CVL (Certs. #857 and #1039); DRBG (Certs. #98 and #1205); ECDSA (Cert. #900); HMAC (Certs. #2630 and #2632); KTS (AES Cert. #4029 and HMAC Cert. #2630); RSA (Cert. #2069); SHS (Certs. #1465, #3325 and #3326); Triple-DES (Cert. #2207); Triple-DES MAC (Triple-DES Cert. #2207, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES GCM (AES Cert. #4031; non-compliant); ARDFP; DES; DES MAC; DES Stream; FF3 (non-compliant); MD5
Multi-Chip Stand Alone

"DocuSign HSM Appliance is a high-performance cryptographic service provider. It performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
2859Mocana Corporation
20 California Street
San Francisco, CA 94111
USA

Srinivas Kumar
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Version: 6.4.1f)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/08/2017
06/14/2017
3/7/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Mentor Graphics Linux 4.0 running on Avaya VSP4450GSX
Wind River Linux 6.0 running on Intel Atom E3800 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4100 and #4265); CVL (Certs. #971 and #1007); DRBG (Certs. #1232 and #1336); DSA (Certs. #1115 and 1140); ECDSA (Certs. #928 and #994); HMAC (Certs. #2679 and #2810); RSA (Certs. #2219 and #2296); SHS (Certs. #3375 and #3511); Triple-DES (Certs. #2243 and #2306)

-Other algorithms: Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES GCM (AES Certs. #4100 and #4265; non-compliant); AES XTS (AES Certs. #4100 and #4265; non-compliant); DES; HMAC-MD5; MD2; MD4; MD5; PRNG; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
2858Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola GGM 8000 Gateway
(Hardware Versions: Base Unit P/N CLN1841F Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849C Rev AA (DC); Firmware Version: KS 16.9.0.48)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #962 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #1487, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #933 and #3295); Triple-DES (Certs. #757 and #2192)

-Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG
Multi-Chip Stand Alone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2857Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev FB with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.9.0.48)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #173 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #39, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #258 and #3295); Triple-DES (Certs. #275 and #2192)

-Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG
Multi-Chip Stand Alone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2856Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Jaz Lin
TEL: 408-745-2000

Van Nguyen
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways
(Hardware Versions: P/Ns {SRX100H2, SRX110H2-VA, SRX110H2-VB, SRX210HE2, SRX220H2, SRX240H2, SRX550, SRX650} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.3X48-D30)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/07/20173/6/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4055, #4056, #4066, #4067, #4068 and #4069); CVL (Certs. #880 and #926); DRBG (Cert. #1216); DSA (Certs. #1096, #1099, #1100, #1101 and #1102); ECDSA (Certs. #909, #912, #913, #914 and #915); HMAC (Certs. #2647, #2648, #2653, #2654, #2655 and #2656); RSA (Certs. #2087, #2197, #2198, #2199 and #2200); SHS (Certs. #3342, #3343, #3349, #3350, #3351 and #3352); Triple-DES (Certs. #2217, #2218, #2219, #2220, #2223 and #2224)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2647, #2648, #2653, #2654, #2655 and #2656); NDRNG; ARCFOUR; Blowfish; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2855Automation Solutions, Inc (AUTOSOL)
16055 Space Center Blvd.
Houston, TX 77062
USA

Ken Brucker
TEL: 281-286-6017
FAX: 281-286-6902

Edgar Cantu

CST Lab: NVLAP 201029-0
CryptoMod
(Hardware Version: CM5705-D9; Firmware Version: 1.0.51.FIPS)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/03/20173/2/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4140); CVL (Cert. #946); DRBG (Cert. #1255); HMAC (Cert. #2713); PBKDF (vendor affirmed); RSA (Cert. #2257); SHS (Cert. #3410)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant)
Multi-Chip Stand Alone

"AutoSol’s CryptoMod is an end-point security device that protects data exchanged between remote industrial field devices and a centralized SCADA host. Installed in front of equipment, the CryptoMod encrypts traffic for the entire length of an industrial network. It provides authentication for controlling network access, integrity when data is in motion, and confidentiality. It is a CSA Class 1 Div. 2 Gr. ABCD device and a terminal server, so it can fit any existing industrial network. It has a hardware watchdog timer and the capability for remote configuration, management, and updates."
2854EFJohnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

John Tooker
TEL: 402-479-8447
FAX: 402-479-8472

Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

CST Lab: NVLAP 100432-0
Communication Cryptographic Library (CCL)
(Software Version: Product Number 039-5804-200 Rev 3.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/20173/1/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0 running on a Nexus 5X (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3985); DRBG (Cert. #1178); ECDSA (Cert. #882); HMAC (Cert. #2601); KTS (AES Cert. #3985; key establishment methodology provides between 128 and 256 bits of encryption strength); SHS (Cert. #3290)

-Other algorithms: DES
Multi-Chip Stand Alone

"The CCL is a dynamically linked library implemented using the C programming language with an external Java interface. Application developers wishing to use the CCL can use the CCL's Application Programming Interface (API) to perform AES, ECDSA, HMAC, DRBG, SHA256 and SHA512 security related functions. It also includes non-validated legacy services to support DES encryption while operating in the Non-Approved mode of operation."
2853Kaspersky Lab UK Ltd.
1st Floor, 2 Kingdom Street
Paddington, London, W2 6BD
United Kingdom

Oleg Andrianov
TEL: +7 495 797 8700

CST Lab: NVLAP 200968-0
Kaspersky Cryptographic Module (User Mode)
(Software Version: 3.0.1.25)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/20173/1/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA
Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA
Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA
Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-4770 CPU @ 3.40GHz system with PAA
Windows 10 Enterprise 64 bit running on an Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2849, #2959, #2960 and #2980); DRBG (Certs. #502, #561, #890, #891, #896 and #897); HMAC (Certs. #1789 and #1879); PBKDF (vendor affirmed); RSA (Certs. #1490 and #1558); SHA-3 (vendor affirmed); SHS (Certs. #2391 and #2492)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength), RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Kaspersky Cryptographic Module (User Mode) is a software library that provides cryptographic services for various Kaspersky Lab applications. The module is provided as a user-mode DLL."
2852CTERA Networks Ltd.
CTERA Networks NA HQ
205 E. 42nd Street
New York, NY 10017
USA

Aron Brand

Zohar Kaufman

CST Lab: NVLAP 100432-0
CTERA Crypto Module™ (Java)
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/01/201712/7/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090)

-Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Multi-Chip Stand Alone

"CTERA Crypto Module™ (Java) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure."
2851United States Special Operations Command (USSOCOM)
7701 Tampa Point Boulevard
MacDill Air Force Base, FL 33621-5323
USA

William W. Burnham
TEL: (813) 826-2282
FAX: N/A

CST Lab: NVLAP 200416-0
Suite B Cryptographic Module
(Software Version: v3.0.0.0)
(When operated in FIPS mode with module Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2357 operating in FIPS mode or BlackBerry OS Cryptographic Library validated to FIPS 140-2 under Cert. #1578 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/27/20172/26/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): BlackBerry OS 10.3 running on Qualcomm Snapdragon 801
BlackBerry OS 10.3 running on Qualcomm Snapdragon S4
Microsoft Windows Server 2012 R2 (64-bit) running on Intel Xeon E5530 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3328 and #4312); CVL (Cert. #484); ECDSA (Cert. #657); HMAC (Cert. #2119); KAS (Cert. #55); KBKDF (Cert. #116); KTS (AES Cert. #3328); PBKDF (vendor affirmed); SHS (Cert. #2761)

-Other algorithms: N/A
Multi-Chip Stand Alone

"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys."
2850Cavium Inc.
2315 N 1st Street
San Jose, CA 95131
USA

Phanikumar Kancharla
TEL: 408-943-7496

Tejinder Singh
TEL: 408-943-7403

CST Lab: NVLAP 100432-0
NITROXIII CNN35XX-NFBE HSM Family
(Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Versions: CNN35XX-NFBE-FW-2.0.3 build 10 and CNN35XX-NFBE-FW-2.0.3 build 13)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/27/2017
02/28/2017
04/04/2017
08/04/2017
08/31/2017
2/26/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205, #3206 and #4104); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); KTS (AES Certs. #3206 and #4104); KTS (Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1634 and #2218); SHS (Certs. #1780 and #2652); Triple-DES (Certs. #1311 and #2242)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PBE; RC4
Multi-Chip Embedded

"CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers."
2849Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

CST Lab: NVLAP 200556-0
Symantec Messaging Gateway Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/27/20172/26/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): CentOS 6 running on a Dell PowerEdge R430 with Intel Xeon E5-2600

-FIPS Approved algorithms: AES (Cert. #4124); CVL (Cert. #931); DRBG (Cert. #1244); DSA (Cert. #1117); ECDSA (Cert. #939); HMAC (Cert. #2695); RSA (Cert. #2238); SHS (Cert. #3393); Triple-DES (Cert. #2255)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #931, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES XTS (AES Cert. #4124; non-compliant); PRNG
Multi-Chip Stand Alone

"The Symantec Messaging Gateway Cryptographic Module provides cryptographic functions for the Messaging Gateway platforms software.The module's logical cryptographic boundary is the shared library files and their integrity check HMAC files. The module is a multi-chip standalone embodiment installed on a General Purpose Device.All operations of the module occur via calls from host applications and their respective internal daemons/processes. As such there are no untrusted services calling the services of the module."
2848Micron Technology, Inc.
570 Alder Drive
Milpitas, CA 95035
USA

Dale McNamara
TEL: 408-834-1729

Jimmy Ruane
TEL: 408-834-1894

CST Lab: NVLAP 100432-0
MICRON 1100 SSD
(Hardware Versions: MTFDDAK256TBN-1AR15FCHA [1], MTFDDAK512TBN-1AR15FCHA [1], MTFDDAK256TBN-1AR15FCYY [2], MTFDDAK512TBN-1AR15FCYY [2], MTFDDAV256TBN-1AR15FCHA [1], MTFDDAV512TBN-1AR15FCHA [1], MTFDDAV256TBN-1AR15FCYY [2] and MTFDDAV512TBN-1AR15FCYY [2]; Firmware Versions: HPC0F10 [1] and M0MF000 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/23/2017
03/07/2017
04/27/2017
2/22/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4111, #4051 and #4052); DRBG (Cert. #1236); HMAC (Cert. #2685); KTS (AES Cert. #4111); PBKDF (vendor affirmed); RSA (Cert. #2224); SHS (Cert. #3383)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The MICRON 1100 SSD is a multi-chip embedded device which provides hardware AES 256 encryption/decryption of user data that is stored in the NAND flash. The cryptographic module (CM) supports the SATA interface and is compliant with the Trusted Computing Group (TCG) SSC specification Opal."
2847Digital Guardian, Inc.
860 Winter Street
Suite 3
Waltham, MA 02451
USA

Craig Hansen
TEL: 201-572-3784

CST Lab: NVLAP 200427-0
Verdasys Secure Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. This validation entry is a non-security-relevant modification to Cert. #1607)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/22/20172/22/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows XP 32-bit
Windows XP 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1384); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677); SHS (Cert. #1261)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Verdasys Secure Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's DG Agent for Windows endpoint products. The Verdasys Secure Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
2846Prometheus Security Group Global, Inc.
3019 Alvin Devane Blvd.
Building 4, Suite #450
Austin, TX 78741
USA

Jeremy Freeze-Skret
TEL: 512-247-3700
FAX: 512-519-4054

Mark Thomas
TEL: 503-647-7762
FAX: 512-519-4054

CST Lab: NVLAP 100432-0
Talon™ Multi-Function Security Appliance
(Hardware Versions: P/Ns: TAL-SD (FIPS) v1.0 and TAL-HD (FIPS) v1.0; Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/20172/21/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3924 and #3926); CVL (Cert. #780); DRBG (Certs. #1134 and #1135); HMAC (Certs. #2549 and #2550); KTS (AES Cert. #3924 and HMAC Cert. #2549); KTS (Triple-DES Cert. #2153 and HMAC Cert. #2549; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2004); SHS (Certs. #3234 and #3235); Triple-DES (Cert. #2153)

-Other algorithms: AES (Cert. #3924, key wrapping; key establishment methodology provides 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)
Multi-Chip Stand Alone

"The Talon provides ultra-high securtiy standards compliant approach to delivery of high definition real time video, control signaling and physical security data over an IP network. Meeting stringent government encryption and data validation standards, the end user can rest assured that their sensitive data is reliably transported and securely delivered. The device offers an unrivaled level of security and is not susceptible to spoofing or snooping. The product delivers all these features at a price point lower than existing solutions which would require multiple technology combinations."
2845LG Electronics, Inc.
20 Yoido-dong Youngdungpo-gu
Seoul 152-721
Republic of Korea

Jongseong Kim
TEL: 82-10-4535-0110
FAX: 82-2-6950-2080

CST Lab: NVLAP 200997-0
LG Kernel Loadable Cryptographic Module
(Hardware Version: Qualcomm Snapdragon 617; Qualcomm Snapdragon 808; Qualcomm Snapdragon 820; Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/22/20172/21/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0.1 (Linux kernel 3.18) running on an LG G5 (A64 with CE PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with CE PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with NEON PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG V10 (ARMv8 with CE PAA) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3973, #3974 and #3975); DRBG (Certs. #1166, #1167 and #1168); HMAC (Certs. #2591, #2592 and #2593); SHA (Certs. #3278, #3279 and #3280); Triple-DES (Certs. #2178, #2179 and #2180)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality."
2844Centrify Corporation
3300 Tannery Way
Santa Clara, CA 95054
USA

Kitty Shih

CST Lab: NVLAP 200556-0
Centrify Cryptographic Module
(Software Version: 2.0)
(When installed, initialized, and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/21/20172/20/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Mac OS 10.11.5 running on a MacBook Pro Intel Core i7
Red Hat Enterprise Linux 7.2 running on a Intel Xeon E5620 x86_64
AIX 7.2 (32-bit) running on a PowerPC Power7 Processor
AIX 7.2 (64-bit) running on a PowerPC Power7 Processor

-FIPS Approved algorithms: AES (Cert. #4087); CVL (Cert. #903); DRBG (Cert. #1226); DSA (Cert. #1110); ECDSA (Cert. #923); HMAC (Cert. #2667); RSA (Cert. #2212); SHS (Cert. #3363); Triple-DES (Cert. #2232)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
2843Ciena® Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module
(Hardware Version: 2.0 with PCB P/N NTK539QS-220; Firmware Version: 2.01)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/20/20172/19/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4231 and #4232); CVL (Cert. #980); DRBG (Cert. #1315); ECDSA (Certs. #976 and #977); HMAC (Cert. #2770); SHS (Certs. #3468 and #3469); Triple-DES (Cert. #2291)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service."
2842McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor NS-7100, NS-7200 and NS-7300
(Hardware Versions: P/Ns IPS-NS7100 Version 1.10, IPS-NS7200 Version 1.10 and IPS-NS7300 Version 1.10; FIPS Kit P/N IAC-FIPS-KT2; Firmware Version: 8.1.17.16)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/17/20172/16/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923)

-Other algorithms: AES (Cert. #3156, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #1989); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; HMAC (non-compliant); MD5; RC4; RSA (non-compliant); SHS (non-compliant); SNMP KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2841Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Adaptive Security Appliance (ASA) Virtual
(Software Version: 9.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/15/20172/14/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): ASA Virtual 9.6 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4344); CVL (Cert. #1048); DRBG (Cert. #1386); ECDSA (Cert. #1027); HMAC (Cert. #2882); RSA (Cert. #2346); SHS (Cert. #3579); Triple-DES (Cert. #2348)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2840Arxan Technologies
650 California St
San Francisco, CA 94108
USA

Sam Kerr
TEL: 301-968-4290
FAX: 415-247-0910

Andrei Alexandru
TEL: 301-968-4290
FAX: 415-247-0910

CST Lab: NVLAP 100432-0
Arxan Cryptographic Key & Data Protection
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/14/20172/13/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android KitKat 4.4.1 running on a Samsung Galaxy Tablet 4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4123); CVL (Cert. #930); ECDSA (Cert. #938); HMAC (Cert. #2694); SHS (Cert. #3392); Triple-DES (Cert. #2253)

-Other algorithms: N/A
Multi-Chip Stand Alone

"Arxan Cryptographic Key & Data Protection solution implements state-of-the-art Whitebox Cryptography to protect Crypto Keys and Data (at-rest, in-transit & in-use). It transforms crypto keys and data so neither can be discovered statically in the application or in runtime memory. Arxan Cryptographic Key & Data Protection offers strongest security, broader platform support, with better performance, smaller footprint and easier integration. It provides all the major crypto algorithms and features required to protect sensitive keys and data in hostile or untrusted operational environments."
2839VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0
VMware OpenSSL FIPS Object Module
(Software Version: 2.0.9)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/14/2017
02/22/2017
1/29/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Intel Core I without PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I without PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I without PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon with PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon with PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon without PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon without PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0)
Intel Xeon without PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0)
Intel Xeon without PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0)
Intel Xeon with PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0)

-FIPS Approved algorithms: AES (Cert. #4137); CVL (Cert. #943); DRBG (Cert. #1254); DSA (Cert. #1123); ECDSA (Cert. #949); HMAC (Cert. #2710); RSA (Cert. #2251); SHS (Cert. #3407); Triple-DES (Cert. #2261)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #943, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); Dual EC DRBG; PRNG
Multi-Chip Stand Alone

"The VMware OpenSSL FIPS Object Module provides cryptographic functions to various VMware applications."
2838Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

Ikuo Shionoya
TEL: +81-29-856-0155
FAX: +81-29-858-0848

Ken Nakajima
TEL: +81-29-856-0155
FAX: +81-29-858-0848

CST Lab: NVLAP 200928-0
Command Encryption Module
(Firmware Version: 3.0)
(When installed, initialized and Windows Firewall Advanced Security Version 6.1 configured as specified in Section 11 of the Security Policy with tamper evident seals (part number: MSS-FIPS-16-500) installed as indicated in Section 5 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware02/13/20172/12/2022Overall Level: 2

-Operational Environment: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 Professional SP1 running on a HP ProDesk 600 G2

-FIPS Approved algorithms: Triple-DES (Cert. #2191)

-Other algorithms: N/A
Multi-Chip Stand Alone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
2837IBM Corporation
11400 Burnet Road
Austin, TX 78758
USA

Tom Benjamin
TEL: 512-286-5319
FAX: 512-973-4763

Karthik Ramamoorthy
TEL: 512-286-8135
FAX: 512-973-4763

CST Lab: NVLAP 200658-0
IBM Java JCE FIPS 140-2 Cryptographic Module with CPACF
(Hardware Version: COP chips integrated within processor unit; Firmware Version: 3863 (aka FC3863) with System Driver Level 22H; Software Version: 1.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/13/20172/12/2022Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with z/OS version 2 release 2 running on IBM z13 model N63
Red Hat Enterprise Linux Server release 7.2 running on IBM z13 model N63 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3909 and #3910); CVL (Certs. #768, #769, #770 and #771); DRBG (Certs. #1124 and #1125); DSA (Certs. #1067 and #1068); ECDSA (Certs. #852 and #853); HMAC (Certs. #2538 and #2539); KTS (vendor affirmed); RSA (Certs. #1993 and #1994); SHS (Certs. #3221 and #3222); Triple-DES (Certs. #2145 and #2146)

-Other algorithms: Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework."
2836Chunghwa Telecom Co., Ltd. and NXP Semiconductors
No. 99, Dianyan Road
Yangmei Dist.
Taoyuan City 32661
Taiwan (R.O.C.)

Char-Shin Miou
TEL: 03-4244381

Yeou-Fuh Kuan
TEL: 03-4244333

CST Lab: NVLAP 100432-0
HiCOS PKI Applet and Taiwan TWNID Applet on NXP JCOP 3 SecID P60 (OSA)
(Hardware Version: P6022y VB; Firmware Versions: JCOP 3 SECID P60 (OSA) version 0x0503.8211; Applets: HiCOS PKI Applet V1.0, TWNID Applet V1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/13/20172/12/2022Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3997); CVL (Cert. #824); DRBG (Cert. #1187); ECDSA (Cert. #890); KBKDF (Cert. #91); KTS (AES Cert. #3997; key establishment methodology provides 128 and 256 bits of encryption strength); RSA (Certs. #2053 and #2086); SHS (Cert. #3299); Triple-DES (Cert. #2195)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #824, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG
Single Chip

"The Taiwan TID Applet is a Javacard applet that stores personal information related to the user. It allows governmental organizations to retrieve pieces of data. The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services (i.e., for strong authentication, encryption and digital signatures)."
2835Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Apricorn FIPS Module 140-2
(Hardware Versions: REV. D with CAN 1A [A, B]; Firmware Versions: 7.0 [A], 7.6 [B])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/08/2017
03/10/2017
2/7/2022Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911);

-Other algorithms: NDRNG
Multi-Chip Embedded

"The FIPS 140-2 Module is a complete encryption system that provides USB 3.1 interface to any SATA media. The boundary includes all CSPs including seed generation, RNG, code storage & all encryption functions. No CSPs leave the boundary for improved security. Its software free design allows interface to any host that supports USB & mass storage. The module supports 1 Admin & 4 users, brute force, recovery PINs, 7-16 digit PINs, auto lock, read only, etc. & is compatible with Apricorn’s Aegis Configurator. The FIPS 140-2 Module is used in Aegis Fortress, Padlock DT FIPS & Padlock SSD."
2834Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Aegis Secure Key 3.0 Cryptographic Module
(Hardware Versions: RevD {ASK3-8GB (8GB) [A, B, C], ASK3-16GB (16GB) [A, B, C], ASK3-30GB (30GB) [A, B, C], ASK3-60GB (60GB) [A, B, C], ASK3-120GB (120GB) [A, B, C], ASK3-240GB (240GB) [A, B, C], ASK3-480GB (480GB) [A, B, C]}; Firmware Versions: 7.1 [A], 7.7 [B], 7.8 [C])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/07/2017
03/10/2017
03/27/2017
05/09/2017
2/6/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"The Apricorn Aegis Secure Key 3.0 is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator"
2833Aruba a Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba VMC-TACT Series Virtual Controllers with ArubaOS FIPS Firmware
(Firmware Version: ArubaOS VMC 6.4.2.0-1.3-FIPS)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware02/03/20172/2/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): PacStar 451 SSV Small Server with Processor Intel i7 running on VMWare ESXI 5.5

-FIPS Approved algorithms: AES (Certs. #3778 and #3845); CVL (Certs. #718 and #734); DRBG (Cert. #1044); ECDSA (Certs. #813 and #830); HMAC (Certs. #2474 and #2494); KBKDF (Cert. #80); RSA (Certs. #1945, #1964 and #2082); SHS (Certs. #3145, #3167 and #3338); Triple-DES (Certs. #2099 and #2118)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Aruba Networks Virtual Mobility Controller (VMC) is a virtualized network device that serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependent wireless network."
2832Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple macOS CoreCrypto Module, v7.0
(Software Version: 7.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/02/20172/1/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): macOS Sierra v10.12.2 running on Mac mini with i5 CPU with PAA
macOS Sierra v10.12.2 running on Mac mini with i5 CPU without PAA
macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU with PAA
macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU without PAA
macOS Sierra v10.12.2 running on MacPro with Xeon CPU with PAA
macOS Sierra v10.12.2 running on MacPro with Xeon CPU without PAA
macOS Sierra v10.12.2 running on MacBook with Core M CPU with PAA
macOS Sierra v10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4191, #4192, #4193, #4194, #4195, #4196, #4197, #4198, #4207, #4208, #4209, #4210, #4211, #4212, #4213, #4214, #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277); CVL (Certs. #972, #973, #974, #975, #976, #977, #978 and #979); DRBG (Certs. #1291, #1292, #1293, #1294, #1295, #1296, #1297, #1298, #1299, #1300, #1301, #1302, #1303, #1304, #1305, #1306, #1307, #1308, #1309, #1310, #1311, #1312, #1313 and #1314); ECDSA (Certs. #968, #969, #970, #971, #972, #973, #974 and #975); HMAC (Certs. #2746, #2747, #2748, #2749, #2750, #2751, #2752, #2753, #2754, #2755, #2756, #2757, #2758, #2759, #2760, #2761, #2762, #2763, #2764, #2765, #2766, #2767, #2768, #2769, #2796, #2797, #2798, #2799, #2800, #2801 and #2809); KTS (AES Certs. #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2275, #2276, #2277, #2278, #2279, #2280, #2281 and #2282); SHS (Certs. #3444, #3445, #3446, #3447, #3448, #3449, #3450, #3451, #3452, #3453, #3454, #3455, #3456, #3457, #3458, #3459, #3460, #3461, #3462, #3463, #3464, #3465, #3466, #3467, #3497, #3498, #3499, #3500, #3501, #3502 and #3510); Triple-DES (Certs. #2283, #2284, #2285, #2286, #2287, #2288, #2289 and #2290)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Apple macOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2831Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
Oracle StorageTek T10000D Tape Drive
(Hardware Versions: P/N: 7042136 and P/N: 7314405; Firmware Version: RB411111)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/20172/1/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2760, #4039, #4040 and #4047); CVL (Certs. #866 and #867); DRBG (Cert. #1209); ECDSA (Cert. #905); HMAC (Certs. #2636, #2637 and #2642); KTS (AES Cert. #4047); RSA (Cert. #2074); SHS (Certs. #3330 and #3331)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2830Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple macOS CoreCrypto Kernel Module, v7.0
(Software Version: 7.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA
macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA
macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA
macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA
macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA
macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA
macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA
macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292); DRBG (Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352); ECDSA (Certs. #999, #1000, #1001 and #1002); HMAC (Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828); KTS (AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2310, #2311, #2312 and #2313); SHS (Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530); Triple-DES (Certs. #2310, #2311, #2312 and #2313)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2829IBM Corporation
2455 South Road
Poughkeepsie, NY 12601-5400
USA

John Monti
TEL: 845-435-4164

Alyson Comer
TEL: 607-429-4309

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 2 Release 1 System SSL Cryptographic Module
(Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: HCPT410/JCPT411 with APAR OA50589)
(When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode and IBM(R) z/OS(R) Version 2 Release 1 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #2763 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/01/20171/31/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3958, #4083 and #4084); CVL (Certs. #901, #902, #934 and #935); DSA (Certs. #1108, #1109, #1119 and #1120); HMAC (Certs. #2665, #2666, #2697 and #2698); RSA (Certs. #2210, #2211, #2231, #2232, #2240, #2241, #2242, #2243, #2244, #2245, #2246 and #2247); SHS (Certs. #3196, #3361 and #3362); Triple-DES (Certs. #2214, #2230 and #2231)

-Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens."
2828Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module v7.0
(Software Version: 7.0)
(When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU
iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU
iOS 10.2 running on iPad Air 2 with Apple A8X CPU
iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298); DRBG (Certs. #1353, #1354, #1355, #1356, #1357 and #1358); ECDSA (Certs. #1003, #1004, #1005, #1006, #1007 and #1008); HMAC (Certs. #2829, #2830, #2831, #2832, #2833, #2834, #2854, #2855, #2856, #2857, #2858 and #2859); KTS (AES Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2314, #2315, #2316, #2317, #2318 and #2319); SHS (Certs. #3531, #3532, #3533, #3534, #3535, #3536, #3557, #3558, #3559, #3560, #3561 and #3562); Triple-DES (Certs. #2314, #2315, #2316, #2317, #2318 and #2319)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2827Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module v7.0
(Software Version: 7.0)
(When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU
iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU
iOS 10.2 running on iPad Air 2 with Apple A8X CPU
iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4165, #4166, #4167, #4168, #4169, #4170, #4171, #4172, #4173, #4174, #4175, #4176, #4177, #4178, #4179, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269); CVL (Certs. #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969 and #1010); DRBG (Certs. #1264, #1265, #1266, #1267, #1268, #1269, #1270, #1271, #1272, #1273, #1274, #1275, #1276, #1277, #1278, #1279, #1280, #1281, #1282, #1283, #1284, #1285, #1286 and #1339); ECDSA (Certs. #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967 and #997); HMAC (Certs. #2723, #2724, #2725, #2726, #2727, #2728, #2729, #2730, #2731, #2732, #2733, #2734, #2735, #2736, #2737, #2738, #2739, #2740, #2741, #2742, #2743, #2744, #2745 and #2813); KTS (AES Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4166, #4169, #4170, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2264, #2265, #2266, #2267, #2268, #2269, #2270, #2271, #2272, #2273, #2274 and #2299); SHS (Certs. #3421, #3422, #3423, #3424, #3425, #3426, #3427, #3428, #3429, #3430, #3431, #3432, #3433, #3434, #3435, #3436, #3437, #3438, #3439, #3440, #3441, #3442, #3443 and #3514); Triple-DES (Certs. #2272, #2273, #2274, #2275, #2276, #2277, #2278, #2279, #2280, #2281, #2282 and #2308)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2826DataLocker Inc.
7007 College Blvd
Suite 240
Overland Park, KS 66211
USA

Jay Kim
TEL: 913-310-9088

CST Lab: NVLAP 100432-0
DataLocker H350
(Hardware Versions: P/Ns MXKB1B500G5001FIPS, MXKB1B001T5001FIPS, MXKB1B002T5001FIPS, DL-H350-0250SSD, DL-H350-0500SSD, DL-H350-1000SSD; Firmware Version: 1.1.0)
(Files distributed with the module mounted within the Read-Only drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/31/20171/30/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #4139); DRBG (Cert. #1257); HMAC (Certs. #2712 and #2715); PBKDF (vendor affirmed); RSA (Certs. #2255 and #2256); SHS (Certs. #1282 and #3409)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"DataLocker H350 is a secure USB hard disk drive with 256-bit AES encryption and PKI operations combined with advanced authentication and policy management capabilities to help organizations control user access to sensitive data. DataLocker H350 allows enterprise management features like password recovery and remote kill."
2825Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 17305
France

Chanan Lavy
TEL: 972-3-9781254
FAX: 972-3-9781010

Frederic Garnier
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
eToken 5110
(Hardware Versions: P/Ns STM32F042K6U6TR [1] and SLE78CFX3000PH [2]; Firmware Versions: 5110 FIPS FW ver-15.0 [1] and IDCore30-revB- Build 06, eToken Applet version 1.8, eTPnP Applet V1.0 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/30/20171/29/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Certs. #719, #803 and #804); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946, #1947 and #2037); SHS (Certs. #3146 and #3276); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed)

-Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; Triple-DES (Cert. #2100, key wrapping; key establishment methodology provides 112 bits of strength)
Multi-Chip Stand Alone

"SafeNet eToken 5110 FIPS is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business."
2824Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Aegis Secure Key 3Z Cryptographic Module
(Hardware Versions: RevA {P/Ns ASK3Z-8GB (8GB) [A, B, C, D], ASK3Z-16GB (16GB) [A, B, C, D], ASK3Z-32GB (32GB) [A, B, C, D], ASK3Z-64GB (64GB) [A, B, C, D] and ASK3Z-128GB (128GB) [A, B, C, D]}; Firmware Versions: 7.1 [A], 7.5 [B], 7.7 [C], 7.8 [D])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/30/2017
03/10/2017
03/27/2017
05/02/2017
1/29/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"The Apricorn Aegis Secure Key 3z is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator"
2823UnaliWear, Inc.
3410 Cherry Lane
Austin, TX 78746
USA

Jean Anne Booth
TEL: 512-917-3088

Brian Kircher
TEL: 512-773-7854

CST Lab: NVLAP 100432-0
Kanega Watch
(Software Version: 3.9.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): OpenRTOS v9.0.0 running on Atmel Sam4L8 Xplained Pro (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4012); HMAC (Cert. #2617); SHS (Cert. #3310)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The Kanega Watch is a cryptography software library."
2822Toshiba Memory Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type B
(Hardware Versions: A1 with PX05SVQ160B[1], A1 with PX05SVQ320B[2], A0 with PX05SRQ384B[3], A2 with PX05SVQ040B[4], A2 with PX05SRQ192B[5], A1 with PX05SVQ048B[6], A1 with PX05SVQ096B[7], A1 with PX05SVQ192B[8], A1 with PX05SVQ384B[9], A1 with PX05SRQ384B[10]; Firmware Versions: PX05MS00[1][2], PX056901[3], PX05MD42[4][5], PX050502[6][7][8][9][10])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/2017
02/22/2017
05/02/2017
1/24/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2821Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Diana Robinson
TEL: 845-454-6397

Ian Hall
TEL: 703-598-6876

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV3800 [1], SV3800B [2] and SV3800B-20 [3]; 090-03064 [1], 080-03563 [1], 080-03679 [1], 090-03550 [2], 080-03782 [2], 080-03787 [2], 090-03551 [3], 080-03783 [3], and 080-03788 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/20171/24/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4
Multi-Chip Stand Alone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2820Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances
(Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.6)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/23/20171/22/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #4249); CVL (Cert. #1002); DRBG (Certs. #332, #336, #819 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247, #1514, #2095 and #2787); RSA (Cert. #2298); SHS (Certs. #1794, #2091, #2737 and #3486); Triple-DES (Certs. #1321, #1513, #1881 and #2304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2819Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type A
(Hardware Versions: A1 with PX05SVQ080B, A1 with PX05SVQ160B or A1 with PX05SRQ384B; Firmware Version: PX05NA00)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/19/20171/18/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2818Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/18/20171/17/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #4249); CVL (Cert. #1002); DRBG (Certs. #332 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247 and #2787); RSA (Cert. #2298); SHS (Certs. #1794 and #3486); Triple-DES (Certs. #1321 and #2304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes."
2817Hypori, Inc.
9211 Waterford Centre Blvd
Suite 100
Austin, TX 78758
USA

Evan Watkins
TEL: 512-646-1040

CST Lab: NVLAP 200427-0
Hypori FIPS Object Module for OpenSSL
(Software Version: 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/13/20171/12/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 2.2 running on Qualcomm QSD8250 (ARMv7) without PAA (gcc Compiler Version 4.4.0)Android 2.2 running on Qualcomm QSD8250 (ARMv7) with PAA (gcc Compiler Version 4.4.0)Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)Android 2.2 running on OMAP 3530 (ARMv7) with PAA (gcc Compiler Version 4.1.0)VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2)Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6)Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)Android 4.0 running on TI OMAP 3 (ARMv7) with PAA (gcc Compiler Version 4.4.3)NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Android 4.1 running on TI DM3730 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.1 running on TI DM3730 (ARMv7) with PAA (gcc Complier Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) with PAA (gcc Compiler Version 4.6)Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with PAA (gcc compiler Version 4.4.3)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with PAA (gcc Compiler Version 4.2.1)OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without PAA (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with PAA (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without PAA (gcc Compiler Version 4.2.1)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with PAA (gcc Compiler Version 4.2.1)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 5.1)TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)iOS 8.1 64-bit running on Apple A7 (ARMv8) without PAA and Crypto Extensions (clang Compilerv Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with PAA and Crypto Extensions (clang Compiler Version 600.0.56)VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)iOS 8.1 32-bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without PAA (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with PAA (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without PAA and Crypto Extensions (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with PAA and Crypto Extensions (gcc Compiler Version 4.9) Android 4.4 (ARMv7 with Houdini) running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5)Android 4.4 running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090, #3264 and #4154); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372, #472 and #958); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607, #723 and #1262); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896, #933 and #1128); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558, #620 and #956); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937, #2063 and #2722); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581, #1664 and #2262); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553, #2702 and #3419); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780, #1853 and #2270)

-Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"Re-brand of OpenSSL Version 2.0.10 running in Hypori Virtual Device"
2816Microwave Networks Inc.
4000 Greenbriar Dr., #100A
Stafford, TX 77477
USA

Ben Lee
TEL: 281-263-6569
FAX: 281-263-6400

Angelos Liveris
TEL: 281-263-6701
FAX: n/a

CST Lab: NVLAP 100432-0
Proteus MX Licensed Band Radio Cryptographic Module
(Hardware Versions: P/Ns 8209361-10 Rev A03 [1], 8209361-12 Rev A03 [1], 8209361-14 Rev A03 [1], 8209363-10 Rev A03 [2], 8209363-12 Rev A03 [2] and 8209363-14 Rev A03 [2]; Firmware Version: 8746006-02 Rev A02 [1] or 8746007-02 Rev A02 [2])
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/12/20171/11/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4080, 4081 and #4082); CVL (Cert. #900); DSA (Cert. #1107); HMAC (Cert. #2664); SHS (Cert. #3360)

-Other algorithms: HMAC-SHA-1-96 (HMAC Cert. #2664); DES; Diffie-Hellman; HMAC (non-compliant); HMAC-MD5; MD5; PRNG; RC4; SHS (non-compliant); Triple-DES (non-compliant)
Multi-Chip Embedded

"The module is a cryptographic device enclosed in a plug-in chassis that provides mux/demux and mod/dmod functions along with optional payload encryption for a line of license band point-to-point radios."
2815CTERA Networks Ltd.
CTERA Networks NA HQ
205 E. 42nd Street
New York, NY 10017
USA

Aron Brand

Zohar Kaufman

CST Lab: NVLAP 201029-0
CTERA Crypto Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/12/2017
01/17/2017
1/16/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755, CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG
Multi-Chip Stand Alone

"CTERA Crypto Module™ (Server) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure."
2814Utimaco IS GmbH
Germanusstr. 4
52080 Aachen
Germany

Dr. Gesa Ott
TEL: +49 241-1696-245
FAX: +49 241-1696-199

CST Lab: NVLAP 200983-0
CryptoServer Se-Series Gen2
(Hardware Versions: 5.01.2.0 and 5.01.4.0; Firmware Version: 5.0.10.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/11/2017
01/25/2017
1/24/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4028); CVL (Certs. #855 and #856); DRBG (Cert. #1202); DSA (Cert. #1091); ECDSA (Certs. #897 and #898); HMAC (Cert. #2628); KBKDF (Cert. #97); RSA (Certs. #2066 and #2067); SHS (Cert. #3321, #3322, and #3323); Triple-DES (Cert. #2205); Triple-DES MAC (Triple-DES Cert. #2205, Vendor Affirmed)

-Other algorithms: AES (Cert. #4028, key wrapping; key establishment method provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #2205, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (Cert. #4028; non-compliant); DES; ECIES; KDF per PKCS #11 (non-compliant); MD5; MDC-2; RIPEMD-160; RSA (non-compliant); Triple-DES ANSI Retail MAC
Multi-Chip Embedded

"The CryptoServer Se-Series Gen2 Version 5.01.2.0 and 5.01.4.0 is an encapsulated protected security module which is realized as a multi-chip embedded cryptographic module as defined in FIPS 140-2. It's realization meets the overall FIPS 140-2 Level 3 requirements. The primary purpose of this module is to provide secure cryptographic services such as encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment."
2813Gemalto SA
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 13705
France

Carlos ROMERO-LICERAS
TEL: +33 442365666
FAX: +33 442365545

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
TOPDLv2.1 Platform
(Hardware Version: NXP P60D144P VA (MPH149); Firmware Versions: TOPDLV2.1 (Filter04), Demonstration Applet version V1.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/20171/10/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3543); CVL (Certs. #597, #815 and #834); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); KTS (AES Cert, #3543; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #1984; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed)

-Other algorithms: NDRNG
Single Chip

"TOPDLv2.1 is a part of Gemalto's TOPDL family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. TOPDLv2.1 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1/2.2 Amdt D specifications with both contact and contactless interfaces. TOPDLv2.1 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control"
2812Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Diana Robinson
TEL: 845-454-6397

Ian Hall
TEL: 703-598-6876

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV1800-C [1], SV1800B-C [2], SV1800-F [3], SV1800B-F [4], SV2800 [5] and SV2800B [6]; 090-03061 [1], 080-03560 [1], 080-03676 [1], 090-03547 [2], 080-03779 [2], 080-03784 [2], 090-03062 [3], 080-03561 [3], 080-03677 [3], 090-03548 [4], 080-03780 [4], 080-03785 [4], 090-03063 [5], 080-03562 [5], 080-03678 [5], 090-03549 [6], 080-03781 [6], 080-03786 [6] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/20171/10/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4
Multi-Chip Stand Alone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2811Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series
(Hardware Versions: MZILS7T6HMLS-000H9 and MZILS15THMLS-000H9; Firmware Version: 3P00)
(When installed, initialized and configured as specified in the Security Rules Section of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/20171/4/2022Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #617 and #3213); DRBG (Cert. #121); ECDSA (Cert. #932); SHS (Cert. #3382)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series are a high-performance Self-Encrypting SSDs supporting SAS 12G Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and CTR_DRBG for key generation."
2810Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Van Nguyen
TEL: 408-745-2000

Seyed Safakish
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
EX4300 Ethernet Switches
(Hardware Versions: P/N EX4300-24P, EX4300-24T, EX4300-48P, EX4300-48T, EX4300-32F with 520-052564 (Tamper Seal); Firmware Version: JUNOS 14.1X53-D30.3)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/21/201612/20/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3655); CVL (Cert. #668); DRBG (Cert. #984); ECDSA (Cert. #763); HMAC (Certs. #2404 and #2405); SHS (Certs. #3072 and #3073); Triple-DES (Cert. #2045)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; arcfour; blowfish; cast128; Diffie-Hellman (non-compliant); DSA; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; ripemd160; RSA (non-compliant); umac-64; umac-128
Multi-Chip Stand Alone

"Juniper Networks EX4300 Ethernet Switches combine the carrier-class reliability of modular systems with the economics of stackable platforms, delivering a high-performance, scalable solution for data center and campus office environments. Offering a full suite of Layer 2 and Layer 3 switching capabilities, EX4300 switches offer 24 or 48-port 10/100/1000BASE-T configurations with redundant, hot-swappable internal power supplies and field-replaceable fans to ensure maximum uptime. In addition, Power over Ethernet (PoE)-enabled EX4300 switch models offer standards-based 802.3at PoE+."
2809Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 100432-0
Protiva™ PIV v1.55 on TOP DL v2
(Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55)
(When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1690.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/20/201612/19/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #1363); CVL (Certs. #217 and #224); ECDSA (Cert. #172); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed)

-Other algorithms: PRNG
Single Chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
2808LG Electronics, Inc.
20 Yoido-dong
Youngdungpo-gu
Seoul 152-721
Republic of Korea

Jongseong Kim
TEL: 82-10-4535-0110
FAX: 82-2-6950-2080

Adam Wick
TEL: 503-808-7216
FAX: 503-350-0833

CST Lab: NVLAP 100432-0
LG OpenSSL Cryptographic Module
(Software Version: 2.0.8)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/20/201612/19/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985)
Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3291); CVL (Cert. #468); DRBG (Cert. #749); DSA (Cert. #944); ECDSA (Cert. #638); HMAC (Cert. #2089); RSA (Cert. #1684); SHS (Cert. #2730); Triple-DES (Cert. #1876)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of strength); PRNG
Multi-Chip Stand Alone

"The LG OpenSSL Cryptographic Module is a software library that provides cryptographic functionality."
2807Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Kazuhisa Kanazawa
TEL: +81-45-890-2743
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (THNSB8 model)
(Hardware Versions: A0 with THNSB8480PCSE, A0 with THNSB8800PCSE, A0 with THNSB8960PCSE, A0 with THNSB81Q60CSE, or A0 with THNSB81Q92CSE; Firmware Version: 8EEF7101)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/19/201612/18/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3899 and #3900); DRBG (Cert. #1127); HMAC (Certs. #2543 and #2625); RSA (Cert. #1998); SHS (Certs. #3213 and #3308)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2806KACST / Parsec
An Nakhil
Housing King Abdulaziz
City for Science and Technology
Riyadh, Riyadh 12371
Soudi Arabia

Dr. Hatim M. Behairy
TEL: +966-1-481-3549
FAX: +966-1-481-4572

Tobie van Loggerenberg
TEL: +27-12-6789740
FAX: +27-12-6789741

CST Lab: NVLAP 100432-0
HSID5000A
(Hardware Version: HSID5000A; Firmware Version: v1.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/13/201612/12/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3768 and #3961); DRBG (Cert. #1038); DSA (Cert. #1048); ECDSA (Cert. #811); HMAC (Cert. #2468); PBKDF (vendor affirmed); SHS (Cert. #3138); Triple-DES (Cert. #2096)

-Other algorithms: Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (with SP800-56C KDF, vendor affirmed, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RSA (non-compliant)
Multi-Chip Stand Alone

"The HSID5000A is a portable USB device that provides high security cryptographic functionality with secure storage for any personal computer. These cryptographic functions and storage allow the HSID5000A to be used in PKI environments with third party applications to securely login to domains, sign and verify emails and encrypt and decrypt files. The module supports a single user with access to the cryptographic functions and a cryptographic officer to enforce policy on the user. The module provides software interfaces as defined by the PKCS#11 standard and Microsoft CSP/KSP."
2805Hospira, Inc.
275 North Field Drive
Lake Forest, IL 60045
USA

Chaitanya Srinivasamurthy
TEL: 224-212-5715
FAX: 224-212-7910

Slawomir Ciapala
TEL: 224-212-5545
FAX: 224-212-7910

CST Lab: NVLAP 100432-0
Hospira CE3.0 OpenSSL Cryptographic Module
(Software Version: 2.0.9)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/13/201612/12/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 2.3.7 running on Hospira Plum360 Infusion System with an i.MX53 Arm Cortex-A8 (single user mode)

-FIPS Approved algorithms: AES (Cert. #3930); CVL (Cert. #781); DRBG (Cert. #1139); DSA (Cert. #1073); ECDSA (Cert. #860); HMAC (Cert. #2553); RSA (Cert. #2007); SHS (Cert. #3240); Triple-DES (Cert. #2157)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #781, key agreement, key establishment methodology provides between 112 and 256 bit of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG
Multi-Chip Stand Alone

"Hospira OpenSSL FIPS Object Module 2.0.9 is used within various Hospira Infusion Pumps for providing secure communication between Infusion pumps and external server."
2804SafeLogic Inc.
530 Lytton Ave
Suite 200
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 100432-0
CryptoComply™ | Java
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/08/201612/7/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090)

-Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Multi-Chip Stand Alone

"CryptoComply™ | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2803Acronis International GmbH
Rheinweg 9
8200 Schaffhausen
Switzerland

Oleg Mikhalsky
TEL: +7 (495) 648-14-27
FAX: +7 (495) 708-44-89

Anton Enakiev
TEL: +7 (495) 648-14-27
FAX: +7 (495) 708-44-89

CST Lab: NVLAP 200968-0
Acronis AnyData Cryptographic Library
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/06/201612/5/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 6.6 running on an Intel Core i5-5300U system with PAA
Red Hat Enterprise Linux 7.1 running on an Intel Core i5-5300U system with PAA
Windows 2008 R2 64bit running on an Intel Core i5-5300U system with PAA
Windows 2012 R2 64bit running on an Intel Core i5-5300U system with PAA
Acronis Virtual Appliance Linux 11.5 on vSphere 5.5 running on an Intel Core i5-5300U system with PAA
Windows 7 Ultimate 64bit running on an Intel Core i5-5300U system with PAA
Windows 8.1 Pro 64bit running on an Intel Core i5-5300U system with PAA
Red Hat Enterprise Linux 6.6 running on an Intel Core i3-3217U system without PAA
Red Hat Enterprise Linux 7.1 running on an Intel Core i3-3217U system without PAA
Windows 2008 R2 64bit running on an Intel Core i3-3217U system without PAA
Windows 7 Ultimate 32bit running on an Intel Core i3-3217U system without PAA
Windows 2012 R2 64bit running on an Intel Core i3-3217U system without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3520 and #3521); CVL (Cert. #746); DRBG (Certs. #879 and #880); DSA (Cert. #1056); ECDSA (Cert. #838); HMAC (Cert. #2249); RSA (Cert. #1807); SHS (Cert. #2903); Triple-DES (Cert. #1977)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Acronis AnyData Cryptographic Library (AACL) is a cryptographic software module used in various Acronis products."
2802Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Amir Shahhosseini
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
WildFire WF-500
(Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.1.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/05/201612/4/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks"
2801Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 100432-0
Protiva™ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)
(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1843.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/30/201611/29/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #1973); CVL (Certs. #18, #217 and #224); ECDSA (Cert. #284); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed)

-Other algorithms: PRNG
Single Chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
2800Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
Palo Alto Networks VM-Series
(Software Version: 7.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/30/201611/29/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): VMware ESXi 5.5 running on a Dell PowerEdge R730
CentOS 6.5 - KVM running on a Dell Power Edge R620
Citrix XenServer 6.1.0 running on a Citrix NetScaler SDX 11500 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4019); CVL (Certs. #843, #844, #845 and #846); DRBG (Cert. #1197); ECDSA (Cert. #895); HMAC (Cert. #2621); KAS (SP 800-56Arev2 with CVL Certs. #843 and #844, vendor affirmed); RSA (Cert. #2062); SHS (Cert. #3315)

-Other algorithms: AES (Cert. #4019, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features."
2799Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B, 910-000117-00A, 910-000137-00A, 910-000136-00A [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 7.1.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/28/201611/27/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316)

-Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2798Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Jaroslav Reznik
TEL: +420-532-294-645

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 with CPACF
(Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: 4.0)
(When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid11/23/201611/22/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3570, #3591, #3861, #3862 and #3863); DRBG (Certs. #916, #925, #1095, #1096 and #1097); HMAC (Certs. #2276 and #2508); RSA (Certs. #1838 and #1971); SHS (Certs. #2938 and #3183); Triple-DES (Certs. #1990, #2129 and #2130)

-Other algorithms: DES; GHASH; PRNG; SHS (non-compliant)
Multi-Chip Stand Alone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
2797Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-3060 and PA-7080 Firewalls
(Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B, 910-000117-00A, 910-000136-00A, or 910-000137-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Version: 7.1.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/22/201611/21/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316)

-Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DES; DSA (non-compliant); EC Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC2; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures."
2796Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive
(Hardware Versions: ST4000NM0131 [1], ST4000NM0121 [2], ST900MP0126 [3,4,5,6,7,8], ST600MP0026 [9,10,11,12,13,14], ST900MP0166 [15,16,17,18], ST600MP0156 [19,20,21,22], ST10000NM0246 [23,24], ST10000NM0236 [25], ST1200MM0069 [26], ST2400MM0149 [27], ST1800MM0149 [27], ST1200MM0149 [27]; Firmware Versions: BE53[1], BE52[2], NF02[3,9], KSC4[4,10], KSC5[5,11], NF03[6,12], KSC6[7,13], KPC4[8,14], CF02[15,19], CFA2[16,20], CF03[17,21], KMT4[18,22], KF01[23], TF14[24], EF01[25], NF01[26] and CF01[27])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/22/2016
03/07/2017
06/22/2017
11/21/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947, #3759, #3760 and #3940); CVL (Certs. #828 and #852); DRBG (Cert. #1146); HMAC (Certs. #2565 and #2613); PBKDF (vendor affirmed); RSA (Certs. #2013 and #2056); SHS (Certs. #3250 and #3304)

-Other algorithms: Diffie-Hellman (CVL Cert. #852, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate Enterprise Performance SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download. The services are provided throug"
2795STMicroelectronics
Green Square Building B
Lambroekstraat 5
Diegem/Machelen B-1831
Belgium

Olivier COLLART
TEL: +32 272 450 77
FAX: +32 272 451 43

Xavier BOUSSIN
TEL: +33 223 470 695
FAX: +33 223 470 400

CST Lab: NVLAP 200002-0
Trusted Platform Module ST33TPHF2ESPI
(Hardware Versions: ST33HTPH2E28AHA5, ST33HTPH2E32AHA5, ST33HTPH2E28AAE5 and ST33HTPH2E32AAE5; Firmware Version: 47.08)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/15/201611/14/2021Overall Level: 1

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4001); CVL (Cert. #829); DRBG (Cert. #1191); HMAC (Cert. #2614); KBKDF (Cert. #93); KTS (AES Cert. #4001 and HMAC Cert. #2614; key establishment methodology provides 128 bits of encryption strength); RSA (Cert. #2057); SHS (Certs. #3305 and #3306)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MGF1
Single Chip

"ST Microelectronics Trusted Platform Module is a hardware cryptographic module which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification."
2794Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet)
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN Series Ethernet Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4000 Series: A4010B (DC), A4020B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B (AC), A6011B (DC) and A6012B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/15/2016
06/02/2017
11/14/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3977, #4003, #4004 and #4005); CVL (Cert. #807); DRBG (Cert. #1170); ECDSA (Cert. #876); HMAC (Cert. #2595); KAS (Cert. #81); RSA (Cert. #2039); SHS (Cert. #3282); Triple-DES (Cert. #2182)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The CN4010, CN4020 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is also equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms and GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC (Traffic Flow Security) which can be used to remove patterns in network traffic and prevent traffic analysis."
2793Ultra Electronics AEP
Knaves Beech Business Centre
Loud Water
High Wycombe
Buckinghamshire HP10 9UT
United Kingdom

Rob Stubbs

CST Lab: NVLAP 200556-0
Advanced Configurable Cryptographic Environment (ACCE) v3 HSM Crypto Module
(Hardware Version: 2870-G1; Firmware Versions: 2r3, 2r4, 3r2, 3r3, and 3r4)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy in Appendix A)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/15/2016
01/30/2017
07/11/2017
1/29/2022Overall Level: 4

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #2684); DRBG (Certs. #434, #786, #1237, #1387, and #1501); DSA (Cert. #813); ECDSA (Cert. #470); HMAC (Certs. #1671, #2138, #2686, #2884, and #3004); RSA (Cert. #1384); SHS (Certs. #2255, #2782, #3384, #3581, and #3728); Triple-DES (Cert. #1610); Triple-DES MAC (Triple-DES Cert. #1610, vendor affirmed);

-Other algorithms: AES (Cert. #2684, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1610, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #2684; non-compliant); PBKDF2 (non-compliant); PKCS#12 KDF (non-compliant); RIPEMD-160; RSA (non-compliant); SEED; SPKM KDF (non-compliant); XOR_BASE_AND_DATA (key derivation)
Multi-Chip Embedded

"The Advanced Configurable Cryptographic Environment (ACCE) v3 crypto module offers the next-generation security platform for managing cryptographic keys and protecting sensitive applications. It is used in the Keyper Plus hardware security module (HSM), which is designed for mission-critical applications that demand maximum security. It is ideally suited for companies that need secure key management for PKI certification authorities, registration authorities, OCSP responders, smart card issuers, web servers, DNSSEC and other applications."
2792Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

David Hook
TEL: +61438170390

Jon Eaves
TEL: +61417502969

CST Lab: NVLAP 200928-0
BC-FNA (Bouncy Castle FIPS .NET API)
(Software Version: 1.0.1)
(When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/14/201611/13/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Windows 7.0 SP1 on .NET framework 4.5.2 running on HP Zbook 14 G2
Windows 8.1 Pro on .NET framework 4.5.2 running on a HP Zbook 14 G2
Windows 10 Enterprise on .NET framework 4.6.1 running on a Lenovo Flex 3
Windows 10 Pro on .NET framework 4.6.1 running on an Asus T100HA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4015); CVL (Certs. #837, #838, #839 and #875); DRBG (Cert. #1194); DSA (Cert. #1087); ECDSA (Cert. #894); HMAC (Cert. #2618); KAS (Cert. #89); KAS (SP 800-56Arev2 with CVL Cert. #875, vendor affirmed); KTS (AES Cert. #4015; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2199; key establishment methodology provides 112 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #2059); SHA-3 (Cert. #5); SHS (Cert. #3312); Triple-DES (Cert. #2199)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256.
Multi-Chip Stand Alone

"The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well."
2791Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet) and ID Quantique SA
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN8000 Multi-slot Encryptor
(Hardware Versions: A8003-01, A8003-02, A8003-03, A8003-04, A8003-05, A8003-06, A8003-07, A8003-08, A8003-09 and A8003-10; Firmware Versions: 2.7.1 and 2.7.2)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/14/2016
06/02/2017
11/13/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3976, #4008, #4009 and #4010); CVL (Cert. #806); DRBG (Cert. #1169); ECDSA (Cert. #875); HMAC (Cert. #2594); KAS (Cert. #80); RSA (Cert. #2038); SHS (Cert. #3281); Triple-DES (Cert. #2181)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The CN8000 is a high-speed multi-slot hardware encryption platform that secures data over Ethernet and Fibre Channel networks. The CN8000 supports up to 10 high speed encryption slots. Each slot can be configured by the user to support 1-10Gb/s Ethernet or 1-4Gb/s Fibre Channel. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication."
2790Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA

Alan Kaye
TEL: 613-225-9381 x87416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-5140B Chassis with FortiGate-5001D Blade
(Hardware Version: Chassis: P09297-01; Blade: P1AB76; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build8892, 160328)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/08/201611/7/2021Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2789Senetas Corporation Ltd, distributed by Gemalto NV (SafeNet)
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Versions: 2.7.1 and 2.7.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/08/2016
06/02/2017
11/7/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3347, #3978, #4006 and #4007); CVL (Cert. #808); DRBG (Cert. #1171); ECDSA (Cert. #877); HMAC (Cert. #2596); KAS (Cert. #82); RSA (Cert. #2040); SHS (Cert. #3283); Triple-DES (Cert. #2183)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The CN6000 Series are high-speed hardware encryption platforms that secure data over optical and twisted-pair Ethernet and Fibre Channel networks. Models included are the CN6100 10G Ethernet; operating at a line rate of 10Gb/s and the CN6040 Ethernet and FC selectable model, operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is also available for applications that demand authentication. TRANSEC (aka Traffic Flow Security or TFS) can be used to remove patterns in network traffic and prevent traffic analysis."
2788Check Point Software Technologies Ltd.
2101 Gaither Road
Suite 350
Rockville, MD 20850
USA

Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0
Check Point CryptoCore
(Software Version: 4.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/07/201611/6/2021Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (User Space)
Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (User Space)
Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad with PAA (Kernel Space)
Microsoft Windows 10 Anniversary Update (64-bit) running on a Lenovo Thinkpad without PAA (Kernel Space)
macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (User Space)
macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (User Space)
macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro with PAA (Kernel Space)
macOS Sierra 10.12 (64-bit) running on an Apple MacBook Pro without PAA (Kernel Space) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4112); DRBG (Cert. #1238); HMAC (Cert. #2687); KTS (AES Cert. #4112; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2225); SHA-3 (Cert. #7); SHS (Cert. #3385); Triple-DES (Cert. #2247); Triple-DES MAC (Triple-DES Cert. #2247, vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5
Multi-Chip Stand Alone

"Check Point CryptoCore is a 140-2 Level 1 cryptographic module for Windows 10 and macOS Sierra. The module provides cryptographic services accessible in kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
2787Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Amir Shahhosseini
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
Panorama M-100 and M-500
(Hardware Versions: P/Ns 910-000030 Version 00D [1], 910-000092 Version 00D [1] and 910-000073 Version 00D [2]; FIPS Kit P/N 920-000140 Version 00A [1] and FIPS Kit P/N 920-000145 Version 00A [2]; Firmware Version: 7.1.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2016
11/14/2016
11/13/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4020); CVL (Certs. #848, #849, #873 and #874); DRBG (Cert. #1198); ECDSA (Cert. #896); HMAC (Cert. #2622); KAS (SP 800-56Arev2 with CVL Certs. #848 and #849, vendor affirmed); RSA (Cert. #2064); SHS (Cert. #3316)

-Other algorithms: AES (Cert. #4020, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"Panorama on the M-100 and M-500 provides centralized management and visibility of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. The M-500 provides an additional service, the PAN-DB private cloud, which is an on-premise solution suitable for organizations that prohibit or restrict the use of the PAN-DB public cloud service."
2786Nokia Corporation
600 March Road
Ottawa, ON K2K 2E6
Canada

Carl Rajsic

CST Lab: NVLAP 200556-0
SR-OS Cryptographic Module
(Firmware Version: 14.0R4)
(When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware11/07/201611/6/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): SR-OS on CPM-7950 XRS-20 CPM
SR-OS on CPM-7950 XRS-16 CPM
SR-OS on CPM-7750 SR CPM5
SR-OS on CFP-7750 SR-c12 CFM-XP-B
SR-OS on CPM-7750 SR-a
SR-OS on CPM-7750 SR-e

-FIPS Approved algorithms: AES (Cert. #4011); CVL (Cert. #835); DRBG (Cert. #1193); DSA (Cert. #1086); ECDSA (Cert. #893); HMAC (Cert. #2616); RSA (Cert. #2058); SHS (Cert. #3309); Triple-DES (Cert. #2198)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it."
2785Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 100432-0
Protiva PIV Applet v1.55 on Protiva TOP DM Card
(Hardware Versions: GCX4-M2569420 [1, 2], GXP4-M2569430 [3, 4], GCX4-M2569422 [1, 2], GCX4-A1004155 [1, 2] and GCX4-A1026517 [1, 2]; Firmware Versions: GCX4-FIPS EI07 (MPH051) [1], GCX4-FIPS EI08 [2], GXP4-FIPS EI07 (MPH052) [3] and GXP4-FIPS EI08 [4]; Applet Version: Protiva PIV Applet v1.55)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #691.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/201611/6/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #355); CVL (Cert. #205); RSA (Cert. #119); SHS (Cert. #427); Triple-DES (Cert. #412); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed)

-Other algorithms: PRNG
Single Chip

"This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, N"
2784Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA

Alan Kaye
TEL: 613-225-9381 x87416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-30D/60D/92D, FortiWiFi-60D and FortiGateRugged-60D
(Hardware Versions: C1AA93, C1AB28, C1AC34, C1AB32, and C1AB57 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718,160328)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/31/201610/30/2021Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3965); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2583); RSA (Certs. #2024 and #2025); SHS (Certs. #3267, #3268 and #3269); Triple-DES (Certs. #2172, #2173 and 2174)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CCM (non-compliant); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2783Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA

Alan Kaye
TEL: 613-225-9381 x87416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-1000D/1500D
(Hardware Versions: C1AB95 and C1AA64 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/31/201610/30/2021Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2782Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA

Alan Kaye
TEL: 613-225-9381 x87416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-3700D/3815D
(Hardware Versions: C1AA92 and C1AE66 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/31/201610/30/2021Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2781Fortinet, Inc.
899 Kifer Road
Sunnyvale, CA 94086
USA

Alan Kaye
TEL: 613-225-9381 x87416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-100D/200D/300D/500D
(Hardware Versions: C4LL40, C4KV72, C1AB49 and C1AB51 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: 5.2.7, build0718, 160328)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/31/201610/30/2021Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3963, #3964 and #3966); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581, #2582 and #2584); RSA (Certs. #2024 and #2026); SHS (Certs. #3267, #3268 and #3270); Triple-DES (Certs. #2172, #2173 and 2175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2780Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Jaroslav Reznik
TEL: +420-532-294-645

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux GnuTLS Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software10/31/201610/30/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM z13
Red Hat Enterprise Linux 7.1 running on IBM Power System S814 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3613, #3614, #3615, #3616, #3617, #3618 and #3619); CVL (Certs. #632, #633, #634, #635, #636, #637, #638, #639, #640 and #641); DRBG (Certs. #943, #944, #945, #946, #947, #948 and #949); DSA (Certs. #1008, #1009, #1010, #1011 and #1012); ECDSA (Certs. #745, #746, #747, #748 and #749); HMAC (Certs. #2320, #2321, #2322, #2323 and #2324); RSA (Certs. #1860, #1861, #1862, #1863 and #1864); SHS (Certs. #2986, #2987, #2988, #2989 and #2990); Triple-DES (Certs. #2013, #2014, #2015, #2016 and #2017)

-Other algorithms: Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #632, #634, #636, #638 and #640, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST128; DES; GOST Hash; MD2; MD4; MD5; PBKDFv2 (RFC2898); PRNG; RC2; RC4; RIPEMD160; Salsa20; Serpent; SHA-3 (non-compliant); Twofish; UMAC
Multi-Chip Stand Alone

"GnuTLS is a secure communications library implementing the SSH, TLS, and DTLS protocols. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PCKS#12, and other required structures which is shipped with Red Hat Enterprise Linux 7.1."
2779DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
TEL: 972-3-9279529
FAX: 972-3-9230864

CST Lab: NVLAP 200002-0
DocuSign Signature Appliance
(Hardware Version: 8.0; Firmware Version: 8.1)
(When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/25/201610/24/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: CVL (Cert. #787); DRBG (Certs. #98 and #1203); HMAC (Certs. #2564 and #2629); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2068); SHS (Certs. #1465, #3249 and #3324); Triple-DES (Certs. #2161 and #2206); Triple-DES MAC (Triple-DES Cert. #2206, vendor affirmed)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data."
2778Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0
Security Builder FIPS Java Module
(Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2])
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/24/201610/23/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1]
Solaris 10 64-bit [1]
Red Hat Linux AS 5.5 32-bit [1]
Red Hat Linux AS 5.5 64-bit [1]
Windows Vista 32-bit [1]
Windows Vista 64-bit [1]
Windows 2008 Server 64-bit [1]
CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG
Multi-Chip Stand Alone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
2777BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario N2K OA7
Canada

Security Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0
BlackBerry Cryptographic Java Module
(Software Versions: 2.8 [1], 2.8.7 [1], 2.8.8 [2], 2.9 [2])
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software10/21/201610/20/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1]
Solaris 10 64-bit [1]
Red Hat Linux AS 5.5 32-bit [1]
Red Hat Linux AS 5.5 64-bit [1]
Windows Vista 32-bit [1]
Windows Vista 64-bit [1]
Windows 2008 Server 64-bit [1]
CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1411, #3465 and #3988); DRBG (Certs. #52, #852 and #1180); DSA (Certs. #455, #978 and #1084); ECDSA (Certs. #179, #702 and #884); HMAC (Certs. #832, #2210 and #2603); KAS (Certs. #8, #61, #62 and #83); KAS (SP 800-56B, vendor affirmed); RSA (Certs. #687, #1776 and #2046); SHS (Certs. #1281, #2860 and #3292); Triple-DES (Certs. #964, #1954 and #2188)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; DES; DESX; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; ECMQV (non-compliant); ECQV; HMAC-MD5; MD2; MD5; RIPEMD; RNG
Multi-Chip Stand Alone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry products such as the BlackBerry PlayBook Administration Service, and other BlackBerry products."
2776Fuji Xerox Co., Ltd.
6-1, Minatomirai, Nishi-ku
Yokohama-Shi, Kanagawa 220-8668
Japan

Yoshinori Ando
TEL: +81-45-755-5504

CST Lab: NVLAP 100432-0
FX Cryptographic Kernel Module
(Software Version: 1.0.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/21/201610/20/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): WindRiver® Linux 6 running on Raspberry Pi 1 Model B (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3952); DRBG (Cert. #1190); HMAC (Cert. #2574); SHS (Cert. #3260); Triple-DES (Cert. #2165)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The FX Cryptographic Kernel Module is a kernel module which operates as callback functions of WindRiver® Linux CryptoAPI."
2775Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco Cloud Services Router 1000 Virtual
(Software Version: 3.16)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/20/201610/19/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120S M2
IOS XE 3.16.1 on VMware ESXi 5.5 running on a Cisco EN120E 208 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3989); CVL (Cert. #830); DRBG (Cert. #1181); ECDSA (Cert. #885); HMAC (Cert. #2604); KBKDF (Cert. #94); RSA (Cert. #2047); SHS (Cert. #3293); Triple-DES (Cert. #2189)

-Other algorithms: Diffie-Hellman (CVL Cert. #830, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; HMAC-MD5; MD5; RC4
Multi-Chip Stand Alone

"The Cisco® Cloud Services Router 1000V (CSR 1000V) is a virtual form-factor router that delivers comprehensive WAN gateway and network services functions into virtual and cloud environments. Using familiar, industry-leading Cisco IOS® XE Software networking capabilities, the CSR 1000V enables enterprises to transparently extend their WANs into provider-hosted clouds"
2774Gemalto and ActivIdentity Inc.
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

Stephane Ardiley
TEL: 510-745-6288
FAX: 510-745-0101

CST Lab: NVLAP 100432-0
SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1085.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/19/201610/18/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed)

-Other algorithms: PRNG
Single Chip

"This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
2773Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 100432-0
Protiva PIV Applet v1.55 on Protiva TOP DL Card
(Hardware Versions: A1005291- CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 -CHIP.P5CD144.MPH051B; Firmware Versions: GX4-FIPS EI08, Applet Version: Protiva PIV Applet v1.55)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1044.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/19/201610/18/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #782); CVL (Cert. #214); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed)

-Other algorithms: PRNG
Single Chip

"This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255."
2772SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
Rosetta microSDHC™
(Hardware Versions: 851314011F, 851314012F and 851314013F; Firmware Version: 3.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/18/201610/17/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3028); CVL (Cert. #419); DRBG (Cert. #658); ECDSA (Cert. #578); HMAC (Cert. #1913); KAS (Cert. #52); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1611); SHS (Cert. #2529); Triple-DES (Cert. #1772)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Embedded

"The Rosetta microSDHC™ is a hardware encryption engine available in a microSD embodiment supporting Suite B functionality that is ideal for embedded, Internet of Things, and secure flash storage applications."
2771Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 4506-E with Supervisor Card (WS-X45-SUP8-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP8-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/17/201610/16/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2057 and #4018); CVL (Cert. #841); DRBG (Cert. #1196); HMAC (Cert. #2620); KBKDF (Cert. #96); RSA (Cert. #2061); SHS (Cert. #3314); Triple-DES (Cert. #2200)

-Other algorithms: AES (Cert. #4018, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev."
2770Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade VDX 6740, VDX 6740T, VDX 6940 and VDX 8770 Switches
(Hardware Versions: {[BR-VDX6740-24-F (80-1007295-01), BR-VDX6740-24-R (80-1007294-01), BR-VDX6740-48-F (80-1007483-01), BR-VDX6740-48-R (80-1007481-01), BR-VDX6740-64-F (80-1007520-01) and BR-VDX6740-64-R (80-1007521-01)], [BR-VDX6740T-24-F (80-1007273-01), BR-VDX6740T-24-R (80-1007274-01), BR-VDX6740T-48-F (80-1007485-01), BR-VDX6740T-48-R (80-1007487-01), BR-VDX6740T-64-F (80-1007522-01), BR-VDX6740T-64-R (80-1007523-01), BR-VDX6740T-56-1G-R (80-1007863-03) and BR-VDX6740T-56-1G-F (80-1007864-03)], [BR-VDX6940-24Q-AC-F (80-1008854-01), BR-VDX6940-24Q-AC-R (80-1008855-01), BR-VDX6940-36Q-AC-F (80-1008851-01), BR-VDX6940-36Q-AC-R (80-1008850-01), BR-VDX6940-64S-AC-F (80-1008529-01), BR-VDX6940-64S-AC-R (80-1008526-01), BR-VDX6940-96S-AC-F (80-1008530-01), BR-VDX6940-96S-AC-R (80-1008527-01), BR-VDX6940-144S-AC-F (80-1008531-01), BR-VDX6940-144S-AC-R (80-1008528-01)], [BR-VDX8770-4-BND-AC (80-1005850-02), BR-VDX8770-4-BND-DC (80-1006532-03), BR-VDX8770-8-BND-AC (80-1005905-02) and BR-VDX8770-8-BND-DC (80-1006533-03)] with FRUs (80-1006430-01, 80-1006295-01, 80-1006294-02, 80-1006293-02, 80-1006048-02, 80-1006431-01, 80-1006429-01)} with FIPS Kit P/N Brocade XBR-000195 (80-1002006-02); Firmware Version: Network OS (NOS) v6.0.2 P/N: 63-1001691-01)
(When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 2, 3, 4 and 5 as defined in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/17/201610/16/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3544); CVL (Certs. #600 and #601); DRBG (Cert. #901); ECDSA (Cert. #722); HMAC (Cert. #2264); RSA (Cert. #1826); SHS (Cert. #2924); Triple-DES (Cert. #1985)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #600, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; CAST5; DES; DES3; DESX; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); MD2; MD4; RC2; RC4; RMD160; SNMPv3 KDF (non-compliant); UMAC-64
Multi-Chip Stand Alone

"The Brocade VDX 6740 and VDX 6740T are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for Top of the Rack (TOR) fabric deployments. The Brocade VDX 6940 switches are fixed form factor VCS enabled 10 GbE / 40 GbE fabric switch for high density 10GbE switch for the TOR or Middle of the Row (MOR) or for End of the Row (EOR) configurations. The Brocade VDX 8770 Switch is designed to scale out Brocade VCS Fabrics (VCS) and support complex environments with dense virtualization and dynamic automation requirements."
2769Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type C
(Hardware Version: A0 with PX04SMQ080B or PX04SMQ160B; Firmware Version: AR02)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/13/201610/12/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2768Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

David Hook
TEL: +61438170390
FAX: n/a

Jon Eaves
TEL: +61417502969
FAX: n/a

CST Lab: NVLAP 100432-0
BC-FJA (Bouncy Castle FIPS Java API)
(Software Version: 1.0.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/12/201610/11/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHS (Cert. #3126); SHA-3 (Cert. #3); Triple-DES (Cert. #2090)

-Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Multi-Chip Stand Alone

"The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well."
2767Kaspersky Lab UK Ltd.
1st Floor, 2 Kingdom Street
Paddington, London, W2 6BD
United Kingdom

Oleg Andrianov
TEL: +7 495 797 8700

CST Lab: NVLAP 200968-0
Kaspersky Cryptographic Module (Kernel Mode)
(Software Version: 3.0.1.25)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/11/201610/10/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA
Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA
Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA
Windows 10 Enterprise 64 bit running on an Intel® Core™ i7-4600U CPU @ 2.10GHz system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2956 and #2957); DRBG (Certs. #557, #558 and #892); HMAC (Certs. #1875 and #1876); PBKDF (vendor affirmed); RSA (Certs. #1555 and #1556); SHA-3 (vendor affirmed); SHS (Certs. #2488 and #2489)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Kaspersky Cryptographic Module (Kernel Mode) is a Windows kernel driver that provides cryptographic services for various Kaspersky Lab applications."
2766Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series
(Hardware Version: MZILS3T8HCJM-000G6; Firmware Versions: NA02 and NA04)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2016
03/07/2017
10/10/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3213); DRBG (Cert. #121); ECDSA (Cert. #595); SHS (Cert. #2660)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase."
2765Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiOS 5.2
(Firmware Versions: 5.2.7, build0718,160328)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware10/07/201610/6/2021Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): FortiGate-300D with the Fortinet entropy token (part number FTR-ENT-1)

-FIPS Approved algorithms: AES (Certs. #3963 and #3964); CVL (Certs. #794 and #795); DRBG (Cert. #1161); HMAC (Certs. #2581 and #2582); RSA (Cert. #2024); SHS (Certs. #3267 and #3268); Triple-DES (Certs. #2172 and #2173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5
Multi-Chip Stand Alone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2764Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

CST Lab: NVLAP 100432-0
nShield Remote Administration Token
(Hardware Version: NXP P60D144; Firmware Version: Athena IDProtect 0501.5175.0001 with Authentication Token Applet 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/06/201610/5/2021Overall Level: 3

-Physical Security: Level 4
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3780); CVL (Cert. #721); DRBG (Cert. #1046); ECDSA (Cert. #815); KBKDF (Cert. #82); KTS (AES Cert. #3780; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1948); SHS (Cert. #3147)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); NDRNG
Single Chip

"The nShield Remote Administration Token is a single chip smart card micro-controller implementing the Global Platform operational environment, with Card Manager and the Authentication Token Applet. It implements the Remote Administration Card which enables the remote administration of Thales nShield Hardware Security Modules."
2763IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

John Monti
TEL: 845-435-4164

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 2 Release 1 ICSF PKCS #11 Cryptographic Module
(Hardware Versions: COP chips integrated within processor unit [1] and P/N 00LV487 [2]; Firmware Versions: Feature 3863 (aka FC3863) with System Driver Level 22H [1] and CCA 5.2.27z RC30 [2]; Software Version: OA50113)
(When operated in FIPS mode with module IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid10/06/201610/5/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3958 and #4036); CVL (Certs. #882 and #883); DRBG (Certs. #1206 and #1212); DSA (Certs. #1092 and #1097); ECDSA (Cert. #901); HMAC (Cert. #2633); RSA (Certs. #2070 and #2088); SHS (Certs. #3196 and #3327); Triple-DES (Cert. #2214)

-Other algorithms: AES (Cert. #3958, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #2214, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"ICSF is a software element of z/OS that works with hardware cryptographic features and the Security Server (RACF) to provide secure, high-speed cryptographic services in the z/OS environment. ICSF, which runs as a started task, provides the application programming interfaces by which applications request the cryptographic services."
2762VT iDirect, Inc.
13861 Sunrise Valley Drive, Suite 300
Herndon, VA 20171
USA

Chris Gormont
TEL: 703.880.6257

CST Lab: NVLAP 200556-0
Evolution e8350-FIPSL2 Satellite Router Board [1], iConnex e800-FIPSL2 Satellite Router Board [2], iConnex e850MP-FIPSL2 Satellite Router Board [3], Evolution eM1D1-FIPSL2 Line Card [4], and Evolution eM0DM-FIPSL2 Line Card [5]
(Hardware Versions: E0000051-0005 [1], E0001340-0001 [2], E0000731-0004 [3], E0001306-0001 [4], and E0001306-0002 [5]; Firmware Version: iDX 3.3.2.5; iDX 3.4.3.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/03/2016
06/17/2017
10/2/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3548, #3549, #3603 and #3623); CVL (Cert. #606); DRBG (Cert. #904); HMAC (Cert. #2267); RSA (Cert. #1828); SHS (Cert. #2927)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryptionstrength); PBKDF (non-compliant); NDRNG
Multi-Chip Embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical."
2761Ionic Security Inc.
1170 Peachtree Street NE
Suite 400
Atlanta, GA 30309
USA

Ionic Support
TEL: 404-736-6000

Nicholas Smith
TEL: 404-736-6000

CST Lab: NVLAP 200928-0
FIPS Crypto Module
(Software Version: 1.1)
(When operated in FIPS mode and installed, initialized and configured as specified in Section 3 of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/27/20169/26/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 SP1 running on a Hewlett-Packard (HP) Z230 desktop
CentOS 7.1 running on an Intel Server System R1304GZ4GC (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3772); DRBG (Cert. #1042); HMAC (Certs. #2472 and #2520); PBKDF (vendor affirmed); RSA (Cert. #1942); SHS (Certs. #3142 and #3200)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Ionic Security’s Fusion Platform implements the FIPS Crypto Module for all cryptographic functions such as key pair generation, digital signature generation/ and verification, encryption and decryption, hashing functions, and message authentication."
2760Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Mondher Razouane
TEL: +1(916)785-1894
FAX: +1(916)209-9495

Kris Meert
TEL: +34-960-022029
FAX: +1(916)209-9495

CST Lab: NVLAP 200835-0
HPE XP7 Encryption Ready Disk Adapter (eDKA)
(Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00)
(When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/27/2016
08/01/2017
9/26/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775); KTS (AES Cert. #3341)

-Other algorithms: N/A
Multi-Chip Embedded

"The HPE XP7 Encryption Ready Disk Adapter (eDKA) provides high speed data at rest encryption for HPE storage."
2759Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany

Dr. Gesa Ott
TEL: ++49 241-1696-200
FAX: ++49 241-1696-190

CST Lab: NVLAP 100432-0
CryptoServer CSe
(Hardware Version: P/N CryptoServer CSe Version 4.00.4.2; Firmware Version: Firmware Package Version 4.0.3.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/26/2016
10/03/2016
10/2/2021Overall Level: 3

-Physical Security: Level 4
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3589); CVL (Cert. #613); DRBG (Cert. #1089); DSA (Cert. #997); ECDSA (Cert. #730); HMAC (Cert. #2289); RSA (Cert. #1845); SHS (Certs. #2951, #2954 and #3168); Triple-DES (Cert. #1998); Triple-DES MAC (Triple-DES Cert. #1998, vendor affirmed)

-Other algorithms: AES (Cert. #3589, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #613, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Triple-DES (Cert. #1998, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (AES Cert. #3589; non-compliant); DES; ECIES; KDF (non-compliant); Retail-Triple-DES MAC; RIPEMD-160; RSA (encrypt/decrypt); MD5; MDC-2
Multi-Chip Embedded

"CryptoServer CSe is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions."
2758Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiKey PKI Token
(Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.1)
(With tamper evident seals as indicated in the Security Policy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/20169/25/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: CVL (Cert. #833); DRBG (Cert. #1172); ECDSA (Cert. #878); KTS (Triple-DES Cert. #2184); RSA (Cert. #2041); SHS (Cert. #3284); Triple-DES (Cert. #2184)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards."
2757EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

Navtanay Sinha
TEL: 408-986-4112

Mayank Vasa
TEL: 408-980-4978

CST Lab: NVLAP 200427-0
EMC Data Domain Crypto-C Micro Edition
(Software Version: 4.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/26/20169/25/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Tested Configuration(s): Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Diffie-Hellman; EC Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camellia; DES; DES40; Dual EC DRBG; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD4; MD5; NDRNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); PRNG; RC2; RC4; RC5
Multi-Chip Stand Alone

"Data encryption module used for encrypting and decrypting all stored user data."
2756iboss, Inc.
4110 Campus Point
San Diego, CA 92121
USA

Chris Park
TEL: 858-568-7051 ext 7806
FAX: 858-225-6158

Peter Martini
TEL: 858-568-7051
FAX: 858-225-6158

CST Lab: NVLAP 100432-0
FireSphere 7960
(Hardware Version: FireSphere 7960_FIPS; Firmware Version: 8.2.0.10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/20169/25/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time."
2755iboss, Inc.
4110 Campus Point
San Diego, CA 92121
USA

Chris Park
TEL: 858-568-7051 ext 7806
FAX: 858-225-6158

Peter Martini
TEL: 858-568-7051
FAX: 858-225-6158

CST Lab: NVLAP 100432-0
FireSphere 14600
(Hardware Version: FireSphere 14600_FIPS; Firmware Version: 8.2.0.10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/20169/25/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3562 and #3902); CVL (Certs. #607 and #757); DRBG (Cert. #1118); HMAC (Certs. #2269 and #2532); KTS (AES Cert. #3562 and HMAC Cert. #2269; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KTS (AES Cert. #3902 and HMAC Cert. #2532; key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Certs. #1831 and #1987); SHS (Certs. #2931 and #3215)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"The iboss FireSphere 14600 and 7960 are part of the iboss Secure Web Gateway Platform, which protects enterprise organizations against today’s evasive and complex threats including unknown malware, zero-day attacks and advanced persistent threats (APTS). iboss technology delivers post-infection defense with Network Anomaly Detection and Automatic Infection Containment to reduce data loss, and provides comprehensive reporting via the Incident Response Center, which correlates threat information from threat feeds and millions of endpoints to deliver actionable intelligence in real time."
2754Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
Canada

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-03; Firmware Versions: 1.7.0-4209 and 2.0.0-4398)
(When operated in FIPS mode. The protocol TLS KDF shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/22/20169/21/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: RSA (Cert. #1062); SHS (Cert. #1788)

-Other algorithms: AES (non-compliant); HMAC (non-compliant); MD5; NDRNG; PRNG; TI ECDH; TLS KDF (non-compliant)
Multi-Chip Embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
2753DataLocker Inc.
7007 College Blvd., Suite 240
Overland Park, KS 66211
USA

Jay Kim
TEL: 913-310-9088

CST Lab: NVLAP 100432-0
Sentry 3 FIPS Series USB Flash Drive
(Hardware Versions: SENTRY04F, SENTRY08F, SENTRY16F, SENTRY32F and SENTRY64F; Firmware Version: 3.05)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/21/2016
12/01/2016
11/30/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Sentry 3 FIPS is a Secure USB 3.0 flash drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to sensitive data and critical applications. The Sentry 3 FIPS allows enterprise class device management features like policy updates, password recovery and remote kill features."
2752Cambium Networks, Ltd.
Unit B2, Linhay Business Park, Eastern Road
Ashburton TQ13 7UP
UK

Allen Yu
TEL: 847-640-3650
FAX: 847-439-6343

CST Lab: NVLAP 201029-0
PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G and PTP 820GX.
(Hardware Versions: PTP 820C, PTP 820S, PTP 820N, PTP 820A, PTP 820G, PTP 820GX, PTP820 TCC-B-MC: N000082H001, PTP820 TCC-B2: N000082H002, PTP820 TCC-B2-XG-MC: N000082H003, PTP820 RMC-B: N000082H004; Firmware Version: PTP820 Release 8.3)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/21/20169/20/2021Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4014 and #4017); CVL (Cert. #840); DRBG (Cert. #1195); HMAC (Cert. #2619); KTS (AES Cert. #4017 and HMAC Cert. #2619; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #2060); SHS (Certs. #3313)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 128 and 256-bits bits of encryption strength); NDRNG; CRC7; CRC16; CRC32; DES; DSA (non-compliant); ECDSA (non-compliant); MD5; RC5
Multi-Chip Stand Alone

"PTP 820 is a Point-to-Point wireless broadband solution for mission-critical communications in government, industrial and public safety spaces. Integrated with leading networking functionality with the industry most advanced microwave technologies, the platform creates a superior transport solution."
2751SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
SonicWALL NSA Series 2600, 3600, 4600, 5600
(Hardware Versions: P/Ns 101-500362-63 Rev. A (NSA 2600), 101-500338-64 Rev. A (NSA 3600), 101-500365-64 Rev. A (NSA 4600), 101-500360-65 Rev. A (NSA 5600); Firmware Version: SonicOS v6.2.5)
(When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/19/2016
06/12/2017
9/18/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"Enterprise-class security and performance made afordable for small- to medium-sized business. The NSA Series offers industry leading next-generation firewall protection, performance, and scalability. A suite of tools, including intrusion prevention, gateway anti-virus, and anti-spyware plus application intelligence and control, offer granular control through application blocking, bandwidth management and more."
2750SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600
(Hardware Versions: P/Ns 101-500380-71 Rev. A (SM 9600), 101-500361-70 Rev. A (SM 9400), 101-500363-70 Rev. A (SM 9200), 101-500364-66 Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.5)
(When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/19/2016
06/12/2017
9/18/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance."
2749SonicWall, Inc.
5455 Great America Pkwy
Santa Clara, CA 95054
USA

Usha Sanagala

CST Lab: NVLAP 100432-0
SonicWALL TZ Series TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W and TZ 600
(Hardware Versions: P/Ns 101-500403-56 Rev. A, 101-500404-55 Rev. A, 101-500405-56 Rev. A, 101-500406-55 Rev. A, 101-500411-57 Rev. A, 101-500412-56 Rev. A and 101-500413-57 Rev. A; Firmware Version: SonicOS v6.2.5)
(When operated in FIPS mode. The protocols SSH and SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/19/2016
06/12/2017
9/18/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3901); CVL (Cert. #756); DRBG (Cert. #1117); DSA (Cert. #1061); HMAC (Cert. #2531); RSA (Cert. #1986); SHS (Cert. #3214)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; ARCFOUR; ARCFOUR128; DES; SNMP KDF (non-compliant); SSH KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"Deliver full-featured security that combines intrusion prevention, gateway anti-virus, anti-spyware, content filtering and anti-spam services, with intuitive, easy-to-use SonicWall TZ Series firewalls."
2748Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 4506-E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Versions: WS-C4506-E with Supervisor card [WS-X45-SUP7-E or WS-X45-SUP7L-E] and Line cards [WS-X4748-RJ45V+E and WS-X4748-RJ45-E]; Firmware Version: IOS-XE 3.7.0E)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/16/20169/15/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2057 and #2624); CVL (Cert. #877); DRBG (Cert. #403); HMAC (Cert. #1622); KBKDF (Cert. #98); RSA (Certs. #1339, #1341 and #2083); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575)

-Other algorithms: AES (Cert. #2624, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4
Multi-Chip Stand Alone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 series switch meets FIPS 140-2 overall Level 1 requirements as multi-chip standalone module. The switch includes cryptographic algorithms implemented in IOS-XE software as well as hardware ASICs. The module provides 802.1X-rev."
2747Gemalto
Avenue du Jujubier
Z.I Athelia IV
La Ciotat 13705
France

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

Arnaud LOTIGIER
TEL: +33 442366074
FAX: +33 442365545

CST Lab: NVLAP 100432-0
IDPrime MD 830-revB
(Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet version V4.3.5.D and MSPNP Applet V1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/16/20169/15/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100)

-Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; non-compliant less than 112 bits of encryption strength)
Single Chip

"IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2746Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

JungHa Paik
TEL: +82-10-8861-0858

CST Lab: NVLAP 200997-0
Samsung BoringSSL Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/16/2016
09/29/2016
9/28/2021Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge
Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge
Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge
Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4
Android 6.0.1 with processor Qualcomm MSM8996 running on Samsung Galaxy S7 Edge
Android 6.0.1 with processor EXYNOS8890 running on Samsung Galaxy S7 Edge
Android 6.0.1 with processor EXYNOS7420 running on Samsung Galaxy S6 Edge
Android 6.0.1 with processor Qualcomm APQ8084 running on Samsung Galaxy Note 4
Android 6.0.1 with processor EXYNOS5433 running on Samsung Galaxy Note 4, Android 6.0.1 with processor EXYNOS3475 running on Samsung Galaxy J3
Android 6.0.1 with processor Qualcomm MSM8916 running on Samsung Galaxy J3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3917); CVL (Certs. #777, #784 and #802); DRBG (Cert. #1132); DSA (Cert. #1071); ECDSA (Cert. #857); HMAC (Cert. #2545); KTS (AES Cert. #3917); RSA (Cert. #2000); SHS (Cert. #3227)

-Other algorithms: Diffie-Hellman (CVL Cert. #802, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #777, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data."
2745Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco Aironet 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points
(Hardware Versions: 1532e[5], 1532i[5], 1552e[2], 1552i[2], 1572[4], 1602e[3], 1602i[3], 1702[4], 2602e[4], 2602i[4], 2702e[4], 2702i[4], 3502e[2], 3502i[2], 3602e[4], 3602i[4], 3602p[4], 3702e[4], 3702i[4], 3702p[4], 3602e[1,4], 3602i[1,4], 3602p[1,4], 3702e[1,4], 3702i[1,4] and 3702p[1,4] with AIR-RM3000M[1], Marvell 88W8364[2], Marvell 88W8763C[3], Marvell 88W8764C[4] and Qualcomm Atheros AES-128w10i[5]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 MR3 with IC2M v2.0)
(The tamper evident seals installed as indicated in the Security Policy. This validation entry is a non-security relevant modification to Cert. #2421)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/15/2016
03/09/2017
03/22/2017
9/14/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2334, #2335, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441)

-Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant)
Multi-Chip Stand Alone

"Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments."
2744Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Abraham Joseph Kang
TEL: 408-324-3678

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200968-0
Samsung SCrypto
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/13/20169/12/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): QSEE 2.0 running on Qualcomm MSM8974
QSEE 4.0 running on Qualcomm MSM8996
MOBICORE Tbase 300 running on Samsung Electronics Exynos 5422
MOBICORE Tbase 302A running on Samsung Electronics Exynos 7420
MOBICORE Tbase 310B running on Samsung Electronics Exynos 8890 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3163, #3174, #3175, #3339, #3887 and #3888); CVL (Certs. #411, #433, #492, #752 and #753); DRBG (Certs. #656, #659, #781, #1111 and #1112); DSA (Certs. #912, #913, #947, #1057 and #1058); ECDSA (Certs. #577, #579, #662, #842 and #843); HMAC (Certs. #1991, #2002, #2129, #2525 and #2526); RSA (Certs. #1610, #1612, #1714, #1981 and #1982); SHS (Certs. #2616, #2627, #2773, #3207 and #3208); Triple-DES (Certs. #1801, #1811, #1908, #2135 and #2136)

-Other algorithms: EC Diffie-Hellman; NDRNG; RNG; RSA (encrypt/decrypt)
Multi-Chip Stand Alone

"SCrypto is secure library which is used to provide a standardized common cryptographic API to trusted applications for the secure world/TEE environment."
2743Chunghwa Telecom Co., Ltd. and Oberthur Technologies
No. 99, Dianyan Road
Yang-Mei District
Taoyuan City 326
Taiwan

Yeou-Fuh Kuan
TEL: +886 3 424 4333
FAX: +886 3 424 4129

Jean-Michel Esteban
TEL: +33 1 78 14 72 90

CST Lab: NVLAP 100432-0
HiCOS PKI Applet and Taiwan eID Applet on Oberthur Technologies ID-One Cosmo V8
(Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371')

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/13/20169/12/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2910 and 2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KBKDF (Cert. #33); KTS (AES Cert. #2910 and AES Cert. #2911; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG
Single Chip

"The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services. Taiwan eID Applet is a Javacard applet that stores personal information related to the card holder and supports the authentication mechanisms described in ICAO and EAC specifications with a fully configurable access control management over the Data Groups (DG)."
2742Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0
(Software Version: 4.0)
(When operated in FIPS mode with modules Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2721 operating in FIPS mode. The module generates random strings whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/12/20169/11/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3567, #3568, #3569, #3571, #3572, #3573, #3574, #3575, #3590 and #3592); DRBG (Certs. #911, #912, #913, #914, #915, #917, #924 and #926); HMAC (Certs. #2273, #2274, #2275 and #2277); RSA (Certs. #1835, #1836, #1837 and #1839); SHS (Certs. #2935, #2936, #2937 and #2939); Triple-DES (Certs. #1988 and #1989)

-Other algorithms: DES; PRNG; SHS (non-compliant)
Multi-Chip Stand Alone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 7.1 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
2741IBM Security
6303 Barfield Road
Atlanta, GA 30328
USA

Ferrell Moultrie
TEL: (404) 348-9293
FAX: N/A

CST Lab: NVLAP 200416-0
IBM Security Modular Extensible Security Architecture
(Software Versions: 5.3.1 and 5.3.3)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/08/2016
12/20/2016
12/19/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): RHEL 6.3 Linux on VMware ESXi 5.5 (single-user mode) running on IBM X3550 M2 with Intel Xeon E5530 (2x) processor

-FIPS Approved algorithms: AES (Certs. #3578 and #3579); CVL (Cert. #748); DRBG (Certs. #918 and #919); ECDSA (Certs. #726 and #727); HMAC (Certs. #2278 and #2279); RSA (Certs. #1840 and #1841); SHS (Certs. #2940 and #2941); Triple-DES (Certs. #1991 and #1992)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #748, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"IBM MESA (Modular Extensible Security Architecture) is an appliance framework hosting applications in a secure environment and providing all cryptographic or other security-relevant functions to the application. For example: IBM XGS-virtual is a specific application instance hosted in this fashion."
2740Rajant Corporation
400 East King Street
Malvern, PA 19355
USA

Marty Lamb
TEL: (484) 595-0233
FAX: (484) 595-0244

CST Lab: NVLAP 200416-0
Rajant BreadCrumb ME4-2409
(Hardware Version: ME4-2409 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/08/20169/7/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3445); CVL (Certs. #531 and #539); DRBG (Cert. #842); HMAC (Cert. #2194); KBKDF (Cert. #64); RSA (Cert. #1765); SHS (Cert. #2845)

-Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices."
2739Rajant Corporation
400 East King Street
Malvern, PA 19355
USA

Marty Lamb
TEL: (484) 595-0233
FAX: (484) 595-0244

CST Lab: NVLAP 200416-0
Rajant BreadCrumb LX4-2495 and LX4-2954
(Hardware Versions: LX4-2495, LX4-2954 with FIPS Kit: P/N 42540; Firmware Version: 11.4.0-FIPS)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/08/20169/7/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3444); CVL (Certs. #529 and #538); DRBG (Cert. #841); HMAC (Cert. #2193); KBKDF (Cert. #61); RSA (Cert. #1764); SHS (Cert. #2844)

-Other algorithms: AES (non-compliant); Camellia-CBC; NDRNG; PBKDF (non-compliant); RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The BreadCrumb by Rajant Corporation is an 802.11 (Wi-Fi) and Ethernet compatible wireless mesh networking device that allows for rapid deployment of mobile wireless networks in a wide variety of environments. It is lightweight, capable of communicating via up to four different radio frequencies, and is designed to be completely mobile as carried by a vehicle or an individual. BreadCrumb devices automatically detect other BreadCrumb devices and dynamically route packets through the resulting wireless mesh on behalf of commercially available off-the-shelf client devices."
2738APCON, Inc.
9255 SW Pioneer Court
Wilsonville, OR 97070
USA

Gerry Murphy
TEL: 503-682-4050
FAX: 503-682-4059

CST Lab: NVLAP 100432-0
ACI-3002-S Controller
(Hardware Versions: P/N ACI-3002-S, Version 1.0; Firmware Version: 5.07.1 build 106)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/07/20169/6/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3866); CVL (Cert. #743); DRBG (Cert. #1100); HMAC (Cert. #2510); KTS (AES Cert. #3866 and HMAC Cert. #2510; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1974); SHS (Cert. #3186)

-Other algorithms: ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Embedded

"The ACI-3002-S is a Linux based control module designed to manage and control APCON's XR series product family while operating in FIPS-140-2 compliant mode."
2737IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

Sandra Hernandez
TEL: 512-286-5624

Marie Fraser
TEL: +353 21 7306043

CST Lab: NVLAP 200416-0
IBM® Security QRadar® SIEM
(Hardware Versions: 7.2 with FIPS Replacement Labels (Part Number: 00FK877) and FIPS Replacement Baffles (Part Number: 5YKKK); Firmware Version: 7.2)
(When installed, initialized and configured as specified in the Security Policy Section 3. The tamper evident seals and baffles installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/02/20169/1/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3509); CVL (Cert. #577); DRBG (Cert. #876); HMAC (Cert. #2242); RSA (Cert. #1804); SHS (Cert. #2894); Triple-DES (Cert. #1973)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
Multi-Chip Stand Alone

"IBM® Security QRadar® FIPS Appliance consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. The IBM Security QRadar FIPS Appliance provides a secure platform that meets FIPS 140-2 Level 2 requirements while allowing organizations to meet current and emerging compliance mandates."
2736Tanium, Inc.
2200 Powell Street
6th Floor
Emeryville, CA 94608
USA

Jason Mealins
TEL: 415-644-8134

CST Lab: NVLAP 200556-0
Tanium Cryptographic Module
(Software Version: 1.0)
(The module generates cryptographic keys whose strengths are modified by available entropy. When operating with the BCRYPTPRIMITIVES.DLL module validated to FIPS 140-2 under Certificates #1329, #1336, and #1892 operating in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/02/20169/1/2021Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Microsoft Windows 7 (32-bit) running on a Dell PowerEdge R430
Microsoft Windows 7 (64-bit) running on a Dell PowerEdge R430
Microsoft Windows Server 2008 R2 (64-bit) running on a Dell PowerEdge R430
Microsoft Windows Server 2012 (64-bit) running on a Dell PowerEdge R430 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3876); CVL (Certs. #744 and #745); DRBG (Cert. #1105); ECDSA (Cert. #836); HMAC (Cert. #2519); SHS (Cert. #3197)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"The Tanium Cryptographic Module underpins Tanium's security management platform. Tanium's platform is a security and configuration management solution that provides instant visibility and allows enterprises to collect data and update machines in any-sized network, in seconds. Tanium's platform is able to query information from hundreds of thousands of machines in seconds because of its intelligent peer-to-peer communication model. This speed means that information is current and accurate when assessing a security threat or vulnerability."
2735Vormetric, Inc.
2860 Junction Ave
San Jose, CA 95134
USA

Peter Tsai
TEL: (669) 770-6927
FAX: (408) 844-8638

Steve He
TEL: (669) 770-6852
FAX: (408) 844-8638

CST Lab: NVLAP 200002-0
Vormetric Data Security Manager Virtual Appliance Module
(Software Version: 5.3.0)
(When operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/02/20169/1/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Centos 5.11 (64-bit) on VMware ESXi 5.5.0 running on a Supermicro X9DAX (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3588 and #3621); CVL (Certs. #612 and #643); DRBG (Cert. #951); ECDSA (Cert. #751); HMAC (Certs. #2287, #2288 and #2375); KTS (AES Cert. #3621 and HMAC Cert. #2375; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1866); SHS (Certs. #2949, #2950 and #3041)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Aria; SSH KDF (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Vormetric Data Security Virtual Appliance Module is a multi-chip standalone cryptographic module. The Vormetric Data Security Virtual Appliance Module is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
2734Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Van Nguyen
TEL: 408-936-2247

Lakshman Garikapaty
TEL: 978-589-0370

CST Lab: NVLAP 100432-0
Juniper Networks LN1000 Mobile Secure Router
(Hardware Versions: P/Ns LN1000-V, JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/02/20169/1/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3660); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1030); ECDSA (Certs. #758 and #767); HMAC (Certs. #2400, #2406 and #2410); RSA (Certs. #1885 and #1893); SHS (Certs. #3068, #3074 and #3078); Triple-DES (Certs. #2035, #2036 and #2042)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2410); NDRNG; ARCFOUR; BLOWFISH; CAST128; DES; DSA (Non-Compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC
Multi-Chip Embedded

"The Juniper Networks LN1000 Mobile Secure Router is a secure router that provides essential capabilities to connect, secure, and manage work force locations sized from handfuls to hundreds of users. The LN1000 provides high-performance network routing, next-generation firewall and intrusion prevention system (IPS) capabilities, and unified threat management in a standard VPX form factor."
2733Cavium Inc.
2315 N 1st Street
San Jose, CA 95131
USA

Phanikumar Kancharla
TEL: 408-943-7496
FAX: n/a

Tejinder Singh
TEL: 408=943-7403
FAX: n/a

CST Lab: NVLAP 100432-0
NITROXIII CNN35XX-NFBE HSM Family
(Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Version: CNN35XX-NFBE-FW-1.1 build 01)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/01/20168/31/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE
Multi-Chip Embedded

"CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers."
2732HGST, a Western Digital company
3403 Yerba Buena Road
San Jose, CA 95135
USA

Chung-chih Lin
TEL: 408-717-7689
FAX: 408-717-9494

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar He10 TCG Enterprise HDD
(Hardware Versions: P/Ns HUH721010AL5205 (0001), HUH721010AL4205 (0001), HUH721008AL5205 (0001) and HUH721008AL4205 (0001); Firmware Versions: R308, R328, R32A, R32G, R384, NA00, NA01, NE00 or LM10)
(When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/01/2016
09/07/2016
11/17/2016
12/09/2016
02/14/2017
02/22/2017
06/02/2017
12/8/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3880 and #3881); RSA (Cert. #1978); SHS (Certs. #3203 and #3204); HMAC (Cert. #2522); DRBG (Cert. #1108); PBKDF (vendor affirmed)

-Other algorithms: NDRNG
Multi-Chip Embedded

"HGST's self-encrypting Ultrastar He10 TCG Enterprise Hard-Disk Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar He10, which is based on third generation HelioSeal ® technology, uses PMR technology and is the industry's first 10TB drive that is drop-in ready for any enterprise-capacity application or environment. Targeted at 2.5M hours MTBF, the Ultrastar He10 provides the highest reliability rating available of all HDDs on the market today by building on the successful design of its 8TB and 6TB predecessors."
2731Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey D300 Series USB Flash Drive
(Hardware Versions: IKD300 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/20168/30/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); PBKDF (vendor affirmed); RSA (Cert. #1480); SHS (Cert. #2379)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"Kingston's IronKey D300 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen."
2730Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Mahesh Bommareddy
TEL: 408-936-5493

Van Nguyen
TEL: 408-936-2247

CST Lab: NVLAP 100432-0
Juniper Networks SRX5400, SRX5600, and SRX5800 Services Gateways
(Hardware Versions: P/Ns {SRX5400 (SRX5400B2-AC, SRX5400B2-DC, SRX5400BB-AC, or SRX5400BB-DC), SRX5600 (SRX5600BASE-AC or SRX5600BASE-DC), and SRX5800 (SRX5800BASE-AC or SRX5800BASE-DC)} with Service Processing Cards (SRX5K-SPC-2-10-40 or SRX5K-SPC-4-15-320) and Tamper Seals (JNPR-FIPS-TAMPER-LBLS); Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/20168/30/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3650, #3656, #3662 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022, #1032 and #1033); ECDSA (Certs. #758, #769 and #770); HMAC (Certs. #2400, #2406, #2412 and #2413); RSA (Certs. #1885, #1895 and #1896); SHS (Certs. #3068, #3074, #3080 and #3081); Triple-DES (Certs. #2035, #2036, #2037 and #2038)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-64; UMAC-128
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2729Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® FCX 624/648, ICX 6450, ICX 7750, ICX 7250 and SX 800/1600 Series
(Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX6450-24 (80-1005997-03), ICX6450-24P (80-1005996-04), ICX6450-48 (80-1005999-04), ICX6450-48P (80-1005998-04), ICX6450-C12-PD (80-1007578-01)], [ICX7250-24P (80-1008381-02), ICX7250-24G (80-1008379-02), ICX7250-24 (80-1008380-02), ICX7250-48P (80-1008386-02), ICX7250-48 (80-1008384-02)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), with Components (80-1002957-03; 80-1006607-01; 80-1006486-02; 80-1003883-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b)
(When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 5, 13 and 14 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/31/20168/30/2021Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2687, #2688, #2690, #2697, #2981, #3133, #3139, #3140, #3141, and #3142); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); Triple-DES (Certs. #1613, #1614, #1615, #1617, #1764)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; RC4
Multi-Chip Stand Alone

"The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX7250 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments."
2728BlackBerry Limited
BlackBerry B
2200 University Ave. E
Waterloo, Ontario N2K 0A7
Canada

Security Certifications Team
TEL: (519) 888-7465 x 72921
FAX: (519) 888-9852

CST Lab: NVLAP 200928-0
BlackBerry Linux Kernel Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix C)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/20168/28/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with AES-NI
CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without AES-NI
Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953)

-Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG
Multi-Chip Stand Alone

"The BlackBerry Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel. The BlackBerry Linux Kernel Cryptographic Module expands the secure capabilities and features BlackBerry is known for, to devices running operating systems other than the BlackBerry OS."
2727Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Adapter
(Hardware Versions: P/N: eSCAS(WP820) or eSCAM(WP820) Version: B/A5, B/A6, B/A7 or B/A8; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00)
(When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/29/2016
10/04/2016
03/13/2017
08/01/2017
10/3/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748 and #1889); SHS (Certs. #2344 and #2504); KTS (AES Cert. #2787)

-Other algorithms: N/A
Multi-Chip Embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Adapter provides high speed data at rest encryption for Hitachi storage."
2726Sony Mobile Communications, Inc.
1-8-15 Kohnan
Minato-ku, Tokyo 108-0075
USA

Takuya Nishibayashi
TEL: +81-3-5782-5285
FAX: +81-3-5782-5258

CST Lab: NVLAP 100432-0
Xperia Cryptographic Module
(Software Version: 1.0.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/20168/28/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 5.0 running on Xperia Z4 tablet with ARMv8 Cryptographic Instruction
Android 5.0 running on Xperia Z4 tablet without ARMv8 Cryptographic Instruction (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3329); CVL (Cert. #485); DRBG (Cert. #774); DSA (Cert. #946); ECDSA (Cert. #658); HMAC (Cert. #2120); RSA (Cert. #1709); SHS (Cert. #2762); Triple-DES (Cert. #1900)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #485, key agreement methodology provides between 112 and 256 bits of security strength; non-compliant less than 112 bits of encryption strength); DUAL EC DRBG; RSA (key wrapping methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG
Multi-Chip Stand Alone

"The Xperia Cryptographic Module provides a functionality/service, intended to protect data in transit and at rest."
2725FinalCode, Inc.
3031 Tisch Way
Suite 115
San Jose, CA 95128
USA

Inquiries
TEL: 855-201-8822

CST Lab: NVLAP 201029-0
FinalCode FIPS Crypto Module
(Software Version: 1.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/20168/28/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Mac OS X 10.8 on a MacBook Air
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"FinalCode FIPS Crypto Module is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform."
2724Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 3560-CX Switch
(Hardware Version: WS-3560CX-8TC-S; Firmware Version: 15.2(3)E1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/29/20168/28/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3984 and #4016); CVL (Cert. #813); DRBG (Cert. #1177); HMAC (Cert. #2600); RSA (Cert. #2045); SHS (Cert. #3289); Triple-DES (Cert. #2187)

-Other algorithms: AES (Cert. #3984, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); AES (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules."
2723Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Coitat 13705
France

Arnaud LOTIGER
TEL: +33 442366074
FAX: +33 442365545

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
IDCore 30-revB
(Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore 30 rev B - Build 06, Demonstration Applet version V1.1)
(When operated in FIPS mode with module IDPrime MD 830-revB validated to FIPS 140-2 under Cert. #2714 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/20168/25/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG
Single Chip

"IDCore 30-revB is a highly secured smartcard platform compliant with Javacard 2.2.2, Global Platform 2.1.1 & 2.2 Amendment D standards, designed to operate with Infineon SLE78 chip family. The library implements TDEA, AES, AES-CMAC, SHA1-224-256-384-512, RSA, RSA CRT, ECDSA, ECC CDH and SP800-90A RNG algorithms."
2722SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

Jack Young
TEL: 408-392-4334
FAX: 408-392-0319

CST Lab: NVLAP 100432-0
SPYRUS MDTU-P384 Encryption Module
(Hardware Versions: P/N 880074014F, Version 2.00.02; Firmware Version: 03.00.0D)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/20168/25/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3877 and #3878); DRBG (Cert. #1106); ECDSA (Cert. #837); KAS (Cert. #75); SHS (Certs. #3198 and #3199)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"The MDTU P-384 module is a Suite B cryptographic storage device featuring XTS-AES 256-bit full disk encryption and P-384 based digital signature services. The device is fully adapted for the storage and protection of sensitive data assets and provides an automated secure data exchange service with external devices by way of a high strength authentication mechanism. The physical security and capabilities of this module make it ideal for secure transfer of essential assets in mission-critical applications."
2721Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0
(Software Version: 4.0)
(With module Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/29/2016
12/20/2016
12/19/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #679, #680 and #681)

-Other algorithms: N/A
Multi-Chip Stand Alone

"Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
2720Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054
USA

Steve F. Taylor
TEL: 202-361-7778

Kevin Fiftal
TEL: 860-326-6293

CST Lab: NVLAP 200658-0
Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset
(Hardware Version: 3.0; Firmware Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid08/26/20168/25/2021Overall Level: 1

-Tested Configuration(s): Intel Sunrise Point PCH chipset with ME device firmware version 11.6.0.1102 CORPORATE SKU

-FIPS Approved algorithms: AES (Cert. #3923); CVL (Certs. #779, #798 and #799); DRBG (Cert. #1156); ECDSA (Certs. #871 and #872); HMAC (Certs. #2547 and #2548); KAS (SP 800-56B, vendor affirmed); Triple-DES (Cert. #2152); PBKDF (vendor affirmed); RSA (Certs. #2003 and #2022); SHS (Certs. #3232 and #3233)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5; RC4
Multi-Chip Stand Alone

"The Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset is a hybrid cryptographic module present on recent Intel® vPro™ platforms. The Security Engine Chipset consists of both hardware and firmware that are utilized by the Management Engine (ME) of vProTM platforms. The hardware and firmware combine to perform cryptographic functions within the Intel® vPro™ ME for applications executing in the ME."
2719Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Mahesh Bommareddy
TEL: 408-936-5493

Van Nguyen
TEL: 408-936-2247

CST Lab: NVLAP 100432-0
Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways
(Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX1400BASE-XGE-AC with [1] or [2], SRX1400BASE-XGE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/24/20168/23/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1033); ECDSA (Certs. #758 and #770); HMAC (Certs. #2400, #2406 and #2413); RSA (Certs. #1885 and #1896); SHS (Certs. #3068, #3074 and #3081); Triple-DES (Certs. #2035, #2036 and #2038)

-Other algorithms: ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; UMAC-64; UMAC-128
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2718Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
CANADA

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie F-IMB 4K Integrated Media Block (IMB)
(Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4363)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/20168/21/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: SHS (Cert. #1788); RSA (Cert. #1062)

-Other algorithms: TI ECDH; RNG; NDRNG; MD5; AES (non-compliant); HMAC (non-compliant); TLS v1.0 KDF (non-compliant)
Multi-Chip Embedded

"The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material."
2717FinalCode, Inc.
3031 Tisch Way
Suite 115
San Jose, CA 95128
USA

Inquiries
TEL: 855-201-8822

CST Lab: NVLAP 201029-0
FinalCode FIPS Crypto Module for Mobile
(Software Version: 1.1)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/22/20168/21/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"FinalCode FIPS Crypto Module for Mobile is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode mobile components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform."
2716HGST, a Western Digital company
3403 Yerba Buena Road
San Jose, CA 95135
USA

Chung-chih Lin
TEL: 408-717-6289
FAX: 408-717-9494

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar® SSD800MH.B, SSD1600MM and SSD1600MR TCG Enterprise SSD
(Hardware Versions: P/Ns HUSMH8080BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8040BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8020BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMH8010BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMM1620ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1619ASS235 (0003) [11], HUSMR1619ASS205 (0003) [12, 13, 17, 18], HUSMR1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1610ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14], HUSMR1650ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14, 15, 16], HUSMR1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14] and HUSMR1625ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 14]; Firmware Versions: D326 [1], D327 [2], D370 [3], K326 [4], K370 [5], P326 [6], P33G [7], P344 [8], P370 [9], Q4CB [10], R1C0 [11], G192 [12], R192 [13], D371 [14], P382 [15], K382 [16], R1D2 [17], or M1D2 [18]))
(When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2016
08/25/2016
09/16/2016
11/08/2016
11/7/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037)

-Other algorithms: NDRNG
Multi-Chip Embedded

"HGST's self-encrypting Ultrastar SSD800/1600 TCG Enterprise SSDs Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1600 family combines enterprise-grade MLC NAND Flash memory and advanced endurance management firmware. The power loss data management techniques extend reliability, endurance, and sustained performance over the life of the SSD."
2715IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

Tom Benjamin
TEL: 512-286-5319
FAX: 512-973-4763

Karthik Ramamoorthy
TEL: 512-286-8135
FAX: 512-973-4763

CST Lab: NVLAP 200658-0
IBM Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/22/2016
04/10/2017
8/21/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2012 release 2 running on ThinkCentre M92P Tower Desktop with PAA
Red Hat Enterprise Linux Server release 7.1 running on ThinkCentre M93P with PAA
AIX 7 running on IBM 9119-MHE with PAA
Red Hat Enterprise Linux Server release 7.1 running on IBM 9119-MHE with PAA
Windows 7 64-bit running on ThinkCentre M93P without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3904, #3905, #3906, #3907 and #3908); CVL (Certs. #758, #759, #760, #761, #762, #763, #764, #765, #766 and #767); DRBG (Certs. #1119, #1120, #1121, #1122 and #1123); DSA (Certs. #1062, #1063, #1064, #1065 and #1066); ECDSA (Certs. #847, #848, #849, #850 and #851); HMAC (Certs. #2533, #2534, #2535, #2536 and #2537); KTS (vendor affirmed); RSA (Certs. #1988, #1989, #1990, #1991 and #1992); SHS (Certs. #3216, #3217, #3218, #3219 and #3220); Triple-DES (Certs. #2140, #2141, #2142, #2143 and #2144)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework."
2714Gemalto
20 Colonade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0
IDPrime MD 830-revB
(Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet V4.3.5.D and MSPNP Applet V1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/19/20168/18/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100)

-Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Single Chip

"IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2713INTEGRITY Security Services
7585 Irvine Center Drive
Suite 250
Irvine, CA 92618
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

CST Lab: NVLAP 201029-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Firmware Version: 3.0.1)
(When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/18/20168/17/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): ATSAM4CMS32 with ARM Cortex-M4

-FIPS Approved algorithms: AES (Cert. #3943); DRBG (Cert. #1147); ECDSA (Cert. #864); HMAC (Cert. #2567); SHS (Cert. #3252)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength)
Multi-Chip Embedded

"Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2712Imprivata
10 Maguire Road
Building 4
Lexington, MA 02421
USA

Troy Kuehl
TEL: 781-674-2716
FAX: 781-674-2760

Joel Lemieux
TEL: 781-674-2418
FAX: 781-674-2760

CST Lab: NVLAP 100432-0
Imprivata FIPS 140-2 Cryptographic Module
(Software Versions: 3.6.0 and 3.6.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/16/20168/15/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Linux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSign
Linux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630
Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630
Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3417); DRBG (Cert. #821); HMAC (Cert. #2175); RSA (Cert. #1749); SHS (Cert. #2823); Triple-DES (Cert. #1928)

-Other algorithms: RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; AES (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5
Multi-Chip Stand Alone

"Imprivata delivers best in class solutions that optimize clinical workflow efficiency and enhance care delivery. OneSign® offers single sign-on, authentication management, and virtual desktop roaming enabling fast, secure No Click Access® to clinical applications and patient information, anytime, anywhere and from any device. Cortext® enables clinicians to securely collaborate across care teams and organizations. Confirm ID™ is the comprehensive identity and two-factor authentication platform for remote access, EPCS and medical device access."
2711Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux NSS Cryptographic Module v4.0
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/15/2016
12/19/2016
12/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610); CVL (Certs. #625, #626, #627, #628 and #629); DRBG (Certs. #935, #936, #937, #938 and #940); DSA (Certs. #1001, #1002, #1003, #1004 and #1005); ECDSA (Certs. #738, #739, #740, #741 and #742); HMAC (Certs. #2299, #2300, #2301, #2303 and #2305); RSA (Certs. #1853, #1854, #1855, #1856, #1857, #2031, #2032, #2033, #2034 and #2035); SHS (Certs. #2965, #2966, #2967, #2969 and #2971); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010)

-Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE
Multi-Chip Stand Alone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/"
2710GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

Pranay Kumar
TEL: (852) 2507 9565
FAX: (852) 2579 1131

Chern Yue Kwok
TEL: (852) 2507 9552
FAX: (852) 2579 1131

CST Lab: NVLAP 100432-0
Standalone IMB
(Hardware Versions: GDC-IMB-v3, R12; Firmware Version: 2.5 with Security Manager Firmware Version 1.5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/12/20168/11/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2148 and #3938); CVL (Cert. #785); DRBG (Cert. #1145); HMAC (Certs. #1315 and #2560); RSA (Cert. #2012); SHS (Certs. #1869 and #3247)

-Other algorithms: EC Diffie-Hellman (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Embedded

"A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
2709Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type A
(Hardware Versions: A0 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[1], A1 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[2]; Firmware Versions: ZZ01[1], NA01[2], NA02[2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2016
08/26/2016
09/29/2016
9/28/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); HMAC (Cert. #2231); SHS (Cert. #2879); RSA (Cert. #1795); DRBG (Cert. #867)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2708

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/09/20168/8/2021Overall Level: 2

Multi-Chip Embedded
2707Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type B
(Hardware Versions: A2 with PX04SVQ040B, PX04SVQ080B, PX04SVQ160B or PX04SRQ192B; Firmware Version: PD09)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/09/20168/8/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2706V-Key
72 Bendemeer Road
#02-20 Luzerne
Singapore, Singapore 339941
Singapore

Joseph Gan
TEL: +65 6471 2524
FAX: +65 6471 2526

CST Lab: NVLAP 200901-0
V-Key Cryptographic Module
(Software Version: 3.6.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/09/20168/8/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): VOS 3.6.0 running on a Samsung Galaxy S4 with Android 4.4.2 operating in single user mode

-FIPS Approved algorithms: AES (Cert. #3679); Triple-DES (Cert. #2057); SHS (Cert. #3093); HMAC (Cert. #2425); KBKDF (Cert. #74); RSA (Cert. #1900)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RNG
Multi-Chip Stand Alone

"A software cryptographic module residing within a virtual machine, V-OS that provides a sandboxed operating environment. The Module provides symmetric ciphers, including AES and Triple DES, asymmetric cipher RSA, secure hash functions SHA-1 and SHA-256, message authentication, key derivation and key storage."
2705ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009-1699
USA

Savitha Naik
TEL: 760-476-7416
FAX: 760-929-3941

David Suksumrit
TEL: 760-476-2306
FAX: 760-929-3941

CST Lab: NVLAP 100432-0
Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; P/N 1047117 (tamper evident seal applied over ESEM); Firmware Version: 02.09.06)
(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/08/2016
11/17/2016
11/16/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3449, #3450 and #3879); CVL (Certs. #454 and #747); DRBG (Cert. #1107); ECDSA (Cert. #839); HMAC (Cert. #2521); KAS (Cert. #76); KTS (AES Cert. #3879); SHS (Certs. #2689, #3201 and #3202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); DES; DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); HMAC MD5; MD5; PBKDF (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions."
2704Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 3750-X Switch
(Hardware Versions: WS-C3750X-24T with C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, or C3KX-NM-10GT; Firmware Version: 15.2(3)E1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/08/20168/7/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275, and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Cert. #1764); KBKDF (Cert. #49); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Cert. #1688)

-Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules."
2703Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/20168/25/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2702Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise
(Software Version: 10.0.10586)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/20168/25/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

-Other algorithms: MD5
Multi-Chip Stand Alone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2701Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/20168/25/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

-Other algorithms: MD5; NDRNG
Multi-Chip Stand Alone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2700Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/20168/25/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)
Multi-Chip Stand Alone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2699Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 781-442-0451

Linda Gallops
TEL: 704-972-5018
FAX: 980-355-5399

CST Lab: NVLAP 200928-0
Oracle Solaris Userland Cryptographic Framework
(Software Version: 1.3)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/08/2016
11/03/2016
11/2/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3936); Triple-DES (Cert. #2159); RSA (Cert. #2011); DSA (Cert. #1074); ECDSA (Cert. #862); SHS (Cert. #3245); HMAC (Cert. #2558); DRBG (Cert. #1143)

-Other algorithms: AES (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); SHS (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Oracle Solaris Userland Cryptographic Framework module provides cryptographic functionality for any application that calls into it. The module provides encryption, decryption, hashing, secure random number generation, signature generation and verification, certificate generation and verification, message authentication functions, and key pair generation for RSA and DSA. The module can leverage the algorithm acceleration from SPARC and x86 processors when available."
2698Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 781-442-0451

Linda Gallops
TEL: 704-972-5018
FAX: 980-355-5399

CST Lab: NVLAP 200928-0
Oracle Solaris Kernel Cryptographic Framework
(Software Version: 1.3)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/08/2016
11/03/2016
11/2/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3935); Triple-DES (Cert. #2158); RSA (Cert. #2010); ECDSA (Cert. #861); SHS (Cert. #3243); HMAC (Cert. #2556); DRBG (Cert. #1142)

-Other algorithms: AES (non-compliant); ECDSA (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Oracle Solaris Kernel Cryptographic Framework module provides cryptographic functionality for the kernel module. The module provides encryption, decryption, hashing, signature generation and verification, secure random number generation, and message authentication functions. The module can leverage the algorithm acceleration from SPARC and x86 processors when available."
2697Ciena® Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module
(Hardware Version: 1.0 with PCB P/N NTK539QS-220; Firmware Version: 2.00)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/04/20168/3/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3601 and #3602); CVL (Cert. #624); DRBG (Cert. #934); ECDSA (Certs. #736 and #737); HMAC (Cert. #2298); SHS (Certs. #2963 and #2964); Triple-DES (Cert. #2005)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service."
2696Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Mahesh Bommareddy
TEL: 408-936-5493

Van Nguyen
TEL: 408-936-2247

CST Lab: NVLAP 100432-0
Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways
(Hardware Versions: P/Ns {SRX100H, SRX100H2, SRX100H-TAA, SRX110H2-VA, SRX110H2-VB, SRX110H-VA, SRX110H-VB; SRX210HE, SRX210HE2, SRX210HE2-POE, SRX210HE-POE, SRX210HE-POE-TAA, SRX210HE-TAA, SRX210H2-POE-TAA, SRX210H2-TAA; SRX220H, SRX220H2, SRX220H-POE, SRX220H2-POE; SRX240H, SRX240H2, SRX240H2-DC, SRX240H2-POE, SRX240H-DC, SRX240H-POE, SRX240H-POE-TAA, SRX240H-TAA, SRX240H2-DC-TAA, SRX240H2-POE-TAA, SRX240H2-TAA; SRX550-645AP, SRX550-645DP, SRX550-645AP-TAA, SRX550-645DP-TAA; SRX650-BASE-SRE6-645AP, SRX650-BASE-SRE6-645DP, SRX650B-SRE6-645AP-TAA} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/04/20168/3/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Certs. #2035, #2036, #2039, #2040, #2041, #2042 and #2043); AES (Certs. #3650, #3656, #3657, #3658, #3659, #3660 and #3661); SHS (Certs. #3068, #3074, #3075, #3076, #3077, #3078 and #3079); HMAC (Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); CVL (Certs. #659 and #660); RSA (Certs. #1885, #1890, #1891, #1892, #1893 and #1894); DSA (Certs. #1022, #1027, #1028, #1029, #1030 and #1031); ECDSA (Certs. #758, #764, #765, #766, #767 and #768); DRBG (Cert. #981)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-128; UMAC-64; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128
Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2695Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Harshad Thakar
TEL: 720-684-2880

CST Lab: NVLAP 201029-0
Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module
(Hardware Versions: ST1000LM038 - 1RD172 [1], ST2000LM010 - 1RA174 [2], ST500LM033 - 1RD17D [3], ST1000LX017 - 1U9172 [4], ST2000LX003 - 1RJ174 [5]; Firmware Versions: SDM1 [1,2, 3], RSE1 [1, 3], LSM1 [1,2, 3], RDE1 [2], SSM1 [4,5])
(When operated in FIPS Mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/03/2016
05/23/2017
08/31/2017
8/2/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2804, #2947, #3758, #3759 and #3760); CVL (Certs. #707 and #708); DRBG (Cert. #62); HMAC (Certs. #1597 and #2460); KTS (AES Cert. #2947); RSA (Certs. #1933 and #1934); SHS (Certs. #1225, #3128 and #3129); PBKDF (vendor affirmed)

-Other algorithms: Diffie-Hellman (CVL Cert. #707, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The ‘Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module’ is embodied in Seagate Laptop thin and Laptop Self-Encrypting Drive model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2694Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Board
(Hardware Version: HM800SL1 or HM800SL1a; Firmware Versions: 03.07.49.00, 03.07.54.00 or 03.07.56.00)
(When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/03/2016
08/04/2017
8/2/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); SHS (Cert. #2738); KTS (AES Cert. #3305)

-Other algorithms: N/A
Multi-Chip Embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Board provides high speed data at rest encryption for Hitachi storage."
2693Forcepoint
10900-A Stonelake Blvd
Quarry Oaks 1, Ste 350
Austin, TX 78759
USA

Michael Carney
TEL: 952-444-9546

CST Lab: NVLAP 200556-0
Forcepoint Sidewinder
(Firmware Version: 8.3.2P07 with patch 8.3.2E106)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/03/20168/2/2021Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): The module was tested on the 1402-C3 McAfee Firewall Enterprise with a proprietary OS (SecureOS® version 8.3)

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2692Zanjia Electronic Science & Technology (Beijing) Co., Ltd.
Rm 1701, Bldg B, Wantong New World Plaza
No.2 Fuchengmenwai St.
Xicheng Dist.
Beijing, Beijing 100037
China

Jingqiang Lin
TEL: +86-18910039067

Zheng Li
TEL: +86-18600339661

CST Lab: NVLAP 200658-0
HSM-ZJ2014
(Hardware Version: ZJ2014-2697v2-680-32G; Firmware Version: 1.0.0.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/28/20167/27/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3912); DRBG (Cert. #1128); ECDSA (Cert. #855); HMAC (Cert. #2541); RSA (Cert. #1996); SHS (Cert. #3224)

-Other algorithms: AES (Cert. #3912, key wrapping); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength )
Multi-Chip Stand Alone

"HSM-ZJ2014 is a hardware security module, providing cryptographic services including encryption, decryption, signature generation and verification, and key management."
2691IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

Michael Zagorski
TEL: 845-435-1853

Michael Onghena
TEL: 919-543-4049

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module [1] and IBM® z/OS® Version 2 Release 2 Security Server RACF® Signature Verification Module [2]
(Hardware Versions: FC 3863 EC N98775 Drv 22H [1] and FC 3863 EC P00339 Drv D27I [2]; Software Versions: RACF level HRF7790 [1] and RACF level HRF77A0 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid07/28/2016
04/25/2017
05/09/2017
06/01/2017
7/27/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13
IBM z/OS Version 2 Release 2 running on an IBM z13 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1979); SHS (Cert. #3196)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The z/OS RACF Program Signature Verification package consists of the core module (IRRPVERS) that is utilized when verifying signed code as it is loaded as well as an auxiliary module responsible for driving the initialization of IRRPVERS. The RACF Program Signature Verification module consists of software-based cryptographic algorithms, as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF)."
2690Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Van Nguyen
TEL: 408-936-2247

Seyed Safakish
TEL: 408-745-8158

CST Lab: NVLAP 100432-0
MX240, MX480, and MX960 3D Universal Edge Routers with the Multiservices MPC and Junos 14.2X4-D10.11
(Hardware Versions: MX240, MX480 and MX960 with components identified in Security Policy Table 1; Firmware Version: Junos 14.2X4-D10.11)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/28/2016
05/02/2017
7/27/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3955, #3956 and #3957); CVL (Certs. #791 and #792); DRBG (Certs. #1157 and #1158); DSA (Certs. #1078 and #1079); ECDSA (Certs. #869 and #870); HMAC (Certs. #2575, #2576, #2577 and #2578); RSA (Certs. #2019 and #2020); SHS (Certs. #3261, #3262, #3263 and #3264); Triple-DES (Certs. #2166, #2167 and #2168);

-Other algorithms: ARCFOUR; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC-MD5; HMAC-RIPEMD160; NDRNG; UMAC-128; UMAC-64
Multi-Chip Stand Alone

"The MX 3D Universal Edge Routers deliver high performance, reliability, and scale to enable a cost-effective solution. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services."
2689Kaminario
75 Second Avenue
6th Floor, Suite 620
Needham, MA 02494
USA

Mike Jochimsen
TEL: 1-925-915-0495

Mark Shteiman
TEL: 972-52-5222883

CST Lab: NVLAP 201029-0
Kaminario Encryption Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/20167/26/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"The Kaminario Encryption Module is a standalone cryptographic module of the Kaminario K2 All Flash Array (AFA) product, the backbone of the modern data center. The module delivers core cryptographic functions and features robust algorithm support. Kaminario K2 offloads to the Cryptographic Module various crypto functions such as authentication, secure key management, data integrity, management traffic encryption and data at rest encryption."
2688iStorage Limited
iStorage House
13 Alpherton Lane, Perivale
Middlesex UB6 8DH
United Kingdom

John Michael
TEL: +44 (0)20 8991 6260
FAX: +44 (0)20 8991 6277

Lev Bolotin
TEL: 425-820-9929

CST Lab: NVLAP 200983-0
datAshur Pro 3.0
(Hardware Version: IS-FL-DA3-256-4; IS-FL-DA3-256-8; IS-FL-DA3-256-16; IS-FL-DA3-256-32; IS-FL-DA3-256-64; Firmware Version: Encryption Controller: V1.01.10; Security Controller: v1.11; Software Version: N/A)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/26/2016
03/17/2017
06/02/2017
07/14/2017
7/25/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); SHS (Cert. #3127); PBKDF (Vendor Affirmed)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"iStorage datAshur Secure USB Flash Drive (iStorage datAshur Pro 3.0 or datAshur) is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit XTS-AES encryption to secure sensitive information in the event that the drive is lost or stolen.The data encryption key (DEK) and other cryptographic parameters are generated within the module on first use through the use of a NIST approved DRBG. The seed for the DRBG is also produced within the module from an NDRNG."
2687SyncDog, Inc.
1818 Library Street
Suite 500
Reston, VA 20190
USA

Jonas Gyllensvaan
TEL: 1-855-796-2364

CST Lab: NVLAP 201029-0
SyncDog Cryptographic Module
(Software Version: 2.5)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/25/20167/24/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"The SyncDog Cryptographic Module provides validated cryptographic functions for SentinelSecure™ SentinelSecure secures data in transport and data at rest for all applications utilizing its security protocols. SentinelSecure provides a secure mobile communications platform and app containerization."
2686HPE Data Security
20400 Stevens Creek Blvd STE 500
Cupertino, CA 95014
USA

Luther Martin
TEL: 408-886-3255
FAX: 408-886-3201

CST Lab: NVLAP 200802-0
Voltage Cryptographic Module v.5.0
(Software Version: Version 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/19/2016
08/04/2016
08/22/2016
8/21/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): CPU Intel(R) Core(TM) i7-3770 with AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010
CPU Intel(R) Core(TM) i7-3770 w/o AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010
CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - OSS running on HP Integrity NonStop BladeSystem NB54000c
CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running on HP Integrity NonStop X NS7 X1
CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - Guardian running HP Integrity NonStop BladeSystem NB54000c
CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running on HP Integrity NonStop X NS7 X1
CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running HP Integrity NonStop X NS7 X1
CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running HP Integrity NonStop X NS7 X1
CPU Intel(R) Core(TM) i7-2600 with AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790
CPU Intel(R) Core(TM) i7-2600 w/o AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 (single-user mode)

-FIPS Approved algorithms: ECDSA (Certs. #803, #806, #829, #845 and #846); DSA (Certs. #1042, #1044, #1050, #1059 and #1060); Triple-DES (Certs. #1915, #1916, #1917, #1918, #2091, #2117, #2137, #2138, #2169, #2208 and #2209); SHS (Certs. #2791, #2792, #2793, #2794, #3131, #3166, #3210 and #3211); AES (Certs. #3372, #3373, #3374, #3375, #3410, #3411, #3412, #3413, #3761, #3843, #3894, #3895, #3918, #4033 and #4034); HMAC (Certs. #2455, #2461, #2493, #2528 and #2529); RSA (Certs. #1730, #1731, #1732, #1733, #1935, #1963, #1984 and #1985); DRBG (Certs. #796, #797, #798, #799, #1033, #1088, #1114, and #1115); KBKDF (Certs. #63, #67, #68, #69, #76, #83, #87 and #88); CVL (Certs. #509, #510, #511, #512, #709, #732, #754 and #755); PBKDF (vendor affirmed);

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; Dual EC DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"The Voltage Cryptographic Module v.5.0 provides the Validated algorithms used by the HPE SecureMail, HPE SecureFile and HPE SecureData families of products."
2685SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYRUS USB-3 Module
(Hardware Version: SFP100000-1; SFP100000-2; SFP100000-3; SFP100000-4; SFP200000-1; SFP200000-2; SFP200000-3; SFP200000-4; SFP300000-1; SFP300000-2; SFP300000-3; SFP300000-4; Firmware Version: 3.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/20167/18/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3406); KTS (AES Cert. #3115); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658); KBKDF (Cert. #54)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The SPYRUS USB-3 Module provides multiple security functionalities in a single platform, including WindowsToGo, PKI support, Secure Mass Storage and conventional cryptographic token capabilities. This Module provides Suite-B algorithms that ensure the protection and integrity of User Data and application data on board."
2684Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco C819 ISR, C880 ISR, C890 ISR, CGR 2010, C800M, ESR5921, and IR809
(Hardware Versions: C819G-4G-GA, C819G-4G-NA, C819G-4G-ST, C819G-4G-VZ, C819HG-4G-A, C819HG-4G-G, C819HG-4G-V, ESR5921, C881, C881G-4G-GA, C887VAG-4G-GA, C891F, C892FSP, C897VA, C897VAG-LTE-GA, C899G-LTE-GA, C899G-LTE-NA, C899G-LTE-ST, C899G-LTE-VZ, CGR 2010 [1], C841M-4X, C841M-8X, IR809G-LTE-VZ, IR809G-LTE-NA with GRWIC-ESM-8x [1] or GRWIC-ESM-4x [1]; Firmware Version: IOS 15.5M)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/20167/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1764 and #2377); RSA (Certs. #1471 and #1868); SHS (Certs. #2361 and #3043); Triple-DES (Certs. #1688 and #2020)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 to 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2683Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Integrated Services Router (ISR) 891W, 1941W, 829W
(Hardware Versions: C891FW-A, C891FW-E, 1941W, IR829GW-LTE-NA-A, IR829GW-LTE-VZ-A; Firmware Versions: Router IOS 15.5M and AP IOS 15.3.3-JB)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/20167/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1791, #2343, #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1452, #1764 and #2377); KBKDF (Certs. #49 and #86); RSA (Certs. #1471 and #1868); SHS (Certs. #2020, #2361 and #3043); Triple-DES (Certs. #1466 and #1688)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2682Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Integrated Services Router (ISR) 1905 ISR, 1921 ISR, 1941 ISR, 2901 ISR, 2911 ISR, 2921 ISR, 2951 ISR, 3925 ISR, 3925E ISR, 3945 ISR, 3945E ISR, 5915 ESR and 5940 ESR
(Hardware Versions: 1905, 1921, 1941 [3], 2901 [4], 2911 [5], 2921 [6], 2951 [7], 3925 [8], 3945 [9], 3925E [10], 3945E [11], 5915, 5940 with PVDM2-8 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-48 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-128 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-192 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-256 [4, 5, 6, 7, 8, 9, 10, 11] and ISM-VPN-19 [3], ISM-VPN-29 [4, 5, 6, 7], ISM-VPN-39 [8, 9]; Firmware Version: IOS 15.5M)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/20167/18/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2343 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1764 and #1452); RSA (Cert. #1471); SHS (Certs. #2020 and #2361); Triple-DES (Certs. #1466 and #1688)

-Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2681Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches
(Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024F-4X-RT-DC (80-1007212-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a)
(When operated in FIPS mode with the tamper evident labels installed as specified in Appendix A and configured as specified in Tables 4 and 8 and as per Section 9 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/15/20167/14/2021Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2715 and #3143); SHS (Cert. #2280); RSA (Cert. #1411); HMAC (Cert. #1694); DRBG (Cert. #452); CVL (Certs. #173, #394 and #403); Triple-DES (Cert. #1632)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5; DES; HMAC-SHA-1-96 (HMAC Cert. #1694)
Multi-Chip Stand Alone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor."
2680LG Electronics, Inc.
20 Yoido-dong
Youngdungpo-gu
Seoul 152-721
Republic of Korea

Joonwoong Kim
TEL: 82-10-2207-1919
FAX: 82-2-6950-2080

Adam Wick
TEL: 503-808-7216
FAX: 503-350-0833

CST Lab: NVLAP 100432-0
LG Kernel Cryptographic Module
(Software Versions: 3.4.0 [1] or 3.10.49 [2, 3])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/15/20167/14/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): [1] Android 5.0.1 running on an LG G3 (Model VS985)
[2] Android 5.0.1 running on an LG G-Flex 2 (Model LGLS996)
[3] Android 5.1 running on an LG G4 (Model VS986) (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1875 and #1940); AES (Certs. #3290 and #3443); SHS (Certs. #2729 and #2843); HMAC (Certs. #2088 and #2192)

-Other algorithms: DES; Twofish; MD5; MD4; ARC4; GHASH; RNG
Multi-Chip Stand Alone

"The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality."
2679Gemalto SA
6, rue de la Verrerie - CS 20001
Meudon Cedex 92197
France

Gilles ROMME
TEL: +33 155015712
FAX: +33 155015170

Guennole Tripotin
TEL: +33 442365522
FAX: +33 442365236

CST Lab: NVLAP 100432-0
MultiApp V31 Platform
(Hardware Versions: NXP P60D080P VC (MPH132), NXP P60D144P VA (MPH149); Firmware Versions: MultiApp V31 patch 1.4, Demonstration Applet version V1.3)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/20167/14/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3543); CVL (Cert. #597); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #1984, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3543, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)
Single Chip

"The MultiApp ID smart cards are fully compliant with two major industry standards: Sun's Javacard 2.2.1 and Global Platform (GP) Card Specification version 2.1.1. They are therefore Java-GP cards, capable of managing applets in a controlled and secure manner in this multi-applet environment. This platform is delivered with a set of applet already loaded loaded in ROM and that can be installed if proper ordering options have been set."
2678EF Johnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

Josh Johnson
TEL: 402-479-8459
FAX: 402-479-8472

CST Lab: NVLAP 100432-0
Johnson Encryption Machine 2 (JEM2)
(Hardware Versions: P/Ns R035-3900-180-00 and R035-3900-280-01; Firmware Version: 4.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/20167/14/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3436 and #3437); DRBG (Cert. #837); ECDSA (Cert. #692); HMAC (Cert. #2187); KTS (AES Cert. #3437); SHS (Cert. #2838)

-Other algorithms: AES-MAC (AES Cert. #3436, vendor affirmed; P25 AES OTAR); DES; NDRNG
Multi-Chip Embedded

"The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES Key Wrap, AES, ECDSA, DRBG, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
2677SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
SMA 6200 and SMA 7200
(Hardware Versions: P/Ns 101-500399-57 Rev A and 101-500398-57 Rev A; Firmware Version: SRA 10.7.2-619)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/2016
06/13/2017
7/14/2021Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: DRBG (Cert. #954); AES (Certs. #3626, #3627 and #3628); RSA (Certs. #1869 and #1870); Triple-DES (Certs. #2021, #2022 and #2023); SHS (Certs. #3044, #3045 and #3046); HMAC (Certs. #2378, #2379 and #2380); CVL (Certs. #646, #647, #648 and #649)

-Other algorithms: MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"SonicWALL Software SMA 6200 and SMA 7200 are part of the SonicWALL Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS and Google Android among others."
2676Cohesity, Inc.
451 El Camino Real
Suite 235
Santa Clara, CA 95050
USA

Vivek Agarwal
TEL: 415-690-7805

CST Lab: NVLAP 200427-0
Cohesity OpenSSL FIPS Object Module
(Software Version: 1.0.1)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #2398)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/11/20167/10/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): CentOS 7.2 running on a Cohesity CS2500 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3967); CVL (Cert. #796); DRBG (Cert. #1162); DSA (Cert. #1081); ECDSA (Cert. #873); HMAC (Cert. #2585); RSA (Cert. #2027); SHS (Cert. #3271); Triple-DES (Cert. #2176)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG
Multi-Chip Stand Alone

"The Cohesity OpenSSL FIPS Object Module is a general purpose cryptographic module compiled from the source code for the OpenSSL FIPS Object Module ECP 2.0.12. It is incorporated into the CS2000 family of Cohesity Storage Systems."
2675Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) & NCS 2000 Series
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, NCS2002-SA, NCS2006-SA, NCS2015-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, NCS2K-TNCS-O-K9, NCS2K-TNCS-K9, 15454-M-WSE-K9, NCS2K-MR-MXP-LIC, 15454-M-10X10G-LC, and NCS2K-200G-CK-LIC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 10.5)
(When installed, initialized and configured as specified in Section 6 of the Security Policy with tamper evident seals installed as indicated in Section 5.6 of the Security Policy and when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/20167/10/2021Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2769, #2770, #3770 and #3771); CVL (Certs. #750 and #751); DRBG (Certs. #1040 and #1041); HMAC (Certs. #2470 and #2471); KBKDF (Cert. #79); RSA (Certs. #1940 and #1941); SHS (Certs. #3140 and #3141); Triple-DES (Cert. #2098)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-Chip Stand Alone

"The Cisco ONS 15454 Multiservice Transport Platforms (MSTPs) and NCS 2000 Series provide capital and operational efficiency by addressing the increasing demand for multiple services, greater transport capacity, networking flexibility, multiple distance options, and management simplicity in a single platform."
2674Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

JungHa Paik
TEL: +82-10-8861-0858

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Version: SKC1.7)
(When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/11/2016
09/20/2016
9/19/2021Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 with PAA
Android Marshmallow 6.0.1 running on Samsung Galaxy S7 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3836 and #3837); SHS (Certs. #3160, #3161 and #3193); HMAC (Certs. #2487, #2488 and #2516); DRBG (Certs. #1082 and #1083)

-Other algorithms: DES; Twofish; MD5; krng; ARC4; Pcompress; CRC32c; Deflate; LZO; GHASH; GF128MUL; Triple-DES (non-compliant)
Multi-Chip Stand Alone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2673MRV Communications Inc.
300 Apollo Dr.
Chelmsford, MA 01824
USA

Tim Bergeron
TEL: 978-674-6860

Phil Bellino
TEL: 978-674-6870

CST Lab: NVLAP 200427-0
LX-4000T Series Console Servers
(Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive), 600-R3265 RevC through 600-R3288 RevC (inclusive), 600-R3265 RevD through 600-R3288 RevD (inclusive) and 600-R3265 RevE through 600-R3288 RevE (inclusive); Firmware Versions: LinuxITO Version: 6.1.0 and PPCiboot Version: 5.3.9)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IPsec, SNMP, SSH and TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/08/20167/7/2021Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3765); DRBG (Cert. #1035); DSA (Cert. #1046); SHS (Cert. #3134)

-Other algorithms: DES; EC Diffie-Hellman (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); IKEv2 KDF (non-compliant); MD5; NDRNG; RSA (non-compliant); SNMP KDF (non-compliant); SSH KDF (non-compliant); TLS KDF (non-compliant)
Multi-Chip Stand Alone

"The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
2672Information Assurance Specialists, Inc.
900 Route 168
Suite C4
Turnersville, NJ 08012
USA

William Morgan
TEL: 856-581-8033 Ext. 1006
FAX: 856-228-1265

Keiron Tomasso
TEL: 856-581-8033 Ext. 1001
FAX: 856-228-1265

CST Lab: NVLAP 100432-0
IAS Router
(Hardware Versions: P/Ns IAS STEW Rev 1.0, IAS KG-RU Rev 1.0 and IAS Router Micro Rev 1.0; Firmware Version: 50e8756 - 2015-11-24)
(When operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/07/20167/6/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1935); AES (Cert. #3430); DRBG (Cert. #782); ECDSA (Cert. #663); HMAC (Cert. #2182); CVL (Certs. #493 and #523); RSA (Cert. #1756); KTS (vendor affirmed); SHS (Cert. #2830)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5
Multi-Chip Stand Alone

"IAS Routers are purpose-built secure IP Routers/VPN Gateways designed to be small, lightweight, low power consumption, highly portable devices able to leverage a wide range of WAN connectivity options to allow secure communications back to a central site from nearly anywhere on the planet."
2671Duo Security, Inc.
123 North Ashley Street
Suite 200
Ann Arbor, MI 48104
USA

Duo Mobile Security

CST Lab: NVLAP 201029-0
Duo Security Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/07/20167/6/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus

-FIPS Approved algorithms: AES (Cert. #2125); HMAC (Cert. #1296); DSA (Cert. #666); ECDSA (Cert. #319); RSA (Cert. #1094); SHS (Cert. #1849); Triple-DES (Cert. #1351); DRBG (Cert. #233); CVL (Cert. #28)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"The Duo Security Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to Duo Security's Two-Factor Authentication mobile application."
2670Ceragon Networks, Ltd.
24 Raul Wallenberg St.
Tel Aviv 69719
Israel

Yoav Shilo

CST Lab: NVLAP 201029-0
FibeAir® IP-20C, FibeAir® IP-20S, FibeAir® IP-20N, FibeAir® IP-20A, FibeAir® IP-20G, and FibeAir® IP-20GX
(Hardware Versions: IP-20N, IP-20A, IP-20G, IP-20GX, IP-20C, IP-20S, IP-20-TCC-B-MC+SD-AF: 24-T009-1|A, IP-20-TCC-B2+SD-AF: 24-T010-1|A, IP-20-TCC-B2-XG-MC+SD-AF: 24-T011-1|A, IP-20-RMC-B-AF: 24-R010-0|A; Firmware Version: CeraOS 8.3)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/04/20167/3/2021Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3865 and #3867); CVL (Cert. #742); DRBG (Cert. #1099); HMAC (Cert. #2509); KTS (AES Cert. #3865 and HMAC Cert. #2509; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1973); SHS (Certs. #3185)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RC5; CRC32; CRC16; CRC7; ECDSA (non-compliant); DSA (non-compliant); NDRNG; AES (non-compliant)
Multi-Chip Stand Alone

"FibeAir IP-20 platform provides secured wireless backhaul solutions to deliver mission-critical multimedia services, 4G and other applications with high security and reliability. The platform provides multi gigabit wireless links in 4-86GHz frequency bands, supporting IP and TDM services in a wide range of topologies and network architectures."
2669INTEGRITY Security Services
7585 Irvine Center Drive
Suite 250
Irvine, CA 92618
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

CST Lab: NVLAP 100432-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 3.0.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/30/2016
08/08/2016
12/06/2016
12/07/2016
12/6/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): FreeRTOS 7.6 running on Cubic PU-4 (ST-Micro STM32F4xxx/ARM Cortex-M4)
OpenWrt/Linaro running on Gateway 5100 Ventana (i.MX6 800MHz/ARM Cortex-A9) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3773, #3774, #3775, #3776, #3777, #3889, #3890, #3891, #3892 and #3893); DRBG (Certs. #1043 and #1113); ECDSA (Certs. #812 and #844); CVL (Certs. #720 and #929); HMAC (Certs. #2473 and #2527); RSA (Certs. #1943 and #1983); SHS (Certs. #3143 and #3209); PBKDF (vendor affirmed)

-Other algorithms: AES (Certs. #3773 and #3889, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (shared secret computation provides 192 bits of encryption strength); EC Diffie-Hellman (shared secret computation provides between 112 and 256 bits of encryption strength); Triple-DES (non-compliant); MD5; HMAC-MD5
Multi-Chip Stand Alone

"Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2668Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev F with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.8.1.06)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/30/2016
08/29/2016
8/28/2021Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #173 and #3547); DRBG (Cert. #903); HMAC (Certs. #39, #2265 and #2266); RSA (Cert. #1827); SHS (Certs. #258 and #2926); Triple-DES (Certs. #275 and #1986); CVL (Certs. #603, #604 and #605)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-96 (non-compliant); DSA (non-compliant); RNG
Multi-Chip Stand Alone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2667Micron Technology, LLC
Micron Technology
8000 S. Federal Way
Boise, ID 83716-9632
USA

Paul Barna
TEL: 208-492-1062

Michael Selzler
TEL: 720-494-5217

CST Lab: NVLAP 200427-0
Micron S650DC® SAS TCG Enterprise SSC Self-Encrypting Drive
(Hardware Versions: MTFDJAK400MBS-2AN16FCYY, MTFDJAK800MBS-2AN16FCYY, MTFDJAL1T6MBS-2AN16FCYY and MTFDJAL3T2MBS-2AN16FCYY; Firmware Versions: MB13, MB17 and MB18)
(When installed, initialized and configured as specified in Section 7 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/30/2016
01/19/2017
06/29/2017
1/18/2022Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Micron Secure ® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Micron S650DC SAS SED model solid state drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2666Cambium Networks, Ltd.
Unit B2, Linhay Business Park, Eastern Road
Ashburton TQ13 7UP
UK

Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0
PTP 700 Point to Point Wireless Ethernet Bridge
(Hardware Versions: P/Ns C045070B001A, C045070B002A, C045070B003A, C045070B004A, C045070B005A, C045070B006A, C045070B007A, C045070B008A, C045070B009A, C045070B010A, C045070B011A, C045070B012A, C045070B013A, C045070B014A, C045070B015A, C045070B016A, C045070B017A, C045070B018A, C045070B019A, C045070B020A, C045070B021A, C045070B022A, C045070B023A, C045070B024A, C045070B025A, C045070B026A, C045070B027A, C045070B028A, C045070B029A and C045070B030A; Firmware Version: 700-01-00-FIPS)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/29/20166/28/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2594 and #2754); DRBG (Cert. #465); DSA (Cert. #842); HMAC (Cert. #1728); SHS (Cert. #2323); CVL (Certs. #202 and #203); KTS (AES Cert. #2754 and HMAC Cert. #1728; key establishment methodology provides 128 or 256 bits of encryption strength)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG
Multi-Chip Stand Alone

"The PTP 700 is deployed in pairs to create a wireless bridge between two Ethernet networks. The Module operates in licensed, lightly-licensed, and unlicensed frequency bands between 4400 MHz and 5875 MHz, in channel bandwidths up to 45 MHz, providing aggregate data rates up to 450 Mbit/s. The Module transmits and receives Ethernet frames as plaintext, and transmits and receives encrypted wireless signals. The Module is available in 24 different variants, consisting of combinations of physical format, regional variants, capacity variants and ATEX/HAZLOC units."
2665DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0
DocuSign Signature Appliance
(Hardware Versions: 7.0 and 8.0; Firmware Version: 8.0)
(When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/2016
07/25/2016
7/24/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: CVL (Certs. #786 and #787); DRBG (Certs. #98, #1137 and #1138); HMAC (Certs. #2551, #2552, #2563 and #2564); KTS (Triple-DES Cert. #2160 and HMAC Cert. #2563; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2005 and #2006); SHS (Certs. #3237, #3238, #3248 and #3249); Triple-DES (Certs. #2155, #2156 #2160 and #2161); Triple-DES MAC (Triple-DES Certs. #2155 and #2156, vendor affirmed)

-Other algorithms: HMAC (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data."
2664Advanced Card Systems Ltd.
Units 2010-2013, 20/F Chevalier Commercial Centre
8 Wang Hoi Road Kowloon Bay
Hong Kong

Andrew Chan
TEL: +852-27967873
FAX: +852-27961286

CST Lab: NVLAP 200427-0
ACOS5-64
(Hardware Version: ACOS5-64; Firmware Version: 3.00)
(When installed, initialized and configured as specified in the Security Policy Section Secure Initialization. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/20/20166/19/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3539); CVL (Cert. #591); DRBG (Cert. #893); RSA (Cert. #1816); SHS (Cert. #2917); Triple-DES (Cert. #1982); Triple-DES MAC (Triple-DES Cert. #1982, vendor affirmed)

-Other algorithms: NDRNG; Triple-DES (Cert. #1982, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single Chip

"ACOS5-64 is a hardware cryptographic module validated against FIPS 140-2 at Security Level 3. It is a two-factor authentication smart card module. It provides digital signature creation/verification for online authentication and data encryption/decryption for online transactions."
2663Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-4000

Amir Shahhosseini
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.13)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/20/2016
06/23/2016
6/22/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3931 and #3932); RSA (Certs. #2008 and #2009); HMAC (Certs. #2554 and #2555); DRBG (Certs. #1140 and 1141); SHS (Certs. #3241 and #3242); CVL (Certs. #782 and 783)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES
Multi-Chip Stand Alone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2662LG Electronics, Inc.
20 Yoido-dong
Youngdungpo-gu
Seoul 152-721
Republic of Korea

Adam Wick
TEL: 503-808-7216
FAX: 503-350-0833

Jongseong Kim
TEL: 82-10-4535-0110
FAX: 82-2-6950-2080

CST Lab: NVLAP 100432-0
LG Framework Cryptographic Module
(Software Version: 1.0.0)
(When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/17/2016
09/02/2016
9/1/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Android 5.0.1 running on an LG G3 (Model VS985)
Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3289); DRBG (Cert. #748); DSA (Cert. #943); HMAC (Cert. #2087); RSA (Cert. #1683); SHS (Cert. #2728); Triple-DES (Cert. #1874)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG; ECDSA (non-compliant); TLS KDF (non-compliant)
Multi-Chip Stand Alone

"The LG Framework Cryptographic Module is a software library that provides cryptographic functionality."
2661Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Bob Pittman
TEL: 978-264-5211
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE 6125XLG Blade Switches
(Hardware Version: HPE 6125XLG; Firmware Version: 7.1.045)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/16/20166/15/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2943 and #2990); CVL (Cert. #341); DRBG (Cert. #546); DSA (Cert. #875); HMAC (Certs. #1866 and #1896); RSA (Cert. #1546); SHS (Certs. #2479 and #2511)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The HPE Networking device is suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The device includes fixed-port L2/L3 managed Ethernet switch appliances. This device is based on the Comware 7.1 platform."
2660Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series
(Hardware Versions: MZILS3T8HCJM-000D8 [1], MZILS3T8HCJM-000G6 [2]; Firmware Versions: CXP2 [1], NA01 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/16/2016
07/22/2016
7/21/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121)

-Other algorithms: NDRNG
Multi-Chip Stand Alone

"Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase."
2659L-3 Communications, Aviation Recorders
100 Cattlemen Road
Sarasota, Florida 34232
USA

Tom Fields
TEL: 941-377-5540
FAX: 941-377-5591

Robert S. Morich
TEL: 941-371-0811, x5774
FAX: 941-377-5591

CST Lab: NVLAP 200002-0
eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module
(Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware06/16/20166/15/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): eSRVIVR® Cockpit Voice and Flight Data Recorder (Hardware version: 1493200-3000) with Nucleus PLUS 1.15.6

-FIPS Approved algorithms: AES (Cert. #3754)

-Other algorithms: N/A
Multi-Chip Embedded

"A software-based AES implementation in a Cockpit Voice and Flight Data Recorder (CVFDR) that supports 128, 192, and 256 bit key lengths. Various data types can be selected for encryption prior to being recorded in a crash-protected module."
2658Rubrik Inc.
299 South California Avenue
Suite 250
Palo Alto, CA 94046
USA

Rubrik Support

CST Lab: NVLAP 201029-0
Rubrik Cryptographic Library
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/15/20166/14/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
CentOS 6.3 on a GigaVUE-TA1
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"The Rubrik Cryptographic Library provides FIPS 140-2 validated cryptographic functions (including Suite B algorithms) for Rubrik’s Hybrid Appliances."
2657Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux libgcrypt Cryptographic Module v4.0 [1] and Red Hat Enterprise Linux libgcrypt Cryptographic Module v5.0 [2]
(Software Versions: 4.0 [1], 5.0 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software06/13/2016
07/28/2017
6/12/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with AES-NI [1]
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without AES-NI [1]
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A [1]
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions [1]
Red Hat Enterprise Linux 7.4 running on Dell PowerEdge R630 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645, #3646, #3647, #3648, #3649, #4580 and #4581); DRBG (Certs. #972, #973, #974, #975, #976, #977, #978, #979, #980, #1527 and #1528); DSA (Certs. #1017, #1018, #1019, #1020, #1021, #1214 and #1215); HMAC (Certs. #2395, #2396, #2397, #2398, #2399, #3030 and #3031); RSA (Certs. #1879, #1880, #1881, #1882, #1883, #2498 and #2499); SHS (Certs. #3062, #3063, #3064, #3065, #3066, #3756 and #3757); Triple-DES (Certs. #2030, #2031, #2032, #2033, #2034, #2433 and #2434)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; Blowfish; Camellia; Cast5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; SEED; Serpent; Tiger; Twofish; Whirlpool
Multi-Chip Stand Alone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 7.1 [1] and RHEL 7.4 [2]."
2656Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola GGM 8000 Gateway
(Hardware Versions: Base Unit P/N CLN1841E Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC); Firmware Version: KS-16.8.1.06)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2016
07/06/2016
08/29/2016
8/28/2021Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #962 and #3547); DRBG (Cert. #903); HMAC (Certs. #1487, #2265 and #2266); CVL (Certs. #603, #604 and #605); RSA (Cert. #1827); SHS (Certs. #933 and #2926); Triple-DES (Certs. #757 and #1986)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); DSA (non-compliant); RNG
Multi-Chip Stand Alone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2655Nuvoton Technology Corporation
4, Creation Road III
Hsinchu Science Park
Taiwan

Yossi Talmi
TEL: +972-9-9702364

CST Lab: NVLAP 200556-0
NPCT6XX TPM 1.2
(Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1)
(When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2016
08/19/2016
8/18/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3093 and #3468); RSA (Certs. #1582 and #1779); HMAC (Certs. #1938 and #2213); SHS (Certs. #2554 and #2863); CVL (Certs. #373 and #535)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3093 and #3468, key wrapping); RNG
Single Chip

"Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation."
2654Broadcom Ltd.
3151 Zanker Road
San Jose, CA 95134
USA

Gary Goodman
TEL: 408-922-1092
FAX: 408-922-1023

Alfonso Ip
TEL: 408-922-1023
FAX: 408-922-8050

CST Lab: NVLAP 100432-0
BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0
(Hardware Versions: P/Ns BCM58101B0, BCM58102B0 and BCM58103B0; Firmware Version: rev0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/07/2016
06/13/2016
6/12/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3762 and 3763); HMAC (Cert. #2462); SHS (Cert. #3132); DRBG (Cert. #1034); ECDSA (Cert. #807); DSA (Cert. #1045); RSA (Cert. #1936)

-Other algorithms: EC Diffe-Hellman (key agreement; key establishment methodology provides 128-bits of encryption strength); NDRNG
Single Chip

"Highly integrated, low power, security processor."
2653Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Adaptive Security Appliance (ASA) Virtual
(Software Version: 9.4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/06/2016
08/15/2016
8/14/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco C220 M3
ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco E180D M2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3911); CVL (Cert. #772); DRBG (Cert. #1126); ECDSA (Cert. #854); HMAC (Cert. #2540); RSA (Cert. #1995); SHS (Cert. #3223); Triple-DES (Cert. #2147)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2652Vormetric, Inc.
2860 Junction Ave
San Jose, CA 95134
USA

Peter Tsai
TEL: (669) 770-6927
FAX: (408) 844-8638

Steve He
TEL: (669) 770-6852
FAX: (408) 844-8638

CST Lab: NVLAP 200002-0
Vormetric Data Security Manager Module
(Hardware Version: 3.0; Firmware Version: 5.3.0)
(When Operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/06/20166/5/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3499 and #3536); SHS (Certs. #2887, #2914 and #2915); HMAC (Certs. #2234, #2259 and #2260); RSA (Cert. #1796); ECDSA (Cert. #712); DRBG (Cert. #869); CVL (Certs. #589 and #590); KTS (AES Cert. #3499 and HMAC Cert. #2234)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); Triple-DES (non-compliant); MD5; Aria; SSH KDF (non-compliant); NDRNG
Multi-Chip Stand Alone

"The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
2651Huawei Technologies Co., Ltd.
Huawei Industrial Base, Bantian Longgang
Shenzhen, Guangdong 518129
China

blue.li@huawei.com
TEL: 0086-0755-28976679
FAX: 0086-0755-28976679

CST Lab: NVLAP 200856-0
Huawei FIPS Cryptographic Library (HFCL)
(Software Version: V300R003C22SPC805)
(When installed, initialized and configured as specified in the Security Policy Section 6.1. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/03/20166/2/2021Overall Level: 2

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): DELL PowerEdge T110 II Intel Pentium w/ RHEL 5.3 evaluated at EAL4

-FIPS Approved algorithms: AES (Cert. #3477); Triple-DES (Cert. #1960); DSA (Cert. #984); RSA (Cert. #1785); ECDSA (Cert. #707); SHA (Cert. #2872); DRBG (Cert. #857); HMAC (Cert. #2221); CVL (Certs. #551 and #552)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength)
Multi-Chip Stand Alone

"Huawei FIPS Cryptographic Library (HFCL) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)."
2650Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/02/2016
08/15/2016
8/14/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #3439); CVL (Cert. #525); DRBG (Certs. #332 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247 and #2188); RSA (Cert. #1760); SHS (Certs. #1794 and #2839); Triple-DES (Certs. #1321 and #1937)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes."
2649Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® ICX ™ 6610 and ICX 7450 Series
(Hardware Versions: {ICX6610-24F-I (80-1005350-04), ICX6610-24F-E (80-1005345-04), ICX6610-24-I (80-1005348-05), ICX6610-24-E (80-1005343-05), ICX6610-24P-I (80-1005349-06), ICX6610-24P-E (80-1005344-06), ICX6610-48-I (80-1005351-05), ICX6610-48-E (80-1005346-05), ICX6610-48P-I (80-1005352-06), ICX6610-48P-E (80-1005347-06), ICX7450-24 (80-1008060-01), ICX7450-24P (80-1008061-01), ICX7450-48 (80-1008062-01), ICX7450-48P (80-1008063-01), ICX7450-48F (80-1008064-01), with Components (80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1008308-01; 80-1008309-01; 123400000829A-R01; 123400000830A-R01; 123400000833A-R01)} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b)
(When operated in FIPS mode with tamper evident labels installed and with configurations as defined in Table 5 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/27/2016
07/14/2016
7/13/2021Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1197, #1269, #1276, #2697, #2981, #2984, #3008, #3139, #3142 and #3438); KTS (AES Certs. #2984 and #3438; key establishment methodology provides 128 bits of encryption strength); SHS (Certs. #2265 and #2505); HMAC (Certs. #1679 and #1890); DRBG (Certs. #442 and #569); RSA (Certs. #1396 and #1565); CVL (Certs. #161, #362, #386, #388, #390 and #400); KBKDF (Certs. #36 and #58); Triple-DES (Certs. #1617 and #1764); DSA (Certs. #819 and #887)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; DSA (non-compliant); Triple-DES (non-compliant)
Multi-Chip Stand Alone

"The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. The Brocade 7450 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments."
2648NetApp, Inc.
495 E. Java Drive
Sunnyvale, CA 94089
USA

CST Lab: NVLAP 201029-0
NetApp Cryptographic Security Module
(Software Version: 1.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/27/2016
06/10/2016
6/9/2021Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): SUSE Linux 11 operating on Fujitsu RX300-S6 Server with Intel Xeon
SUSE Linux 11 operating on Fujitsu RX200S5 Server with Intel Xeon
FreeBSD 9.1 operating on Fujitsu RX300-S6 Server with Intel Xeon
FreeBSD 9.1 operating on Fujitsu RX200S5 Server with Intel Xeon
Debian Linux 8 operating on Fujitsu RX300-S6 Server with Intel Xeon
Debian Linux 8 operating on Fujitsu RX200S5 Server with Intel Xeon
Scientific Linux 6.1 operating on Fujitsu RX300-S6 Server with Intel Xeon
Scientific Linux 6.1 operating on Fujitsu RX200S5 Server with Intel Xeon.

-FIPS Approved algorithms: AES (Cert. #3593); CVL (Cert. #615); DRBG (Cert. #928); DSA (Cert. #998); ECDSA (Cert. #732); HMAC (Cert. #2290); RSA (Cert. #1847); SHS (Cert. #2955); Triple-DES (Cert. #2000)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #615, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength)
Multi-Chip Stand Alone

"The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products."
2647SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYCOS® 3.0 QFN
(Hardware Version: 742100004F; Firmware Version: 3.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/25/20165/24/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3115); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Single Chip

"SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications."
2646Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Bumhan Kim
TEL: +82-10-9397-1589

Brian Wood
TEL: +1-973-440-9125

CST Lab: NVLAP 200658-0
Samsung Flash Memory Protector V1.1
(Hardware Version: 3.0.1; Software Version: 1.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid05/13/20165/12/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android Marshmallow 6.0.1 running on Samsung Galaxy S7 edge (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3839); SHS (Cert. #3163); HMAC (Cert. #2490)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services."
2645Harris Corporation
Communication Systems Division
1680 University Avenue
Rochester, NY 14610
USA

Esther Betancourt
TEL: 585-242-3635
FAX: 585-241-8459

Eric Hackett
TEL: 585-241-8168
FAX: 585-241-8459

CST Lab: NVLAP 200928-0
RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Versions: 4.10 and 5.00)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in Section 2.4 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/13/2016
12/02/2016
12/09/2016
12/8/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3530 and #3581); Triple-DES (Cert. #1993); DRBG (Cert. #920); SHS (Cert. #2943); HMAC (Cert. #2281); RSA (Cert. #1842); DSA (Cert. #994); KAS (Cert. #69); CVL (Cert. #609)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG
Multi-Chip Stand Alone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2644Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+
(Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2643Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F2 500+, nShield F2 1500+ and nShield F2 6000+
(Hardware Versions: nC3423E-500, nC3423E-1K5 and nC3423E-6K0, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+, nShield F2 6000+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2642Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N; Firmware Version: 2.61.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
2641Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3023E-010, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The nShield modules: nShield F2 10e, nShield F2 500e, nShield F2 1500e, nShield F2 6000e are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2640Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-010, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.61.2-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Certs. #516 and #532); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The nShield modules: nShield F3 10e, nShield F3 500e, nShield F3 1500e, nShield F3 6000e, nShield F3 500e for nShield Connect, nShield F3 1500e for nShield Connect, nShield F3 6000e for nShield Connect are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2639Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
MiniHSM, MiniHSM for nShield Edge F3, and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200, Build Standard N; Firmware Version: 2.61.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The MiniHSM, MiniHSM for nShield Edge F3 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
2638Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+
(Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/20165/12/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2637Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B or 910-000117-00A Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6], and 920-000112-00A Rev. A [7]; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016
09/08/2016
9/7/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870)

-Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2636Redline Communications
302 Town Centre Blvd.
4th Foor
Markham, ON L3R 0E8
Canada

Andrew Spurgeon
TEL: 905-479-8344
FAX: 905-479-5331

CST Lab: NVLAP 200928-0
RDL-3000 and eLTE-MT
(Hardware Versions: RDL-3000, eLTE-MT; Firmware Version: 3.1)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/13/20165/12/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3469 and #3472); DRBG (Cert. #854); SHS (Certs. #2866 and #2867); HMAC (Certs. #2216 and #2217); RSA (Cert. #1780); DSA (Cert. #981); KAS (Cert. #63); ECDSA (Cert. #703); CVL (Cert. #541)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The RDL-3000, Elte-MT Broadband Wireless Systems by Redline Communications leverage proven orthogonal frequency-division multiplexing (OFDM) technology to deliver high-speed Ethernet throughput over wireless links."
2635Ciena® Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Packet-Optical Platform 4x10G
(Hardware Versions: 2.0 and 3.0; Firmware Version: 2.00)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016
08/15/2016
8/14/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3599 and #3600); Triple-DES (Cert. #2004); SHS (Cert. #2962); HMAC (Cert. #2297); DRBG (Cert. #933); RSA (Cert. #1851); ECDSA (Cert. #735); CVL (Cert. #623)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG
Multi-Chip Embedded

"The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering."
2634Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC 1200.2 SSD Self-Encrypting Drive
(Hardware Versions: ST400FM0293, ST800FM0213, ST1600FM0023 and ST3200FM0043; Firmware Versions: 3504, 0204, 0205, 0206, FF15, C206, 0207 and FF19)
(When installed, initialized and configured as specified in Section 7 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016
10/25/2016
08/31/2017
10/24/2021Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841)

-Other algorithms: NDRNG
Multi-Chip Embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate 1200.2 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2633Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux OpenSSH Client Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/12/2016
06/17/2016
6/16/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #700, #701 and #702)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2632SonicWall, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
SonicWALL SM 9800
(Hardware Versions: P/N 101-500380-71, Rev. A; Firmware Version: SonicOS v6.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/12/2016
06/12/2017
5/11/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3403); Triple-DES (Cert. #1925); SHS (Cert. #2816); DSA (Cert. #960); RSA (Cert. #1742); HMAC (Cert. #2171); DRBG (Cert. #815); CVL (Cert. #503)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; NDRNG; MD5; RC4; RSA (non-compliant)
Multi-Chip Stand Alone

"The SonicWALL™ SuperMassive™ Series is SonicWALL's Next-Generation Firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency."
2631Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633

CST Lab: NVLAP 200928-0
Intel OpenSSL FIPS Object Module
(Software Versions: 2.0.5 and 2.0.8)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/03/20165/2/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3)
Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3)
Linux 3.10 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3)
Linux 3.10 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3)

-FIPS Approved algorithms: AES (Certs. #3848 and #3849); DRBG (Certs. #1092 and #1093); DSA (Certs. #1051 and #1052); HMAC (Certs. #2496 and #2497); RSA (Certs. #1965 and #1966); SHS (Certs. #3170 and #3171); Triple-DES (Certs. #2119 and #2120); ECDSA (Certs. #831 and #832); CVL (Certs. #735 and #736)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant); Dual EC DRBG
Multi-Chip Stand Alone

"The Intel OpenSSL FIPS Object Module provides cryptographic services for Intel Security products."
2630Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux OpenSSH Server Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/02/2016
06/17/2016
6/16/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #700, #701 and #702)

-Other algorithms: N/A
Multi-Chip Stand Alone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2629Zebra Technologies Corporation
One Zebra Plaza
Holtsville, NY 11742
USA

Brian Stormont
TEL: 401-276-5751
FAX: 401-276-5889

Gerry Corriveau
TEL: 401-276-5667
FAX: 401-276-5889

CST Lab: NVLAP 100432-0
ZBR-88W8787-WLAN
(Hardware Versions: P/N: 88W8787, Version 1.0; Firmware Version: Marvell Firmware Version 14.66.35.p51; Zebra Driver Firmware Version 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid05/01/20164/30/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Zebra QLn320 Printer with QNX 6.5.0

-FIPS Approved algorithms: AES (Cert. #3003); HMAC (Cert. #2248); SHS (Cert. #2902)

-Other algorithms: SAFER+
Multi-Chip Stand Alone

"The ZBR-88W8787-WLAN Module implements cryptographic support for Zebra wireless devices."
2628Giesecke+Devrient Mobile Security GmbH
Prinzregentenstrasse 159
Munich D-81677
Germany

Alexander Summerer
TEL: +49-89/4119-2418
FAX: +49-89/4119-2819

Steffen Heinrich
TEL: +49-89/4119-2453

CST Lab: NVLAP 100432-0
StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element
(Hardware Version: SLE78CUFX5000PH (M7893 B11); Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/2016
07/03/2017
4/27/2021Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: DRBG (Cert. #455); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed); AES (Certs. #2720 and #2721); SHS (Certs. #2288, #2289 and #2290); RSA (Certs. #1506 and #1507); DSA (Cert. #837); ECDSA (Cert. #476); KBKDF (Cert. #18); CVL (Cert. #177)

-Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG
Single Chip

"StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element is a highly secured and integrated smartcard-based platform from Giesecke & Devrient complying with JavaCard Classic 3.0.4 and GlobalPlatform 2.2.1 standards.The Sm@rtCafé Expert 7.0 OS-platform is deployed in national ID, ePassport, authentication and digital signature programs with match-on-card biometric verification.StarSign Crypto-USB Token S is the ideal platform in a USB-Token form factor for secure logical access, online tax declaration, web based online authentication applications using FIDO and certificate"
2627Nuvoton Technology Corporation
4, Creation Road III
Hsinchu Science Park
Taiwan

Yossi Talmi
TEL: +972-9-9702364

CST Lab: NVLAP 200556-0
NPCT6XX TPM 2.0
(Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 1.3.0.1, 1.3.1.0, 1.3.2.8)
(When installed, initialized, and configured as specified in the Security Policy Section 8 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/2016
08/25/2016
03/14/2017
8/24/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3541 and #3542); CVL (Certs. #593, #594, #595, and #596); KAS (Certs. #66 and #67); ECDSA (Certs. #719 and #720); DRBG (Certs. #898 and #899); HMAC (Certs. #2262 and #2263); RSA (Certs. #1819 and #1820); SHS (Certs. #2919 and #2920)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3541 and #3542, key wrapping, key establishment methodology provides 128 bits of encryption strength)
Single Chip

"Nuvoton NPCT6XX TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation."
2626Century Longmai Technology Co. Ltd
3rd Floor, Gongkong Building
No. 1 Wangzhuang Rd
Haidian District
Beijing, Vendor State 100083
China

Lemon Yang
TEL: +86 13810314817
FAX: +86 10 62313636

CST Lab: NVLAP 200658-0
mToken CryptoID
(Hardware Version: SCC-X; Firmware Version: 3.11)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/14/20164/13/2021Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1994); AES (Cert. #3582); SHS (Cert. #2944); DRBG (Cert. #921); ECDSA (Cert. #728); RSA (Cert. #1843); HMAC (Cert. #2282); KAS (Cert. #70); CVL (Cert. #610); KAS (SP 800-56Arev2 with CVL Cert. #610, vendor affirmed); KTS (Triple-DES Cert. #1994); KTS (AES Cert. #3582)

-Other algorithms: SHS (non-compliant); RSA (key wrapping; non-compliant less than 112 bits of encryption strength); HMAC (non-compliant); NDRNG
Multi-Chip Stand Alone

"mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with computer device via USB interface in a "plug and play" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc."
2625ECI Telecom Ltd.
30, Hasivim Street
Petach Tikvah 49517
Israel

Milind Barve
TEL: +91-9987537250
FAX: +972-3-928-7100

CST Lab: NVLAP 200556-0
ECI TR10_4EN Encryption Module
(Hardware Versions: Board-Type=0x856B, Revision# D3; Firmware Version: R6.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/20164/27/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3551, #3552 and #3576)

-Other algorithms: AES (Cert. #3552, key wrapping)
Multi-Chip Embedded

"TR10_4EN is a ‘1U’ sized card that fits into ECI’s Apollo chassis."
2624Siemens PLM Software Inc.
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA

Vikas Singh
TEL: 651-855-6176

CST Lab: NVLAP 200427-0
Teamcenter Cryptographic Module
(Software Version: 3.0)
(When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/27/20164/26/2021Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 SP1 (x86 32-bit) running on an HP Compaq Pro 6305
Windows 7 SP1 (x64) running on an HP Compaq Pro 6305
SUSE Linux 11.2 (x64) running on an HP Compaq Pro 6305
Mac OS X 10.11 (x64) running on a Mac Mini (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3680); CVL (Cert. #676); DRBG (Cert. #988); DSA (Cert. #1037); ECDSA (Cert. #774); HMAC (Cert. #2426); RSA (Cert. #1901); SHS (Cert. #3094); Triple-DES (Cert. #2058)

-Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (CVL Cert. #676, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
2623Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043
USA

Ravi Mahendrakar

CST Lab: NVLAP 201029-0
Veritas Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/25/2016
05/10/2016
5/9/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"The Veritas Cryptographic Module from Veritas provides cryptographic services which are used to encrypt the data at rest and in the secure communication with a trusted third party."
2622SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - NSS Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/22/20164/21/2021Overall Level: 2

-Physical Security: N/A
-Tested Configuration(s): SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3452); Triple-DES (Cert. #1943); DSA (Cert. #971); ECDSA (Cert. #699); RSA (Cert. #1767); SHS (Cert. #2848); HMAC (Cert. #2198); DRBG (Cert. #846)

-Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Cert. #3452, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1943, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE
Multi-Chip Stand Alone

"SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications."
2621Forcepoint
10900-A Stonelake Blvd.
Quarry Oaks 1
Ste. 350
Austin, TX 78759
USA

Matt Sturm
TEL: 858-320-9444

CST Lab: NVLAP 201029-0
Websense C Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/21/20164/20/2021Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG
Multi-Chip Stand Alone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense C Crypto Module provides support for cryptographic and secure communications services for these solutions."
2620Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
Palo Alto Networks VM-Series
(Software Versions: 7.0.1-h4, 7.0.3 or 7.0.8)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/21/2016
09/08/2016
9/7/2021Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): VMware ESXi 5.5 running on PA-VM-ESX-7.0.1.ova or PA-VM-NSX-7.0.1.ova
CentOS 6.5 - KVM running on PA-VM-KVM-7.0.1.qcow2
Citrix XenServer 6.1.0 running on PA-VM-SDX-7.0.1.xva (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3501); CVL (Certs. #568, #569, #570 and #571); DRBG (Cert. #871); ECDSA (Cert. #714); HMAC (Cert. #2235); RSA (Cert. #1797); SHS (Cert. #2888)

-Other algorithms: AES (Cert. #3501, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #569, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features."
2619Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

Ammath Keunemany
TEL: 408-882-4615

CST Lab: NVLAP 200996-0
Vocera Cryptographic Module v3.0
(Hardware Version: 88W8787; Firmware Version: 3.0; Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid04/19/20164/18/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Vocera Embedded Linux Version 3.0 running on a B3000n badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3531 and #3532); HMAC (Cert. #2257); SHS (Cert. #2912); RSA (Cert. #1815); DRBG (Cert. #888); CVL (Cert. #586)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5
Multi-Chip Stand Alone

"Vocera B3000n Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000n Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2618Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances
(Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.4.3)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/19/2016
08/10/2016
8/9/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #3439); CVL (Cert. #525); DRBG (Certs. #332, #336, #819 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247, #1514, #2095 and #2188); RSA (Cert. #1760); SHS (Certs. #1794, #2091, #2737 and #2839); Triple-DES (Certs. #1321, #1513, #1881 and #1937)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2617Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-4000

Amir Shahhosseini
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
WildFire WF-500
(Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.0.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/18/20164/17/2021Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3475); RSA (Cert. #1782); ECDSA (Cert. #713); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; Triple-DES (non-compliant); CAST; ARCFOUR; Blowfish; Camellia; SEED; RC2; RC4; HMAC-MD5; UMAC; HMAC-RIPEMD
Multi-Chip Stand Alone

"WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks"
2616Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-3060 and PA-7080 Firewalls
(Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B or 910-000117-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Versions: 7.0.1-h4, 7.0.3 or 7.0.8)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/18/2016
09/08/2016
9/7/2021Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3475); CVL (Certs. #564, #565, #566 and #567); DRBG (Cert. #870); ECDSA (Cert. #713); HMAC (Cert. #2220); RSA (Cert. #1782); SHS (Cert. #2870)

-Other algorithms: AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength); Blowfish; Camellia; CAST; HMAC-MD5; HMAC-RIPEMD; RC4; RIPEMD; SEED; Triple-DES (non-compliant); UMAC
Multi-Chip Stand Alone

"The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures."
2615Mojo Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0
AirTight Wireless Sensor
(Hardware Versions: C-75 and C-75-E with Tamper Evident Seal Kit: C-TPL-A; Firmware Version: 7.2.FIPS.04)
(When operated in FIPS mode and with tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/12/2016
04/14/2016
04/15/2016
04/19/2016
4/18/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3766); CVL (Cert. #710); DRBG (Cert. #1036); HMAC (Cert. #2465); KBKDF (Cert. #77); KTS (AES Cert. #3766 and HMAC Cert. #2465; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1937); SHS (Cert. #3135)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG
Multi-Chip Stand Alone

"The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
2614Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Crypto Engine Core
(Hardware Version: 5.3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/11/20164/10/2021Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1980); AES (Cert. #3526); SHS (Cert. #2909); HMAC (Cert. #2254)

-Other algorithms: DES; AEAD
Single Chip

"QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments."
2613Nokia Corporation
600 March Road
Ottawa, ON K2K 2E6
Canada

Carl Rajsic

CST Lab: NVLAP 200556-0
SR-OS Cryptographic Module
(Firmware Version: 13.0R4)
(When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware04/11/20164/10/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): SR-OS 13.0R4 on CPM-7950 XRS-20 CPM
SR-OS 13.0R4 on CPM-7950 XRS-16 CPM
SR-OS 13.0R4 on CPM-7750 SR CPM5
SR-OS 13.0R4 on CFP-7750 SR-c12 CFM-XP-B
SR-OS 13.0R4 on CPM-7750 SR-a

-FIPS Approved algorithms: AES (Cert. #3484); Triple-DES (Cert. #1965); RSA (Cert. #1789); HMAC (Cert. #2226); SHS (Cert. #2878); DRBG (Cert. #861); DSA (Cert. #985); CVL (Cert. #560)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it."
2612Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Pseudo Random Number Generator
(Hardware Version: 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2016
06/12/2017
4/7/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: DRBG (Cert. #885); SHS (Certs. #2908 and #2930)

-Other algorithms: NDRNG
Single Chip

"QTI Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG."
2611Silent Circle
4210 Fairfax Corner West Ave.
Suite 215
Fairfax, VA 22033
USA

Eric Carter

All