CMVP Main PageLast Updated: 8/31/2017
The Historical list includes modules that Federal Agencies should not include in new procurements. This does not mean that the overall FIPS-140 certificates for these modules have been revoked, rather it indicates that the certificates and the documentation posted with them are more than 5 years and have not been updated to reflect latest guidance and/or transitions, and may not accurately reflect how the module can be used in FIPS mode (see SP800-131A Revision 1 Transitions below). Agencies may make a risk determination on whether to continue using the modules on this list based on their own assessment of where and how the module is used.
The SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths dated November 2015 provision addressing the RNG transition went into effect January 1, 2016. After 2015, the use of the RNGs specified in FIPS 186-2, [ANSI X9.31] and the 1998 version of [ANSI X9.62] are disallowed. Therefore, all the RNG implementations that were previously validated are non-compliant, and any algorithms reliant on the output of these RNGs are also non-compliant. Modules that include an RNG as a FIPS Approved algorithm have been moved to this list. The modules on this list are not to be used for procurement by federal agencies. Please see CMVP Notice dated 11-24-2015 for more details. This does not mean that the overall FIPS-140 certificate has been revoked, rather it indicates that the certificate and the documentation posted with it do not accurately reflect how the module can be used in FIPS mode. Agencies may make a risk determination on whether to continue using the modules on this list based on their own assessment of where and when the RNG is used by the module.
| Cert# | Vendor / CST Lab | Cryptographic Module | Module Type | Validation Date | Level / Description |
|---|---|---|---|---|---|
| 2516 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0840 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade VDX 6740, VDX 6740T and VDX 8770 Switches (Hardware Versions: {[BR-VDX8770-4-BND-AC (80-1005850-02), BR-VDX8770-4-BND-DC (80-1006532-03), BR-VDX8770-8-BND-AC (80-1005905-02), BR-VDX8770-8-BND-DC (80-1006533-03)] with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006431-01 and 80-1006429-01), BR-VDX6740-24-F (80-1007295-01), BR-VDX6740-24-R (80-1007294-01), BR-VDX6740-48-F (80-1007483-01), BR-VDX6740-48-R (80-1007481-01), BR-VDX6740-64-ALLSW-F (80-1007484-01), BR-VDX6740-64-ALLSW-R (80-1007482-01), BR-VDX6740T-24-F (80-1007273-01), BR-VDX6740T-24-R (80-1007274-01), BR-VDX6740T-48-F (80-1007485-01), BR-VDX-6740T-48-R (80-1007487-01), BR-VDX6740T-64-ALLSW-F (80-1007486-01), BR-VDX6740T-64-ALLSW-R (80-1007488-01), BR-VDX6740T-56-1G-R (80-1007863-03) and BR-VDX6740T-56-1G-F (80-1007864-03)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Network OS (NOS) v5.0.0 P/N: 63-1001501-01) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/29/2015 01/26/2016 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: Triple-DES (Cert. #1745); AES (Cert. #2937); SHS (Cert. #2473); HMAC (Cert. #1861); RNG (Cert. #1296); RSA (Cert. #1540); ECDSA (Cert. #530); CVL (Cert. #338); EC Diffie-Hellman (CVL Cert. #337, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; Triple-DES (non-compliant); BLOWFISH; CAST128; ARCFOUR; HMAC-MD5; HMAC-SHA-1 (non-compliant); UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96; SNMPv3 KDF (non-compliant); SHA-1 (non-compliant); MD5; SHA-256 (non-compliant); NDRNG; EC Diffie-Hellman (CVL Cert. #337, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-Chip Stand Alone "The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments." |
| 2513 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade(R) DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch, 7800 and 7840 Extension Switch (Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02), 7840 (P/N 80-1008000-01)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.3.0 (P/N 63-1001447-01)) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/24/2015 04/21/2016 | Overall Level: 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2876, #2892 and #2893); CVL (Certs. #311, #312, #318, #319, #320 and #321); ECDSA (Certs. #518, #522 and #523); HMAC (Certs. #1814, #1828 and #1829); RNG (Certs. #1284, #1288 and #1289); RSA (Certs. #1514, #1522 and #1523); SHS (Certs. #2417, #2435 and #2436); Triple-DES (Certs. #1719, #1723 and #1724) -Other algorithms: EC Diffie-Hellman (CVL Certs. #311, #318 and #320, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; ARCFOUR; Triple-DES (non-compliant); BLOWFISH; CAST128; HMAC-MD5; HMAC-SHA-1 (non-compliant); UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96; MD5; SHA-1 (non-compliant); SHA-256 (non-compliant); SNMPv3 KDF (non-compliant); HMAC-SHA-512 (non-compliant); NDRNG Multi-Chip Stand Alone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2512 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 CANADA Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie F-IMB 4K Integrated Media Block (IMB) (Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4217) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2015 06/27/2016 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2042 and #2043); CVL (Cert. #97); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); SHS (Certs. #1788 and #1789) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH Multi-Chip Embedded "The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material." |
| 2477 | Dolby Laboratories, Inc. 1020 Chestnut St. Burbank, CA 91506 USA Jean-Philippe Viollet TEL: 818-524-2956 Camille Rizko TEL: 818-524-2957 CST Lab: NVLAP 200802-0 | IMS-SM (Hardware Versions: IMS-SM-C1 [A], IMS-SM-C2 [A], IMS-SM-E1 [A], IMS-SM-E2 [A], IMS2-SM-C1 [A], IMS2-SM-C2 [A] and IMS2-SM-C3 [A]; Firmware Versions: (4.4.1-0, 4.2.0-3 and 6.0.12d-0) [A]) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/23/2015 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #2974, #2975, #2976 and #2996); KTS (AES Cert. #2996; key establishment methodology provides 128 bits of encryption strength); HMAC (Cert. #1897); SHS (Cert. #2500); RNG (Certs. #1300 and #1301); RSA (Certs. #1567, #1568 and #1569); CVL (Cert. #365) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; HMAC-MD5; TI ECDH Multi-Chip Embedded "The IMS-SM is the Security Manager module present in the Dolby Laboratories, Inc. IMS1000 (for hardware models IMS-SM-C1, IMS-SM-C2, IMS-SM-E1 and IMS-SM-E2) or IMS2000 (for hardware models IMS2-SM-C1, IMS2-SM-C2, IMS2-SM-C3) that can be hosted inside D-Cinema DLP projectors. It supports highest JPEG-2000 decoding capabilities and accepts alternative content as well." |
| 2439 | Nuvoton Technology Corporation 4, Creation Road III Hsinchu Science Park Taiwan Yossi Talmi TEL: +972-9-9702364 CST Lab: NVLAP 200556-0 | NPCT6XX TPM 1.2 (Hardware Versions: FB5C85D IN TSSOP28 PACKAGE and FB5C85D IN QFN32 PACKAGE; Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1) (When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/03/2015 08/15/2016 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3093); RSA (Cert. #1582); HMAC (Cert. #1938); SHS (Cert. #2554); RNG (Cert. #1315); CVL (Cert. #373) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; RSA (non-compliant); AES (Cert. #3093, key wrapping) Single-chip "Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation." |
| 2437 | HID Global 6623 Dumbarton Circle Fremont, CA 94555 USA Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 CST Lab: NVLAP 100432-0 | HID Global ActivID Applet Suite v2.6.2B on Oberthur Technologies ID-One Cosmo V7 (Hardware Versions: P/Ns B0, BA, C4 and C7; Firmware Version: FC10 / 069778 with HID Global ActivID Applet Suite Version 2.6.2B.7) (When operated with module Oberthur ID-One Cosmo V7-n validated to FIPS 140-2 under Cert. #1236 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/26/2015 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403) -Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "This product combines the Oberthur Technologies ID-One Cosmo V7 card loaded with the HID Global ActivID Applet Suite v2.6.2B. The smart card is a JC2.2.2 & GP2.1.1 compliant dual-interface module. HID ActivID Applet framework works over dual-interface and supports GSC-IS v2.1 specifications. The product supports secure issuance and post-issuance along with SMA protocol (secure messaging) for FIPS 140-2 L3 and One Time Password generation. The combined product is suitable for government and corporate deployments." |
| 2436 | Huawei Device (Dongguan) Co. Ltd. B2-5 of Nanfang Factory No.2 of Xincheng Rd Songshan Lake Science & Technology Industrial Zone Dongguan, Guangdong 523808 China Mr. Hongtailiang TEL: 86-755-36376922 Mr. Blue Lee TEL: 86-755-28976679 CST Lab: NVLAP 100414-0 | EDK Management Module (Software Version: P7-L00V100R001C17B210) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/26/2015 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Emotion UI 2.3, Android 4.4.2 on Huawei P7 mobile phone (single user mode) -FIPS Approved algorithms: AES (Certs. #2967 and #3178); HMAC (Cert. #1881); PBKDF (vendor affirmed); RNG (Cert. #1299); SHS (Cert. #2495) -Other algorithms: N/A Multi-chip standalone "The Huawei EDK Management Module provides cryptographic services for applications/services running on Huawei mobile phones." |
| 2424 | Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA Verl Day TEL: 319-295-8545 Ron Broden TEL: 319-263-1116 CST Lab: NVLAP 200002-0 | DVP-200 (Hardware Versions: 822-2506-002 (Rev B or Rev C), 822-2506-003 (Rev B or Rev C) and 822-2506-004 (Rev C or Rev D); Firmware Versions: 811-4562-004 and 811-4563-002) (The module generates cryptographic keys whose strengths are modified by availableentropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/11/2015 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1504); RNG (Cert. #817); SHS (Cert. #1352) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); AES (Cert. #1504, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #1504; non-compliant) Multi-chip standalone "The DVP-200 is data and voice (audio) encryption unit. The DVP uses 128-bit AES for encryption. Public key exchanges and over-the-air rekey capable. Digital voice encoding/decoding to NATO STANAG 4591 MELPe at 2400 and 1200 bps. The DVP's internal modem is configurable from 75 bps through 2400 bps. Data rates through 19200 bps are obtainable using an external modem." |
| 2418 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Paul Tucker TEL: 512-432-2626 Freddy Mercado TEL: 512-432-2947 CST Lab: NVLAP 200427-0 | TippingPoint Intrusion Prevention System (Hardware Version: S6100N; Firmware Version: 3.8.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/30/2015 08/14/2015 12/09/2015 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #3214); CVL (Cert. #438); HMAC (Cert. #2027); RNG (Cert. #1347); RSA (Cert. #1637); SHS (Cert. #2662); Triple-DES (Cert. #1829) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2412 | CellTrust® Corporation 20701 N. Scottsdale Rd Suite #107-451 Scottsdale, AZ 85255 USA Behnam B. Shariati TEL: 301-237-6761 CST Lab: NVLAP 200427-0 | CellTrust Cryptographic Module (CTCM) (Software Version: 2.0) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/22/2015 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6) Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6) Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1) Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1) (single-user mode) -FIPS Approved algorithms: AES (Certs. #2234 and #3090); CVL (Certs. #49 and #372); DRBG (Certs. #264 and #607); DSA (Certs. #693 and #896); ECDSA (Certs. #378 and #558); HMAC (Certs. #1363 and #1937); RNG (Certs. #1119 and #1314); RSA (Certs. #1145 and #1581); SHS (Certs. #1923 and #2553); Triple-DES (Certs. #1398 and #1780) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The CellTrust Cryptographic Module v2.0 (CTCM) is part of CellTrust Trusted Foundation that performs cryptographic operations for transmission and storage of sensitive information. The CTCM is classified by FIPS 140-2 as a software module, multi-chip standalone module embodiment. FIPS is Federal Information Processing Standards developed by the United States federal government." |
| 2406 | Digicine Oristar Technology Development (Beijing) Co., Ltd. No.1 Di Sheng West Street, BDA, Da Xing District Beijing 100176 China Mr. Xiao, liqun TEL: +86-010-8712 9372 FAX: +86-010-8712 7010 Dr. Sun, Xiaobin TEL: +86-010-8712-9111 FAX: +86-010-8712 7010 CST Lab: NVLAP 100432-0 | AQ42-M (Hardware Version: 2.0.0; Firmware Version: 1.3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2932, #2933 and #2934); SHS (Certs. #2468, #2469, #2470 and #2471); HMAC (Certs. #1858 and #1859); RSA (Certs. #1537 and #1538); RNG (Certs. #1293, #1294 and #1295); CVL (Cert. #333) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5 Multi-chip embedded "AQ42-M is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system." |
| 2399 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | Dell SonicWALL NSA Series 2600, 3600, 4600, 5600 (Hardware Versions: P/Ns 101-500362-63, Rev. A (NSA 2600), 101-500338-64, Rev. A (NSA 3600), 101-500365-64, Rev. A (NSA 4600), 101-500360-65, Rev. A (NSA 5600); Firmware Version: SonicOS v6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/29/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2756); Triple-DES (Cert. #1657); SHS (Cert. #2322); DSA (Cert. #843); RSA (Cert. #1444); RNG (Cert. #1269); HMAC (Cert. #1727); DRBG (Cert. #466); CVL (Cert. #226) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RSA (non-compliant) Multi-chip standalone "Enterprise-class security and performance made afordable for small- to medium-sized business. The NSA Series offers industry leading next-generation firewall protection, performance, and scalability. A suite of tools, including intrusion prevention, gateway anti-virus, and anti-spyware plus application intelligence and control, offer granular control through application blocking, bandwidth management and more." |
| 2384 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch and 7800 Extension Switch (Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.1 (P/N 63-1001421-01)) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3 and 5 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #1252 and #1253); RSA (Certs. #1389 and #1390); CVL (Certs. #157 and #158) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bit of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; BLOWFISH-CBC; CAST128; ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-MD5-96; HMAC-SHA-1-96 (non-compliant) Multi-chip standalone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2383 | Hewlett-Packard Company 11445 Compaq Center Dr. West Houston, TX 77070-1433 USA Phillip M O’Hara TEL: 832-502-6181 FAX: 281-514-1325 Sandeep KS TEL: +91 80 251 65431 CST Lab: NVLAP 200802-0 | HP Virtual Connect 16Gb 24-Port FC Module (Hardware Version: 40-1000779-08 Rev C (80-1007799-04); Firmware Version: VC 4.41) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/21/2015 07/06/2015 | Overall Level: 1 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1596); HMAC (Cert. #934); RNG (Cert. #1252); RSA (Cert. #1389); SHS (Cert. #1408); Triple-DES (Cert. #1043); CVL (Certs. #157 and #363); ECDSA (Cert. #548) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); MD5; NDRNG Multi-chip embedded "The HP Virtual Connect 16Gb 24-Port FC Module is an embedded blade that meets FIPS 140-2 Level 1 security requirements, and is designed to be embedded inside HP BladeSystem c-Class enclosures." |
| 2378 | ChaseSun Information Security Technology Development (Beijing) Co., Ltd. North Building 13, Xindacheng Plaza, 197# Guangzhou Road, Yuexiu District Guangzhou 510075 China Peng Sun TEL: +86-20-22387717 FAX: +86-20-22387717 CST Lab: NVLAP 200802-0 | ChaseSun CS100 (Hardware Version: 1.0.0; Firmware Version: 1.0.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/19/2015 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2977 and #2978); RSA (Cert. #1563); SHS (Certs. #2501 and #2502); RNG (Certs. #1302 and #1336); HMAC (Certs. #1886 and #1887); CVL (Cert. #359) -Other algorithms: RSA (key wrapping; key establishment provides 112 bits of encryption strength); MD5; NDRNG Multi-chip embedded "The ChaseSun CS100 Cryptographic Module is a multi-chip embedded cryptographic module designed to decrypt and decode audio/video data for a digital cinema projector." |
| 2359 | DataLocker Inc. 7007 College Blvd Suite 240 Overland Park, KS 66211 USA Jay Kim TEL: 913-310-9088 CST Lab: NVLAP 100432-0 | IronKey H350 (Hardware Versions: P/Ns MXKB1B500G5001FIPS, MXKB1B001T5001FIPS, and MXKB1B002T5001FIPS; Firmware Version: 1.0.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/13/2015 10/20/2015 03/22/2016 03/22/2016 03/23/2016 | Overall Level: 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): N/A -FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-Chip Stand Alone "IronKey H350 is a Secure USB 3.0 hard disk drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to desktops, sensitive data and critical applications. IronKey H350 allows enterprise class device management features like policy updates, password recovery and remote kill features." |
| 2347 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-3000 and W-6000/M3 Mobility Controllers with Dell AOS FIPS Firmware (Hardware Versions: W-3200-F1, W-3200-USF1, W-3400-F1, W-3400-USF1, W-3600-F1, W-3600-USF1 and [(W-6000-F1 or W-6000-USF1) with W-6000M3, and (HW-PSU-200 or HW-PSU-400)] with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/15/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "see change letterDell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2346 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-IAP3WN, W-IAP3WNP, W-IAP108, W-IAP109, W-AP114, and W-AP115 Wireless Access Points with Dell AOS FIPS Firmware (Hardware Versions: W-IAP3WN-F1, W-IAP3WN-USF1, W-IAP3WNP-F1, W-IAP3WNP-USF1, W-IAP108-F1, W-IAP108-USF1, W-IAP109-F1, W-IAP109-USF1, W-AP114-F1 and W-AP115-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs Multi-chip standalone "Dell W-Series 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2345 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-AP134 and W-AP135 Wireless Access Points with Dell AOS FIPS Firmware (Hardware Versions: W-AP134-F1 and W-AP135-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Dell W-Series 802.11n wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies" |
| 2344 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-620 and W-650 Mobility Controllers with Dell AOS FIPS Firmware (Hardware Versions: W-620-F1, W-620-USF1, W-650-F1 and W-650-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Dell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2339 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-AP224 and W-AP225 Wireless Access Points with Dell AOS FIPS Firmware (Hardware Versions: W-AP224-F1 and W-AP225-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs Multi-chip standalone "Dell W-Series 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2337 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/16/2015 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android KitKat 4.4.4 running on Samsung Galaxy Note 4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #3007 and #3010); SHS (Certs. #2514 and #2518); RNG (Certs. #1304 and #1305); Triple-DES (Cert. #1766); HMAC (Certs. #1900 and #1902) -Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; krng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO; AES-GCM (non-compliant); RFC4106-AES-GCM (non-compliant); RFC4543-AES-GCM (non-compliant); AES-CTR (non-compliant); Triple-DES-CTR (non-compliant); GHASH; GF128MUL Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2335 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-AP92, W-AP93, W-AP104, W-AP105, and W-AP175 Wireless Access Points with Dell AOS FIPS Firmware (Hardware Versions: W-AP92-F1, W-AP93-F1, W-AP104-F1, W-AP105-F1, W-AP175P-F1, W-AP175AC-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/11/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs Multi-chip standalone "Dell W-Series 802.11n wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2334 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-IAP155 and W-IAP155P Wireless Access Points with Dell AOS FIPS Firmware (Hardware Versions: W-IAP155-F1, W-IAP155-USF1, W-IAP155P-F1 and W-IAP155P-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/05/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG Multi-chip standalone "Dell W-Series 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies." |
| 2332 | WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA Peter Eng TEL: 206 613 6600 CST Lab: NVLAP 200556-0 | XTM 850 [1], XTM 860 [2], XTM 870 [3], XTM 870-F [4], XTM 1520 [5], XTM 1520-RP [6], XTM 1525 [7], XTM 1525-RP [8], XTM 2520 [9] (Hardware Versions: SL8AE14 [1-5,7], SL15AE14 [6,8], SL25AE14F4 [9] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.6.5) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/03/2015 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #2360 and #2361); CVL (Cert. #163); DSA (Cert. #738); ECDSA (Cert. #388); HMAC (Certs. #1463 and #1464); RNG (Cert. #1175); RSA (Cert. #1218); SHS (Certs. #2032 and #2033); Triple-DES (Certs. #1476 and #1477); -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; AES-CCM (non-compliant); PBKDF (non-compliant) Multi-chip standalone "WatchGuard® XTM Extensible Threat Management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need." |
| 2331 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 Shigeki Yamamoto TEL: +81 50 3140 9131 FAX: +81 50 3809 1421 CST Lab: NVLAP 100432-0 | Aspen (Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.3.0, 1.4.0 and 1.5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/03/2015 05/08/2015 12/15/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #829, #830 and #1279); CVL (Cert. #115) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strenght); NDRNG; HMAC-MD5; MD5 Multi-chip embedded "The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed." |
| 2325 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 50 3140 9888 FAX: +81 50 3809 1421 Shigeki Yamamoto TEL: +81 50 3140 9131 FAX: +81 50 3809 1421 CST Lab: NVLAP 100432-0 | Aspen (Hardware Version: 2.0.0; Firmware Versions: 1.3.0, 1.4.0 and 1.5.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2015 05/08/2015 12/15/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #829, #830 and #1279); CVL (Cert. #160) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5 Multi-chip embedded "Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system." |
| 2324 | Curtiss-Wright 333 Palladium Drive Kanata, ON K2V 1A6 Canada Andrew McCoubrey TEL: 613 599-9199 x5176 FAX: 613-599-7777 Johan A Koppernaes TEL: 613-599-9199 ext 5817 FAX: 613-599-7777 CST Lab: NVLAP 200996-0 | CCA-685 Secure Router (Hardware Version: CCA-685-C2820; Firmware Version: 2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2015 12/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111); CVL (Cert. #405) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) DES; MD5 Multi-chip embedded "The CCA-685 Secure Router is used for strong security in the embedded defense and aerospace industries. It supports industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption." |
| 2323 | Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 USA Richard Bishop TEL: 408-753-4000 Jake Bajic TEL: 408-753-4000 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.3 or 6.0.8) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/05/2015 03/13/2015 12/07/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2896 and #2897); CVL (Certs. #324 and #325); HMAC (Cert. #1832); RNG (Cert. #1290); RSA (Cert. #1525); SHS (Cert. #2439) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications." |
| 2321 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA Dell Networking Team CST Lab: NVLAP 200427-0 | Dell W-7200 Series Controllers with Dell AOS FIPS Firmware (Hardware Versions: W-7210-F1, W-7210-USF1, W-7220-F1, W-7220-USF1, W-7240-F1, W-7240-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/28/2015 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Dell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services." |
| 2320 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey S1000 (Hardware Versions: P/Ns IK-S1000-04GB, IK-S1000-08GB, IK-S1000-16GB, IK-S1000-32GB, IK-S1000-64GB, IK-S1000-128GB and IKS1000 Series [4GB, 8GB, 16GB, 32GB, 64GB, 128GB]; Firmware Version: 3.0.5) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/28/2015 02/13/2015 03/08/2016 05/26/2016 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "IronKey S1000 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey S1000 allows enterprise class device management features like policy updates, password recovery and remote kill features." |
| 2314 | Proofpoint Inc. 892 Ross Drive Sunnyvale, CA 94089 USA Jun Wang TEL: 408-338-6680 FAX: 408-517-4710 CST Lab: NVLAP 200427-0 | Proofpoint Security Library (Software Version: 1.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/13/2015 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 5 running on Dell Latitude E6400 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1938); ECDSA (Cert. #278); RNG (Cert. #1021); RSA (Cert. #1003); SHS (Cert. #1702) -Other algorithms: AES RNG; DSA (non-compliant); RC2; Triple-DES (non-compliant) Multi-chip standalone "The module is a C++ language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides a variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC running Cent OS 5." |
| 2305 | Barco n.v. Noordlaan 5 Kuurne BE-8520 Belgium Theodore Marescaux TEL: 32 (0) 56 368 967 FAX: 32 (0) 56 368 862 Steven Stalmans TEL: 32 56 368761 FAX: 32 (0) 56 368 862 CST Lab: NVLAP 200802-0 | Barco ICMP (Hardware Version: R7681133-08 [A] or R7681133-12 [B]; Firmware Version: 1.1 build 9202 [A] or 1.2 build 10163B [B]) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/24/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2725 and #2726); HMAC (Certs. #1704 and #1705); RNG (Cert. #1262); SHS (Certs. #2295 and #2296); RSA (Cert. #1418); CVL (Cert. #178) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman; HMAC-MD5; MD5; NDRNG Multi-chip embedded "Barco digital cinema image and DCI media processing module." |
| 2297 | Dell Software, Inc. 5455 Great America Parkway Suite 250 Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | SRA EX9000 (Hardware Version: P/N 101-500352-59 Rev A; Firmware Version: SRA 10.7.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/12/2014 04/21/2015 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: RNG (Cert. #1272); AES (Certs. #2795, #2796 and #2797); RSA (Certs. #1462 and #1463); Triple DES (Certs. #1679, #1680 and #1681); SHS (Certs. #2347, #2348 and #2349); HMAC (Certs. #1751, #1752 and #1753); CVL (Certs. #245 and #246) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; ESPRC4; RC4; ESPRC4; RC4; SNMPv3 KDF (non-compliant) Multi-chip standalone "Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell SonicWALL Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices." |
| 2296 | Dell Software, Inc. 5455 Great America Parkway Suite 250 Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | SRA EX6000 and SRA EX7000 (Hardware Versions: P/Ns 101-500210-68 Rev. A (SRA EX6000) and 101-500188-70 Rev. A (SRA EX7000); Firmware Version: SRA 10.7.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/12/2014 04/21/2015 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: RNG (Cert. #1272); AES (Certs. #2795, #2796 and #2797); RSA (Certs. #1462 and #1463); Triple DES (Certs. #1679, #1680 and #1681); SHS (Certs. #2347, #2348 and #2349); HMAC (Certs. #1751, #1752 and #1753); CVL (Certs. #245 and #246) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; ESPRC4; RC4; SNMPv3 KDF (non-compliant) Multi-chip standalone "Built on Aventail's powerful, proven SSL VPN platform, the Dell SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources." |
| 2292 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Udayan Borkar TEL: 408-528-2361 FAX: 408-528-2540 Colin Cooper TEL: 408-528-2871 FAX: 408-528-2540 CST Lab: NVLAP 100432-0 | RFS7000 Series Wireless Controller (Hardware Version: RFS-7010; Firmware Version: 4.1.4.0-0030GR) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/10/2014 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2752 and #2765); HMAC (Certs. #1726 and #1731); CVL (Certs. #190, #191, #192 and #193); RNG (Certs. #1268 and #1270); RSA (Cert. #1443); SHS (Certs. #2321 and #2326); Triple-DES (Certs. #1656 and #1658) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability." |
| 2289 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Udayan Borkar TEL: 408-528-2361 FAX: 408-528-2903 Colin Cooper TEL: 408-528-2871 FAX: 408-528-2903 CST Lab: NVLAP 100432-0 | Wireless Access Point AP-7131N-GR (Hardware Version: AP7131N-GR; Firmware Version: 4.0.4.0-046GRN) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/08/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #861 and #2751); HMAC (Cert. #1725); KBKDF (Cert. #20); CVL (Certs. #186, #187, #188 and #189); RNG (Cert. #1267); RSA (Cert. #1442); SHS (Cert. #2320); Triple-DES (Cert. #1655) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "The AP-7131-GR 802.11n Wireless Access Point delivers the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual radio design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Motorola's Wireless IPS." |
| 2288 | IBM® Corporation 12 - 14 Marine Parade Seabank Centre Southport, QLD 4215 Australia Peter Clark TEL: 416-478-0224 CST Lab: NVLAP 200416-0 | IBM Security QRadar FIPS Appliance (Hardware Version: QR24 with FIPS Replacement Labels (Part Number: 00AN000); Firmware Version: v7.1 MR1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/03/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2562); Triple-DES (Cert. #1550); RSA (Cert. #1313); SHS (Cert. #2160); HMAC (Cert. #1581); RNG (Cert. #1216); CVL (Cert. #194) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "IBM(R) Security QRadar(R) FIPS Appliance consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. The IBM Security QRadar FIPS Appliance provides a secure platform that meets FIPS 140-2 Level 2 requirements while allowing organizations to meet current and emerging compliance mandates." |
| 2287 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-3463 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 7.1.15.4) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/03/2014 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: CVL (Certs. #57 and #58); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: AES (non-compliant); Triple-DES (non-compliant); RSA (non-compliant); Diffie-Hellman (non-compliant); NDRNG; MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2285 | Ultra Electronics DNE Technologies 50 Barnes Park North Wallingford, CT 06492 USA Stephen Nichols TEL: 203-697-6521 FAX: 203-265-7151 CST Lab: NVLAP 200427-0 | PacketAssure iQ1000 (Hardware Versions: Chassis v.003, PSM v.101; Firmware Versions: 3.2.0 and 3.4.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/03/2014 12/21/2015 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2191); DSA (Cert. #685); HMAC (Cert. #1343); RNG (Cert. #1109); RSA (Cert. #1130); SHS (Cert. #1899); Triple-DES (Cert. #1384) -Other algorithms: AES (Cert. #2191, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNMP KDF; SSH KDF; TLS KDF Multi-chip standalone "The Ultra Electronics DNE Technologies PacketAssure iQ1000 is a rugged, one 19" rack unit Service Delivery Management (SDM) network appliance. It integrates IP adaptation for legacy circuit based traffic with high-performance layer-2 IP switching and intelligent IP quality of service, allowing the user to precisely classify/manage their voice, video and data services." |
| 2283 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches (Hardware Versions: [BR-VDX6710-54-F and BR-VDX6710-54-R, BR-A-16-F (80-1004566-07 and 80-1006701-02), BR-VDX6720-16-R (80-1004567-07 and 80-1006702-02), BR-VDX6720-24-F (80-1004564-07 and 80-1006699-02), BR-VDX6720-24-R (80-1004565-07 and 80-1006700-02), BR-VDX6720-40-F (80-1004570-07 and 80-1006305-02), BR-VDX6720-40-R (80-1004571-07 and 80-1006306-02), BR-VDX6720-60-F (80-1004568-07 and 80-1006303-02) and BR-VDX6720-60-R (80-1004569-07 and 80-1006304-02), BR-VDX6730-16-F (80-1005649-03 and 80-1006709-02), BR-VDX6730-16-R (80-1005651-03 and 80-1006711-02), BR-VDX6730-24-F (80-1005648-03 and 80-1006708-02), BR-VDX6730-24-R (80-1005650-03 and 80-1006710-02), BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-40-F (80-1005680-03 and 80-1006719-02), BR-VDX6730-40-R (80-1005681-03 and 80-1006720-02), BR-VDX6730-60-F (80-1005679-03 and 80-1006718-02), BR-VDX6730-60-R (80-1005678-03 and 80-1006717-02), BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.) and BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.), BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64-ALLSW-F and BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F and BR-VDX6740T-64-ALLSW-R, BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8-BND-AC and BR-VDX8770-8-BND-DC with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 and 80-1006429-01)]; Firmware Version: Network OS (NOS) v4.0.1) (When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3, 4, 5, 6, and 7 as defined in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/08/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1356, #1357, #1358 and #1359); CVL (Certs. #130 and #131) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; BLOWFISH; ARCFOUR; HMAC-MD5; UMAC-64; HMAC-RIPEMD160; HMAC-MD5-96 Multi-chip standalone "The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments." |
| 2277 | ND SatCom Products GmbH Graf von Soden Strasse Immenstaad 88090 Germany Dr. Michael Weixler TEL: +49 7545 939 8198 FAX: +49 7545 939 8302 Petra Visuri TEL: +49 7545 939 8781 FAX: N/A CST Lab: NVLAP 100432-0 | SKYWAN Cryptographic Module (Hardware Version: F-11B13860 TQM8349L-CA Rev. 300; Firmware Versions: Boot Loader FW version 2.002.4 and Application FW version 7.250.10) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2740); DSA (Cert. #839); RNG (Cert. #1265); SHS (Certs. #2311 and #2312) -Other algorithms: AES (Cert. #2740, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "ND SatCom FIPS Module, a multichip embedded hardware engine providing AES256 encryption services for Ethernet & Frame-Relay/Serial data traffic and MF-TDMA control signaling for the ND SatCom SkyWAN 7000 Series Satellite modems. This module provides FIPS 140-2 Level 3 TRANSEC services adding no satellite bandwidth overhead." |
| 2274 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Chris Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches (Hardware Versions: [BR-VDX6710-54-F and BR-VDX6710-54-R, BR-VDX6720-16-F (80-1004566-07 and 80-1006701-02), BR-VDX6720-16-R (80-1004567-07 and 80-1006702-02), BR-VDX6720-24-F (80-1004564-07 and 80-1006699-02), BR-VDX6720-24-R (80-1004565-07 and 80-1006700-02), BR-VDX6720-40-F (80-1004570-07 and 80-1006305-02), BR-VDX6720-40-R (80-1004571-07 and 80-1006306-02), BR-VDX6720-60-F (80-1004568-07 and 80-1006303-02) and BR-VDX6720-60-R (80-1004569-07 and 80-1006304-02), BR-VDX6730-16-F (80-1005649-03 and 80-1006709-02), BR-VDX6730-16-R (80-1005651-03 and 80-1006711-02), BR-VDX6730-24-F (80-1005648-03 and 80-1006708-02), BR-VDX6730-24-R (80-1005650-03 and 80-1006710-02), BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-40-F (80-1005680-03 and 80-1006719-02), BR-VDX6730-40-R (80-1005681-03 and 80-1006720-02), BR-VDX6730-60-F (80-1005679-03 and 80-1006718-02), BR-VDX6730-60-R (80-1005678-03 and 80-1006717-02), BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.) and BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.), BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64- ALLSW-F and BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F, BR-VDX6740T-64-ALLSW-R, BR-VDX6740T-56-1G-R and BR-VDX6740T-56-1G-F, BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8- BND-AC and BR-VDX8770-8-BND-DC with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 and 80-1006429-01) with FIPS Kit Brocade XBR-000195; Firmware Version: Network OS (NOS) v4.1.1) (When operated in FIPS mode and with the tamper evident seals installed as indicated in Appendix A of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/10/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1458 and #1467); CVL (Certs. #130 and #131) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; BLOWFISH-CBC; CAST128; ARCFOUR; HMAC-MD5; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96; HMAC-MD5-96 Multi-chip standalone "The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments." |
| 2271 | Digicine Oristar Technology Development (Beijing) Co., Ltd. No.1 Di Sheng West Street, BDA, Da Xing District Beijing 100176 People's Republic of China Mr. Xiao, liqun TEL: +86-010-8712 9372 FAX: +86-010-8712 7010 Dr. Sun, Xiaobin TEL: +86-010-8712 9111 FAX: +86-010-8712 7010 CST Lab: NVLAP 100432-0 | AQ42-M (Hardware Version: 2.0.0; Firmware Version: 1.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/24/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2932, #2933 and #2934); SHS (Certs. #2468, #2469, #2470 and #2471); HMAC (Certs. #1858 and #1859); RSA (Certs. #1537 and #1538); RNG (Certs. #1293, #1294 and #1295); CVL (Cert. #333) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5 Multi-chip embedded "AQ42-M is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system." |
| 2269 | Globo Plc 190 High Street Tonbridge - Kent TN9 1BE U.K United Kingdom Paul DePond TEL: 408-777-7924 CST Lab: NVLAP 100432-0 | Globo Plc Server Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/16/2014 12/31/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Globo Plc Server Cryptographic Module provides cryptographic functions for server-side component of enterprise mobility products from Globo Plc." |
| 2268 | Globo Plc 190 High Street Tonbridge - Kent TN9 1BE U.K United Kingdom Paul DePond TEL: 408-777-7924 CST Lab: NVLAP 100432-0 | Globo Plc Mobile Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/16/2014 12/31/2014 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 iOS 7 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Globo Plc Mobile Cryptographic Module provides cryptographic functions for mobile components of enterprise mobility products from Globo Plc." |
| 2266 | Digicine Oristar Technology Development (Beijing) Co., Ltd. No.1 Di Sheng West Street, BDA, Da Xing District Beijing 100176 China Helen Li TEL: +86 10 8712 7173 FAX: +86 10 8712 7010 CST Lab: NVLAP 100432-0 | CHN-II (Hardware Version: 1.0; Firmware Versions: 1.0.0 and 1.2.0, Bootloader Version:1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/10/2014 04/17/2015 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2858, #2880, #2881 and #2882); HMAC (Certs. #1798 and #1816); SHS (Certs. #2401, #2421 and #2422); RSA (Cert. #1498); RNG (Cert. #1281) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box Multi-chip embedded "Oristar's Integrated Media Block (IMB) product with its model number CHN-II supports 2K/4K JPEG-2000 image decoding for theatrical playback in Digital Cinemas." |
| 2265 | HealthStackIO Inc. 530 Lytton Avenue 2nd Floor Palo Alto, CA 94301 USA HealthStackIO Sales Team CST Lab: NVLAP 100432-0 | HealthStackIO Platform Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/10/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.8 on a MacBook Air Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 SUSE Linux Enterprise 11SP2 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Cryptographic layer for HealthStackIO platform" |
| 2253 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Nexus 7000 Series Switches (Hardware Versions: Chassis: N7K-C7004, N7K-C7009, N7K-C7010 and N7K-C7018; Supervisor Cards: N7K-SUP1, N7K-SUP2 and N7K-SUP2E; Fabric Cards: N7K-C7009-FAB-2, N7K-C7010-FAB-1, N7K-C7010-FAB-2, N7K-C7018-FAB-1 and N7K-C7018-FAB-2; Line Cards: N7K-M148GS-11L, N7K-M148GT-11L, N7K-M108X2-12L, N7K-M132XP-12, N7K-F132XP-15, N7K-M202CF-22L, N7K-M206FQ-23L, N7K-M224XP-23L, N7K-F248XP-25E and N7K-F248XT-25E; Firmware Version: 6.2.2a) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert. #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG Multi-chip standalone "The Cisco Nexus 7000 is a highly scalable in the Data Center end-to-end 10 Gigabit Ethernet switch for mission-critical data center operations. The fabric architecture scales beyond 15 terabits per second (Tbps), with support for 40-Gbps and 100-Gbps Ethernet. Powered by Cisco NX-OS, a state of the art modular operating system, the platform is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility." |
| 2252 | Cisco Systems, Inc. 170 W Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200928-0 | Nexus 7700 Series Switches (Hardware Versions: Chassis: N7K-C7710 and N7K-C7718; Supervisor Card: N77-SUP2E; Fabric Cards: N77-C7710-FAB-2 and N77-C7718-FAB-2; Line Card: N77-F248XP-23E; Firmware Version: 6.2.2a) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/22/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert. #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG Multi-chip standalone "The Cisco Nexus 7700 Switches are the latest extension to the Cisco Nexus 7700 Series modular switches. With more than 83 terabits per second (Tbps) of overall switching capacity, the Cisco Nexus 7700 Switches delivers the highest-capacity 10, 40, and 100 Gigabit Ethernet ports in the industry, with up to 768 native 10-Gbps ports, 384 40-Gbps ports, or 192 100-Gbps ports. This high system capacity is designed to meet the scalability requirements of the largest cloud environments." |
| 2247 | NXP Semiconductors Stresemannallee 101 Hamburg D-22529 Germany Hans-Gerd Albertsen TEL: +49-40-5613-2548 FAX: +49-40-5613-62548 Markus Moesenbacher TEL: +43-3124-299-652 FAX: +43-3124-299-270 CST Lab: NVLAP 100432-0 | NXP JCOP 2.4.2 R3 (Hardware Versions: P/Ns P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R3 Mask ID 64 and patchID 1 with Demonstration Applet v1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/15/2014 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: AES (Certs. #2561, #2564, #2596 and #2597); CVL (Cert. #26); ECDSA (Cert. #317); RNG (Cert. #1229); RSA (Certs. #1090 and #1091); SHS (Cert. #1553); Triple-DES (Certs. #1552 and #1553); Triple-DES MAC (Triple-DES Cert. #1552, vendor affirmed) -Other algorithms: NDRNG; AES (Certs. #2561 and #2596, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1552, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "Single Chip Module with NXP Secure Smart Card Controller of P5CD081 Family. P5CD081 Family comprises: P5CD145 V0A, P5CC145 V0A, P5CN145 V0A, P5CD128 V0A, P5CC128 V0A, P5CD081 V1A, P5CC081 V1A, P5CN081 V1A, P5CD051 V1A, P5CD041 V1A, P5CD021 V1A, P5CD016 V1A, P5CD145 V0B, P5CC145 V0B, and P5CD081 V1D." |
| 2240 | Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-3901 FAX: 408-753-4001 Richard Bishop TEL: 408-753-4061 FAX: 408-753-4001 CST Lab: NVLAP 100432-0 | PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series and PA-5000 Series Firewalls (Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6] and PA-5060 P/N 910-000008-00F Rev. F [6]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5] and 920-000037-00A Rev. A [6]; Firmware Versions: 5.0.11 and 5.0.16) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2014 05/18/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2728); CVL (Cert. #227); HMAC (Cert. #1707); RNG (Cert. #1263); RSA (Cert. #1420); SHS (Cert. #2298) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, and PA-5000 Series next-generation firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. This unique ability empowers customers to safely enable applications, make informed decisions on network access, and strengthen network security." |
| 2238 | McAfee, Inc. 2821 Mission College Boulevard Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Virtual Appliance for VMware (Software Version: 8.3.2 with patch number 8.3.2E14) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/08/2014 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1963, #2712 and #2714); Triple-DES (Certs. #1275, #1629 and #1631); RSA (Certs. #1408 and #1410); DSA (Certs. #829 and #831); ECDSA (Certs. #473 and #475); SHS (Certs. #1722, #2277 and #2279); HMAC (Certs. #1184, #1691 and #1693); RNG (Cert. #1032); DRBG (Certs. #449 and #451); CVL (Certs. #170 and #172) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2237 | McAfee, Inc. 2821 Mission College Boulevard Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032 (Hardware Versions: (FEW-S1104, FEW-S2008, FEW-S3008, FEW-S4016, FEW-S5032 and FEW-S6032) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2236 | McAfee, Inc. 2821 Mission College Boulevard Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100F, 2150F and 4150F (Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/08/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2235 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 200416-0 | McAfee Email Gateway for Virtual Environments (Software Version: 7.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/04/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Intel Xeon w/ Red Hat Linux 9 running on VMware ESXi v4.1 and ESXi v5.0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2012, #2079 and #2280); Triple-DES (Certs. #1298, #1330 and #1428); DSA (Certs. #638, #654 and #710); RSA (Certs. #1041, #1074 and #1171); SHS (Certs. #1762, #1809 and #1962); RNG (Certs. #1054, #1077 and #1133); HMAC (Certs. #1217 and #1260) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant) Multi-chip standalone "McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance." |
| 2234 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 200416-0 | McAfee Email Gateway L2 (Hardware Versions: EMG-5500-C and EMG-5000-C; Firmware Version: 7.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/05/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant) Multi-chip standalone "McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance." |
| 2233 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2706 CST Lab: NVLAP 200416-0 | McAfee Email Gateway L1 (Hardware Versions: EMG-5500-B, EMG-5000-B, EMG-4500-B, EMG-4000-B, EWS-3400-B, EWS-3300-B, EWS-3200-B, EWS-3100-B and HP Proliant BL460c Gen6 Blade Server (Model: 595729-L21); Firmware Version: 7.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/05/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant) Multi-chip standalone "McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance." |
| 2220 | Guidance Software, Inc. 215 North Marengo Avenue, Suite 250 Pasadena, CA 91101 USA Emily Woodman TEL: 626-768-4615 FAX: 626-229-9199 CST Lab: NVLAP 200556-0 | Guidance Software EnCase Cryptographic Engine (Software Version: 1.0) (When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/28/2014 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2682 and #2683); HMAC (Certs. #1669 and #1670); RSA (Certs. #1382 and #1383); SHS (Certs. #2253 and #2254) -Other algorithms: N/A Multi-chip standalone "The module is the Guidance Software EnCase Cryptographic Engine, version 1.0, which is a software shared library that provides cryptographic services required by Guidance Software host applications." |
| 2218 | Tripwire, Inc. 101 SW Main St. Suite 1500 Portland, OR 97204 USA TEL: 503-276-7500 FAX: 503-223-0182 CST Lab: NVLAP 200802-0 | Tripwire Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/07/2014 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 960 Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 9010 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2719); RSA (Cert. #1414); RNG (Cert. #1260); HMAC (Cert. #1698); SHS (Cert. #2284); DSA (Cert. #835); CVL (Cert. #176) -Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms via the standard Java Cryptographic Extension (JCE) framework." |
| 2214 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Version: SKC 1.4.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/31/2014 08/29/2014 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android KitKat 4.4.2 running on Samsung Galaxy S5 Tizen 2.2.1 running on Samsung Z (single-user mode) -FIPS Approved algorithms: AES (Certs. #2809, #2810, #2938 and #2939); SHS (Certs. #2357, #2358, #2474 and #2475); RNG (Certs. #1275, #1276, #1297 and #1298); Triple-DES (Certs. #1687 and #1746); HMAC (Certs. #1760, #1761, #1862 and #1863) -Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 2213 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 50 3140 9888 FAX: +81 50 3809 1421 Shigeki Yamamoto TEL: +81 50 3140 9131 FAX: +81 50 3809 1421 CST Lab: NVLAP 100432-0 | Aspen (Hardware Version: 2.0.0; Firmware Versions: 1.2.1 and 1.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #828, #829, #830 and #1279); CVL (Cert. #160) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5 Multi-chip embedded "Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system." |
| 2209 | Western Digital Corporation 3355 Michelson, Suite 100 Irvine, CA 92612 USA Danny Ybarra TEL: 949-672-9929 CST Lab: NVLAP 100432-0 | Verdi Self Encrypting Drive (SED) (Hardware Version: WD4001FYUG-01UVZ; Firmware Version: VR08) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2014 | Overall Level: 2 -EMI/EMC: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1669 and #1678); HMAC (Cert. #1062); RNG (Cert. #951); RSA (Cert. #901); SHS (Cert. #1580) -Other algorithms: NDRNG Multi-chip embedded "A WDC Verdi product is a storage device that supports the Trusted Computing Group security protocol as defined by the TCG Enterprise SSC ( a set of security features that manage self encrypting drive functionality)." |
| 2207 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Florence DEFRANCE TEL: +33 (0) 442366734 FAX: +33 (0) 442365792 Anthony VELLA TEL: +33 (0) 442366138 FAX: +33 (0) 442365236 CST Lab: NVLAP 100432-0 | MultiApp V3 Platform (Hardware Versions: M7820 SLE78CLX1600P (Contact-only) and M7820 SLE78CLX1600P (Contactless-only); Firmware Versions: MultiApp V3.0, Demonstration Applet V1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RNG (Cert. #1128); RSA (Certs. #1287 and #1288); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #2261, key wrapping; key establishment methodology provides 128 bits of encryption strength) Single-chip "MultiApp V3.0 is a highly secured smartcard platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on the SLE78 chip from Infineon. This field-proven OS has the largest number of references in national ID programs. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling ePassport, secure data storage, identification, authentication and digital signature with biometry control." |
| 2203 | Pitney Bowes, Inc. 37 Executive Drive Danbury, CT 06810 USA Dave Riley TEL: 203-796-3208 FAX: 203-617-6060 Thomas J. Niglio TEL: 203-922-5239 FAX: 203-617-6060 CST Lab: NVLAP 200983-0 | Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: MAXQ1959B-F50#; Firmware Versions: 09.02.00; Indicia Type: 0, 1, 2, 5, 7 and 8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/09/2014 | Overall Level: 3 -Physical Security: Level 3 +EFP -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: SHS (Cert. #2286); RNG (Cert. #1261); Triple-DES (Cert. #1636); DSA (Cert. #836); HMAC (Cert. #1699) -Other algorithms: Triple-DES MAC (Non-Compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Royal Mail Mailmark and other international postal authorities' specification. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia." |
| 2194 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: 845-454-6397 Tammy Green TEL: 801-999-2973 CST Lab: NVLAP 200928-0 | Blue Coat® Systems SSL Visibility Appliance (Hardware Versions: Model: SV2800; 090-03063 and 080-03562 with FIPS Label Kit: FIPS-LABELS-SV; Firmware Version: 3.5.2 build 961) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2014 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2642); Triple-DES (Cert. #1585); RSA (Certs. #1238 and #1352); SHS (Cert. #2215); HMAC (Cert. #1634); RNG (Cert. #1246); PBKDF (vendor affirmed); CVL (Cert. #123) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES Multi-chip standalone "The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic." |
| 2193 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA 250M and NSA 250MW (Hardware Versions: P/N 101-500343-58, Rev. A (NSA 250M) and P/N 101-500326-61, Rev. A (NSA 250MW); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses." |
| 2192 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA E10000 Series (Hardware Versions: P/N 101-500340-50, Rev. A (E10100), P/N 101-500336-50, Rev. A (E10200), P/N 101-500337-50, Rev. A (E10400) and P/N 101-500280-50, Rev. A (E10800); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks." |
| 2191 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA E8500 and NSA E8510 (Hardware Versions: P/N 101-500308-57, Rev. A (NSA E8500) and P/N 101-500344-57, Rev. A (NSA E8510); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks." |
| 2189 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA 4500 and NSA E5500 (Hardware Versions: P/Ns 101-500249-63, Rev. B (NSA 4500) and 101-500228-65, Rev. A (NSA E5500); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses." |
| 2188 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA 3500 (Hardware Versions: P/N 101-500248-63, Rev. B; Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses." |
| 2187 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA 220, NSA 220W and NSA 240 (Hardware Versions: P/Ns 101-500347-62 Rev. A (NSA 220), 101-500342-50 Rev. B (NSA 220W) and 101-500193-62 Rev. A (NSA 240); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses." |
| 2186 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA 2400 and NSA 2400MX (Hardware Versions: P/N 101-500171-75, Rev. A (NSA 2400) and P/N 101-500270-50, Rev. A (NSA 2400MX); Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses." |
| 2185 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA E6500 (Hardware Versions: P/N 101-500227-64, Rev. A; Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks." |
| 2183 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey Workspace W700 (Hardware Versions: P/Ns WGHC0B032G0001FIPS, WGHC0B032G0001FIPS (Rev 1), WGHC0B064G0001FIPS, WGHC0B064G0001FIPS (Rev 1), WGHC0B128G0001FIPS, WGHC0B128G0001FIPS (Rev 1), WGHB0B008G0010, WGHB0B008G0010 (Rev 1), IK-W700-32GB-SC, IK-W700-64GB-SC, IK-W700-128GB-SC and IKW700 Series [8GB, 32GB, 64GB, 128GB]; Firmware Versions: 3.0.3 and 3.0.5) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/25/2014 09/26/2014 01/16/2015 07/23/2015 03/08/2016 05/26/2016 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "IronKey Workspace W700 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey Workspace W700 allows enterprise class device management features like policy updates, password recovery and remote kill features." |
| 2180 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 1.650.427.1902 CST Lab: NVLAP 200928-0 | VMware Kernel Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode with VMware NSS Cryptographic Module validated to FIPS 140-2 under Cert. #2155 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/20/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with PAA VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without PAA (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1635); AES (Cert. #2718); SHS (Cert. #2283); HMAC (Cert. #1697); RNG (Cert. #1259) -Other algorithms: DES; Triple-DES (non-compliant); AES-GCM (non-compliant); AES-CCM (non-compliant); AES-XTS (192 bit key; non-compliant); SHA-[384 and 512] (non-compliant); HMAC-SHA-[384 and 512] (non-compliant); RNG (X9.31 with stdrng; non-compliant) Multi-chip standalone "The VMware Kernel Cryptographic Module is a flexible software library providing FIPS-140-2 approved cryptographic operations for VMware products and platforms." |
| 2179 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200556-0 | FortiOS 4.0 MR3 (Firmware Versions: FortiOS v4.0, build3830, 131223) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 06/20/2014 07/24/2014 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate 3950B with FortiOS v4.0, build3767, 130920 -FIPS Approved algorithms: AES (Certs. #2607 and #2608); Triple-DES (Certs. #1572 and #1573); HMAC (Certs. #1615 and #1616); SHS (Certs. #2191 and #2192); RSA (Cert. #1334); RNG (Cert. #1234) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 2174 | Hewlett-Packard Development Company, L.P. 11445 Compaq Center Dr. W Houston, TX 77070 USA Julie Ritter TEL: 281-514-4087 Tim McDonough TEL: 281-518-7531 CST Lab: NVLAP 200928-0 | HP BladeSystem Onboard Administrator Firmware (Firmware Version: 3.71) (When installed, initialized and configured as indicated in the Security Policy in Section 3 and operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 06/17/2014 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure -FIPS Approved algorithms: AES (Cert. #2289); Triple-DES (Cert. #1439); RSA (Cert. #1178); SHS (Certs. #1972 and #1973); HMAC (Cert. #1406); RNG (Cert. #1140) -Other algorithms: NDRNG; DSA; RC4; HMAC-SHA1-96; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure." |
| 2172 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 FAX: 651-628-2701 CST Lab: NVLAP 100432-0 | NSM Application Cryptographic Module (Software Version: 7.1.15.1.11) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/17/2014 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a GIGABYTE GA-EP45-UD3P -FIPS Approved algorithms: AES (Cert. #2469); HMAC (Cert. #1513); RNG (Cert. #1198); RSA (Cert. #1259); SHS (Cert. #2083); CVL (Cert. #78) -Other algorithms: RSA (key wrapping; non-compliant); MD5; HMAC-MD5; NDRNG Multi-chip standalone "McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application." |
| 2170 | DragonWave Inc. 600-411 Legget Drive Ottawa, Ontario K2K 3C9 Canada Erik McLaughlin TEL: 613-599-9991 Greg Friesen TEL: 613-599-9991 CST Lab: NVLAP 200928-0 | DragonWave® Secure Cryptographic Module (Hardware Versions: Horizon® Quantum (PN: 74-000320) and Horizon® Compact+ (PN: 74-000320) with Tamper Evident Seal (PN: 65-000185-01-01); Firmware Versions: 1.2.5 (Compact+) and 1.3 (Quantum)) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware-Hybrid | 06/12/2014 | Overall Level: 1 -Tested: Horizon Quantum (PN 60-000471-03) and Horizon Compact+ (PN CP-HP-18-B1-S-X-010-N-00-R1) with QNX Neutrino Real-Time Operating System Version 6.4.1 -FIPS Approved algorithms: AES (Certs. #2706, #2707, #2708 and #2709); Triple-DES (Certs. #1625 and #1626); RSA (Certs. #1404 and #1405); SHS (Certs. #2273 and #2274); RNG (Certs. #1256 and #1257); HMAC (Certs. #1687 and #1688); CVL (Certs. #164 and #165) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength); DSA (non compliant); MD5; SHA-[224, 384 and 512] (non-compliant); HMAC-SHA-[224, 256, 384 and 512] (non-compliant); RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant) Multi-chip standalone "The DragonWave® Secure Cryptographic Module is a hybrid cryptographic module consisting of firmware and hardware. The hardware portion of the module provides AES for bulk data encryption between two Horizon Compact+ or Horizon Quantum peer devices in a radio link, while the firmware provides cryptographic state management as well as secure peer-to-peer management communications over a protected TLS tunnel." |
| 2168 | Tendyron Corporation Room 1908, Shougang International Building No. 60 Xizhimen North Street Haidian District Beijing 100082 People's Republic of China Mr. Blair Liang TEL: +86-10-5667566 ext. 1006 FAX: +86-10-56675667 Mr. Yang Liu TEL: +86-10-56675666 ext. 3301 FAX: +86-10-56675667 CST Lab: NVLAP 100414-0 | OnKey193 USB Token (Hardware Version: 122.V102; Firmware Version: DBFips-V0.1.12-120313-C000) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/11/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #889); RNG (Cert. #509); RSA (Certs. #430 and #1138); SHS (Certs. #879 and #1735); Triple-DES (Cert. #725) -Other algorithms: AES (Cert. #889, key wrapping); RSA (Cert. #430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #725, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The OnKey193 USB Token provides RSA, TDES, AES, RNG cryptographic service for government and corporate identification, payment, banking and Web applications." |
| 2167 | Neopost Technologies, S.A. 113 Rue Jean Marin Naudin Bagneux 92220 France Nathalie TORTELLIER TEL: +33 1 45 36 30 72 FAX: +33 1 45 36 30 10 CST Lab: NVLAP 200983-0 | Neopost Postal Security Device (PSD) (Hardware Versions: A0014227-B, A0014227-C; Firmware Versions: a22.17.01, a22.17.02, a23.08.01, a23.08.03, a28.02.01, a28.02.04, a28.05 and a28.08) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/11/2014 08/29/2014 09/18/2015 01/04/2016 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Certs. #2565 and #2566); ECDSA (Cert. #441); HMAC (Certs. #1583 and #1603); CVL (Cert. #92); RNG (Cert. #1217); RSA (Cert. #1314); SHS (Cert. #2162) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant) Multi-chip embedded "The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access." |
| 2163 | MikroM GmbH Dovestrasse 3 Berlin, Berlin 10587 Germany Holger Krahn TEL: +49 30 398839 0 FAX: +49 30 398839 29 Michael Hagemeister TEL: +49 30 398839 0 FAX: +49 30 398839 29 CST Lab: NVLAP 100432-0 | MVC201 (Hardware Versions: MVC201-IS1 rev.1.1, MVC201-IF1 rev.1.1, MVC201-MS1 rev.1.1, MVC201-MF1 rev.1.1, MVC201-RS1 rev.1.1 and MVC201-RS2 rev.1.1; Firmware Versions: 1.10.65.18189, 1.10.68.18200, 1.20.98.19460 and 1.20.118.19949; Bootloader Versions: 1.3.5.17849, 1.3.7.18217 and 1.3.7.17798) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/05/2014 07/24/2014 05/08/2015 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: RSA (Cert. #1034); AES (Certs. #1994, #1995, #1996, #1997 and #2898); RNG (Cert. #1047); HMAC (Certs. #1206, #1207 and #1833); SHS (Certs. #1748, #1749 and #1750) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box Multi-chip embedded "MVC201 - Digital Cinema Image Media Block for integration into a TI Series 2 DLP Cinema projector" |
| 2161 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100F, 2150F and 4150F (Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F, and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.1) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/27/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2159 | Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA Wallace Davis TEL: 480-333-2189 CST Lab: NVLAP 200928-0 | Unified Crypto Module (Hardware Version: PL-0000235-2; Firmware Version: 2.1.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/27/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1538, #2026 and #2417); Triple-DES (Cert. #1505); RNG (Certs. #1173 and #1193); SHS (Cert. #2074); HMAC (Cert. #1502); RSA (Cert. #1249); DSA (Cert. #755); ECDSA (Cert. #397) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG Multi-chip embedded "The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic." |
| 2154 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100E, 2150E and 4150E (Hardware Versions: NSA-1100-FWEX-E, NSA-2150-FWEX-E, NSA-4150-FWEX-E with FRU-686-0089-00; Firmware Version: 8.3.1) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/14/2014 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength). Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2153 | McAfee, Inc. 2821 Mission College Boulevard Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Virtual Appliance for Crossbeam (Software Version: 8.3.1) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/13/2014 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on Crossbeam XOS v9.9.0 running on a Crossbeam X80-S AC (single-user mode) -FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725); CVL (Certs. #127 and #129) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2147 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, Ontario K2L1A1 Canada Paul Hampton TEL: +44 (0) 1276 608057 FAX: +44 (0) 1276 608080 CST Lab: NVLAP 200427-0 | SafeNet LUNA® EFT (Hardware Versions: GRK-15, Version Code 0100; Firmware Version: MAL1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2629); RNG (Cert. #1242); RSA (Cert. #1350); SHS (Cert. #2212); Triple-DES (Cert. #1578) -Other algorithms: N/A Multi-chip standalone "SafeNet LUNA® EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards." |
| 2146 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 881W, 881GW, 1941W, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, and C819HWD-A-K9 Integrated Services Routers (ISRs) (Hardware Versions: Cisco 881W, 881GW, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, C819HWD-A-K9 and 1941W with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Versions: Router Firmware Version: IOS 15.2(4)M6A and AP Firmware Version: 15.2.2-JB) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/13/2014 08/06/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648, #1791, #2611 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627, #1606 and #1618); RNG (Cert. #1236); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2194, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566) -Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 800 Series Integrated Services Routers are fixed-configuration routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer wireless, Metro Ethernet, and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications." |
| 2144 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200556-0 | FortiGate-3950B/3951B (Hardware Versions: FortiGate-3950B and FortiGate-3951B with SKU-FIPS-SEAL-RED; Firmware Versions: FortiOS v4.0, build3830, 131223) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/06/2014 07/24/2014 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2278, #2607 and #2608); Triple-DES (Certs. #1425, #1572 and #1573); HMAC (Certs. #1396, #1615 and #1616); SHS (Certs. #1959, #2191 and #2192); RSA (Certs. #1169 and #1334); RNG (Cert. #1234) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network." |
| 2142 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.17) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/06/2014 02/12/2016 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Timesys Linux 2.6.28-rt16 running on a Konica Minolta A5C1H020 with PowerPC (32-bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #2248); DRBG (Cert. #272); DSA (Cert. #700); ECDSA (Certs. #356 and #358); HMAC (Cert. #1377); RNG (Cert. #1122); RSA (Cert. #1153); SHS (Cert. #1937); Triple-DES (Cert. #1407) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES; ECIES; Entropy RNG; HMAC MD5; MD2; MD5; OTP RNG; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 2139 | IBM® Corporation 1701 North Street, Building 256-3 Endicott, NY 13760 USA Brian W. Hugenbruch TEL: 607-429-3660 FAX: 607-429-5920 William F Penny TEL: 845-435-3010 FAX: 845-433-7510 CST Lab: NVLAP 200658-0 | IBM® z/VM® Version 6 Release 3 System SSL Cryptographic Module (Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 5735FAL00: z/VM Version 6 Release 3 plus APAR PM95516) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 04/30/2014 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with z/VM Version 6 Release 3 running on IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode) -FIPS Approved algorithms: AES (Certs. #976 and #2627); Triple-DES (Certs. #769 and #1577); DSA (Cert. #792); RSA (Cert. #1344); SHS (Certs. #946 and #2203); HMAC (Cert. #1624); RNG (Cert. #1241); CVL (Cert. #110) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "Module Description: z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files." |
| 2137 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Chela Diaz de Villegas TEL: 651-628-1642 CST Lab: NVLAP 200416-0 | McAfee Vulnerability Manager Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/29/2014 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 64-bit running an Intel Xeon on a McAfee® Firewall Enterprise Control Center (single-user mode) -FIPS Approved algorithms: AES (Cert. #2176); Triple-DES (Cert. #1378); HMAC (Cert. #1332); SHS (Cert. #1888); RSA (Cert. #1122); RNG (Cert. #1102) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (non-compliant) Multi-chip standalone "The McAfee Vulnerability Manager Cryptographic Module scans specified targets for vulnerabilities and misconfiguration. It provides a management interface to configure the system and generate reports regarding the results of the scans." |
| 2135 | AFORE Solutions Inc. 2680 Queensview Drive Suite 150 Ottawa, Ontario K2B 8J9 Canada Tim Bramble TEL: 613-224-5995 x232 FAX: 613-224-5410 CST Lab: NVLAP 200928-0 | CloudLink Crypto Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/24/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 with PAA Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 without PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2545); Triple-DES (Cert. #1540); SHS (Cert. #2146); HMAC (Cert. #1566); RNG (Cert. #1220); DRBG (Cert. #378); RSA (Cert. #1300); DSA (Cert. #778); CVL (Cert. #104) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECC CDH (non-compliant); ECDSA (non-compliant); Dual-EC DRBG (non-compliant) Multi-chip standalone "The CloudLink Crypto Module is a general purpose cryptographic library which provides cryptographic services for all CloudLink application modules." |
| 2133 | SecureAgent® Software Inc. 2448 E. 81st Street Tulsa, OK 74137 USA Steve Soodsmas TEL: 918-971-1600 FAX: 918-971-1623 CST Lab: NVLAP 200416-0 | SecureAgent® Software Cryptographic Module (Software Version: 2.2.006) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/25/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Sun Solaris 10 running on an IDG 9074 Secure Communications Controller (single-user mode) -FIPS Approved algorithms: AES (Cert. #2044); SHS (Cert. #1790); HMAC (Cert. #1243); RNG (Cert. #1067) -Other algorithms: NDRNG; AES (non-compliant); RSA (non-compliant); DSA (non-compliant); SHA-1 (non-compliant); SHA-224 (non-compliant); SHA-256 (non-compliant); SHA-384 (non-compliant); SHA-512 (non-compliant); ANSI X9.31 RNG (non-compliant); PBKDF (non-compliant); TDES (non-compliant); ARCFOUR; BLOWFISH; CAMELLIA; CAST5; DES; RC2; SEED; SERPENT; TWOFISH; Elgamal; HAVAL; MD2; MD4; MD5; RMD160; TIGER; TIGER1; TIGER2; WHIRLPOOL; SIMPLE_S2K; SALTED_S2K; ITERSALTED_S2K Multi-chip standalone "The SecureAgent® Software Cryptographic Module provides the core cryptographic services for several secure communications and controller systems designed and manufactured by SecureAgent® Software." |
| 2132 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-3463 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 S (Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/30/2014 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58) -Other algorithms: Diffie-Hellman (non-compliant); MD5; NDRNG Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2131 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-3463 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 P (Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/30/2014 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58) -Other algorithms: NDRNG; RSA (non-compliant); Diffie-Hellman (non-compliant); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 2130 | Northrop Grumman M5 Network Security Canberra, AustraliaLevel 1218 Northbourne AveBraddon, ACT 2612 Level 1 / 218 Northbourne Ave Braddon, ACT 2612 Australia Warwick Hoyle TEL: +611300656019 FAX: +611300365893 Kristian Howard TEL: +611300656019 FAX: +611300365893 CST Lab: NVLAP 200900-0 | SCS Linux Kernel Cryptographic Services module (Software Version: kernel-PAE-2.6.32.14-127.scs.fips.fc12.i686) (When operated in FIPS mode with module OpenSSL FIPS Object Module V2 validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/06/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-100 Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-200 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2604); Triple-DES (Cert. #1569); RNG (Cert. #1232); SHS (Cert. #2188); HMAC (Certs. #1126 and #1612) -Other algorithms: DES; Triple-DES CTR (non-compliant); AES GCM (non-compliant) Multi-chip standalone "A FIPS module that provides a C-language application program interface (API) for use by other processes that require cryptographic functionality within the SCS 100 and 200 hardware platforms." |
| 2129 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Udayan Borkar TEL: 408-528-2361 FAX: 408-528-2540 Colin Cooper TEL: 408-528-2871 FAX: 408-528-2540 CST Lab: NVLAP 100432-0 | RFS7000 SERIES Wireless Controller (Hardware Versions: RFS-7010 and RFS-7010 GR; Firmware Version: 5.4.10.0-050GR) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/25/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #762 and #2625); HMAC (Cert. #1623); CVL (Certs. #106, #107, #108 and #109); RNG (Cert. #1240); RSA (Cert. #1342); SHS (Certs. #769 and #2201); Triple DES (Certs. #667 and #1576) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5 Multi-chip standalone "The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability." |
| 2123 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Virtual Appliance for VMware (Software Version: 8.3.1) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/09/2014 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2122 | VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304 USA Eric Betts TEL: 650-427-1902 CST Lab: NVLAP 200928-0 | VMware Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/04/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server VMware vCloud Networking and Security 5.5.0a vShield Manager OS (VMware vCloud Networking and Security 5.5.0a App Firewall OS) on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1620); AES (Cert. #2701); SHS (Cert. #2268); HMAC (Cert. #1682); RNG (Cert. #1255); DSA (Cert. #822); RSA (Cert. #1399) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The VMware Cryptographic Module is a software library providing FIPS 140-2 -approved cryptographic algorithms and services for protecting data-in-transit and data-at-rest on VMware products and platforms." |
| 2120 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung OpenSSL Cryptographic Module (Software Version: SecOpenSSL2.0.3) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/28/2014 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2351 and #2411); HMAC (Certs. #1458 and #1496); SHS (Certs. #2026 and #2069); Triple-DES (Certs. #1471 and #1501); RSA (Certs. #1212 and #1245); DSA (Certs. #735 and #753); ECDSA (Certs. #386 and #396); RNG (Certs. #1171 and #1190); DRBG (Certs. #299 and #321); CVL (Certs. #56 and #72) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Triple-DES-CTR (non-compliant); AES-CTR (non-compliant); MD4; MD5; MDC-2; RC2; RC4; RIPEMD-160; Diffie-Hellman; md_rand.c; DRBG (Certs. #299 and #321; DUAL-EC; non-compliant) Multi-chip standalone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit." |
| 2117 | Juniper Networks, Inc. 1194 North Matilda Ave Sunnyvale, CA 94089 USA Sue Lin TEL: 408-936-8447 FAX: 408-936-1801 CST Lab: NVLAP 200697-0 | Juniper Networks EX3300, EX4200, EX4500 Ethernet Switches (Hardware Versions: EX3300-24P, EX3300-24T, EX3300-24T-DC, EX3300-48T, EX3300-48T-BF, EX3300-48P, EX4200-24P, EX4200-24PX, EX4200-24T, EX4200-24F, EX4200-48P, EX4200-48PX, EX4200-48T, EX4500-40-FB and EX4500-40-BF with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6) (When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/28/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG Multi-chip standalone "EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure." |
| 2115 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200556-0 | FortiAnalyzer-4000B (Hardware Version: 4000-B with SKU-FIPS-SEAL-RED; Firmware Versions: v4.0, build3059, 130918) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/26/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668) -Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securelyaggregate log data from Fortinet devices and other syslog-compatible devices.Using a comprehensive suite of customizable reports, users can filter and reviewrecords, including traffic, event, virus, attack, Web content, and email data." |
| 2114 | Proofpoint Inc. 892 Ross Drive Sunnyvale, CA 94089 USA Jun Wang TEL: 408-338-6680 FAX: 408-517-4710 CST Lab: NVLAP 200427-0 | Proofpoint Security Library (Software Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/26/2014 | Overall Level: 1 -Physical Security: N/A -Tested Configuration(s): Tested as meeting Level 1 with Dell Latitude E6400 w/ Cent OS 5 running JRE 1.6 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1814); ECDSA (Cert. #250); RNG (Cert. #956); RSA (Cert. #909); SHS (Cert. #1591) -Other algorithms: AES RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); Extended Secure Remote Password; Secure Remote Password; RC2; Triple-DES (non-compliant) Multi-chip standalone "The module is a Java language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.6 or later." |
| 2113 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200556-0 | FortiGate-VM Virtual Appliances (Software Version: 4.0 MR3) (When operated in FIPS mode and when installed, initialized and configured as specified in Section FIPS 140-2 Compliant Operation of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/25/2014 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: N/A -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with FortiOS 4.0 MR3 on VMWare ESXi 5.0.0 Update 1 running on a Dell PowerEdge R410 -FIPS Approved algorithms: Triple-DES (Certs. #1503 and #1504); AES (Certs. #2414 and #2415); SHS (Certs. #2071 and #2072); HMAC (Certs. #1500 and #1501); RSA (Cert. #1248); RNG (Cert. #1192) -Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 188 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-chip standalone "FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform." |
| 2112 | AT&T Services, Inc. 530 McCullough, 2B60 San Antonio, TX 78215 USA Jody Hagemann TEL: 732-457-1891 CST Lab: NVLAP 200928-0 | AT&T Toggle Cryptographic Security Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/25/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110 Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110 Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2 Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2 iOS v5 running on a iPad3 iOS v6 running on a iPhone5 Android v4.1 running on a Samsung Galaxy SIII (single-user mode) -FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength) Multi-chip standalone "The AT&T Toggle Cryptographic Security Module (TCSM) 1.0 provides cryptographic services for the Toggle. The TCSM modules provide low level Encryption and MAC Hashing routines, for protecting and securing mobile devices. The TCSM provides a highly secure encrypted container for enterprise-managed mobile applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device. Toggle provides application level security, an automated application wrapping process and dynamic app-based security policy cont" |
| 2111 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, Ontario N2G 4Y7 Canada Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie IMB-S2 4K Integrated Media Block (IMB) (Hardware Version: 000-102675-01 [A] or 000-102675-02 [B]; Firmware Versions: 1.0.1-2641 [A], 1.0.3-3047 [A], 1.1.0-3271 [A], 1.2.0-3400 [A], 1.2.1-3546 [A], 1.3.0-3704 [A], 1.3.2-3709 [A], 1.5.0-3848 [A], 1.5.2-3897 [A], 1.6.0-3934 [B] or 1.7.0-4209 [B]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/21/2014 06/05/2014 10/16/2014 05/29/2015 06/27/2016 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); CVL (Cert. #97) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box Multi-chip embedded "The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material." |
| 2109 | Pulse Secure, LLC. 2700 Zanker Road, Suite 200 San Jose, CA 95134 USA Yvonne Sang TEL: 408-372-9600 CST Lab: NVLAP 200697-0 | Odyssey Security Component Kernel Mode (Software Version: 2.50) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/21/2014 02/13/2015 | Overall Level: 1 -Physical Security: N/A -Design Assurance: Level 2 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows 7 SP1 64-bit on Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1990); Triple-DES (Cert. #1291); SHS (Cert. #1745); HMAC (Cert. #1203); DSA (Cert. #636); RSA (Cert. #1032); RNG (Cert. #1045) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); AES (Cert. #1990, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC Kernel Mode is a kernel-mode binary module for the Windows operating system." |
| 2108 | OpenPeak, Inc. 1750 Clint Moore Road Boca Raton, FL 33487 USA Eric Jen TEL: 561-289-0214 Howard A. Kwon TEL: 561-893-7930 FAX: 561-208-8026 CST Lab: NVLAP 200928-0 | OpenPeak Cryptographic Security Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/19/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110 Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110 Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2 Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2 iOS v5 running on a iPad3 iOS v6 running on a iPhone5 Android v4.1 running on a Samsung Galaxy SIII (single-user mode) -FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength) Multi-chip standalone "The OpenPeak Cryptographic Security Module (OCSM) 1.0 provides underlying cryptography primitives for OpenPeak’s ADAM platform, an advanced device and application management suite that provides comprehensive Mobile Enterprise Management as a cloud-hosted service. The OCSM provides a secure encrypted container for enterprise-managed applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device." |
| 2105 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200556-0 | FortiAnalyzer 4.0 MR3 (Firmware Versions: v4.0, build3059, 130918) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 03/19/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested: FortiAnalyzer 4000-B with FortiAnalyzer v4.0, build3059, 130918 -FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668) -Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "The FortiAnalyzer family of logging, analyzing, and reporting appliances securelyaggregate log data from Fortinet devices and other syslog-compatible devices.Using a comprehensive suite of customizable reports, users can filter and reviewrecords, including traffic, event, virus, attack, Web content, and email data." |
| 2104 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | NSA E7500 (Hardware Versions: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/18/2014 04/21/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks." |
| 2103 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2L1A1 Canada Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0 | ProtectServer Gold (PSG) (Hardware Versions: B2, B3, B4 and PSG-01-0101; Firmware Version: 3.20.01) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2605); DSA (Cert. #790); ECDSA (Cert. #449); HMAC (Cert. #1613); RNG (Cert. #1233); RSA (Cert. #1332); SHS (Cert. #2189); Triple-DES (Cert. #1570); Triple-DES MAC (Triple-DES Cert. #1570, vendor affirmed) -Other algorithms: AES (Cert. #2605, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #2605, non-compliant); ARIA; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); ECIES; IDEA 128; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength); SEED 128; SEED MAC; Triple-DES (Cert. #1570, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength) Multi-chip embedded "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications." |
| 2102 | Juniper Networks, Inc. 1194 North Matilda Ave Sunnyvale, CA 94089 USA Sue Lin TEL: 408-936-8447 FAX: 408-936-1801 CST Lab: NVLAP 200697-0 | Juniper Networks EX6200 and EX8200 Ethernet Switches Routing Engines (Hardware Versions: EX6200-SRE64-4XS, EX8208-SRE320 and EX8216-RE320 with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6) (When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/11/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514 ); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG Multi-chip standalone "EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure." |
| 2096 | WatchDox, Inc. 299 S California Ave. Palo Alto, CA 94306 USA Adi Ruppin TEL: 800-209-1688 CST Lab: NVLAP 200427-0 | WatchDox® CryptoModule (Software Version: 1.0) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/05/2014 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Physical Security: N/A -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6 running on a Dell Poweredge SC1420 without PAA (gcc Compiler Version 4.4.4) Windows 7 32-bit running on an Intel Core (x64) with PAA running on an Intel Client Desktop (gcc Compiler Version 4.7.3) Apple iOS 6.1 running on an ARMv7 with NEON on an iPhone 5 (gcc Compiler Version 4.2.1) Android 4.1 running on an ARM Cortex A9 with NEON on a Samsung Galaxy S3 Mini (gcc Compiler Version 4.6.3) (single-user mode) -FIPS Approved algorithms: AES (Cert. #2623); ECDSA (Cert. #451); HMAC (Cert. #1621); RNG (Cert. #1239); RSA (Cert. #1340); SHS (Cert. #2199) -Other algorithms: CVL (non-compliant); DRBG (non-compliant); DSA (non-compliant); EC Diffie-Hellman; RSA (encrypt/decrypt); Triple-DES (non-compliant) Multi-chip standalone "The WatchDox Crypto Module provides the services necessary to support the cryptographic features and functions of the WatchDox Secure File Sharing services and products." |
| 2094 | Securonix, Inc. 5777 W. Century Blvd. Suite #838 Los Angeles, CA 90045 USA Chris Bell TEL: 415-380-0806 CST Lab: NVLAP 100432-0 | Intelligence Platform Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/28/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Intelligence Platform Cryptographic Module provides cryptographic functions for the Intelligence Platform products from Securonix." |
| 2092 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung FIPS BC for Mobile Phone and Tablet (Software Versions: SBC1.45_2.0 and SBC1.45_2.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/26/2014 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2353 and #2409); SHS (Certs. #2027 and #2067); RNG (Certs. #1172 and #1189); Triple-DES (Certs. #1472 and #1499); HMAC (Certs. #1459 and #1494); RSA (Certs. #1213 and #1243); DSA (Certs. #736 and #751) -Other algorithms: Blowfish; Camellia; Camellia Light; CAST5; CAST6; DES; GOST28147-89; IDEA; IES; Rijndal; RC2; RC4; RC5; RC6; SEED; Serpent; TEA; Twofish; XTEA; Grain218; GrainV1; HC128; HC256; ISAAC; Salsa20; VMPC; Elgamal; Naccache-Stern; MD2; MD4; MD5; RIPEMD-128; RIPEMD-160; RIPEMD-256; RIPEMD-320; Tiger; Whirlpool; GOST3411; ISO9797; HMAC based on RFC 2104; VMPC-MAC; SRP6; ECMQV; Digest random generator; VMPC random number generator; Thread-based seed generator; Reverse window generator; AES light (non-compliant); ECDSA (non-compliant); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant); Skipjack (non-compliant); Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); RSA (non-compliant); DSA (non-compliant) Multi-chip standalone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit." |
| 2090 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco ASR 1001 [1][K1], ASR 1002 [2][K2][E1 or E2], ASR1002-X [3][K2], ASR 1004 [4][K3][R1 or R2][E2, E3 or E4], ASR 1006 [5][K4][single or dual E2, E3, E4 or E5][dual R1 or R2] and ASR 1013 [6][K5][E4 or E5][R2] (Hardware Versions: ASR1001 [1], ASR1002 [2], ASR1002-X [3], ASR1004 [4], ASR1006 [5] and ASR1013 [6]; FIPS KITs: ASR1001-FIPS-Kit [K1], ASR1002- FIPS-Kit [K2], ASR1004-FIPS-Kit [K3], ASR1006-FIPS-Kit [K4] and ASR1013-FIPS-Kit [K5]; Embedded Services Processors: ASR1000-ESP5 [E1], ASR1000-ESP10 [E2], ASR1000-ESP20 [E3], ASR1000-ESP40 [E4] and ASR1000-ESP100 [E5]; Route Processors: ASR-1000-RP1 [R1] and ASR-1000-RP2 [R2]; Firmware Version: 3.7.2tS) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/26/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #333, #2346 and #2549); DRBG (Cert. #382); HMAC (Certs. #137, #1455 and #1570); RNG (Certs. #154 and #1170); RSA (Cert. #1304); SHS (Certs. #408, #2023 and #2150); Triple-DES (Certs. #397, #1469 and #1543) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IKE KDF; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF Multi-chip standalone "The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments." |
| 2088 | McAfee, Inc. 2821 Mission College Blvd. Suite 100 Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 CST Lab: NVLAP 200928-0 | McAfee Database Security Sensor Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 4) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/25/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 64-bit with VMWare ESXi 4.0 running on a HP Proliant DL185 GS Windows Server 2008 64-bit with VMWare ESXi 5.0 running on a HP Proliant DL380 GS AIX 5.3 on a IBM 9115-305 HP-UX 11.23 running on a HP RX2600 Server Red Hat Enterprise Linux 5.9 with VMWare ESXi 5.0 running on a Dell PowerEdge R510 CentOS 5.5 with VMWare ESXi 5.0 running on a Dell PowerEdge R510 SUSE 11 patch 2 with VMWare ESXi 5.0 running on a Dell PowerEdge R510 Solaris 9 running on a Sun UltraSPARC C-III (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1557); AES (Cert. #2571); SHS (Cert. #2166); HMAC (Cert. #1587); RNG (Cert. #1223); DSA (Cert. #786); RSA (Cert. #1318) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The McAfee Database Security Sensor Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the McAfee Database Security Sensor." |
| 2087 | Fixmo, Inc. 15 Toronto Street Suite 1100 Toronto, Ontario M5C 2E3 Canada Daniel Ford TEL: 443-380-3673 CST Lab: NVLAP 200556-0 | Server Crypto Module (Software Version: 1.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/24/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755 CentOS 6.3 on a Dell OptiPlex 755 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Fixmo Server Crypto Module provides cryptographic functions for Fixmo products and solutions." |
| 2085 | Curtiss-Wright 333 Palladium Drive Kanata, Ontario K2V 1A6 Canada Aaron Frank TEL: 613-599-9199 ext 5242 FAX: 613-599-7777 Johan A Koppernaes TEL: 613-599-9199 ext 5817 FAX: 613-599-7777 CST Lab: NVLAP 200996-0 | VPX3-685 Secure Routers (Hardware Versions: Air-Cooled Chassis: VPX3-685-A13014-FC and VPX3-685-A13020-FC; Conduction-Cooled Chassis: VPX3-685-C23014-FC and VPX3-685-C23020-FC; Firmware Version: 2.0) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 05/22/2014 12/22/2015 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The VPX3-685 Secure Routers are used for strong security in the embedded defense and aerospace industries. They support industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption." |
| 2084 | GOTrust Technology Inc. 10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist. Taichung, Taiwan 408 Republic of China Sean Huang TEL: +886-4-23202525 FAX: +886-4-23202580 CST Lab: NVLAP 200824-0 | GO-Trust SDencrypter (Hardware Version: GT-3001 with GT-0330; Firmware Versions: 4.1.0.8 with 80023802-33860406 and 80023802-33860506) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/22/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1664); HMAC (Cert. #1426); KDF (Cert. #7); RNG (Cert. #999); RSA (Cert. #976); SHS (Cert. #1672); Triple-DES (Cert. #1237) -Other algorithms: AES (Cert. #1664, key wrapping; key establishment methodology provides 256 bits of encryption strength); AESKW (SP 800-38F, vendor affirmed); Multi-chip embedded "SDencrypter is a hardware security module embedded into one microSD. The entire encryption, decryption, key generation process is completed inside the module. Fast íºin-chipí¿ processing, using a high-performance smart card chip, supports streaming voice and media operations. High-assurance protection is provided to keys and sensitive data which are encrypted and stored inside the chip." |
| 2083 | FiberLogic Communications, Inc. 5F-3, No.9 Prosperity Road One, Science-Park Hsinchu, Taiwan 30078 Republic of China Jun Tseng TEL: +886-3-5638889 FAX: +886-3-5638899 CST Lab: NVLAP 200824-0 | TS-250 (Hardware Version: 1.0; Firmware Version: 1.0.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/22/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #1903); DSA (Cert. #601); HMAC (Cert. #1143); RNG (Certs. #997 and #1000); SHS (Cert. #1673) -Other algorithms: AES (Cert. #1903, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HRNG Multi-chip standalone "The TS-250 can encrypt the high speed network traffic passed through. The module can be configured to encrypt different layer of network traffic, e.g., from Ethernet frame payload or from IP packet payload." |
| 2078 | Dolby Laboratories, Inc. 100 Potrero Ave. San Francisco, CA 94103 USA Marvin Pribadi TEL: 415-645-5185 FAX: 415-645-4000 CST Lab: NVLAP 100432-0 | CAT904 Dolby® JPEG 2000/MPEG-2 Processor (Hardware Versions: P/N CAT904Z Revisions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 1.3.4.21) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2014 | Overall Level: 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650); RSA (Cert. #233); SHS (Certs. #592 and #1086) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF Multi-chip embedded "The CAT904 Dolby® JPEG 2000/MPEG-2 Processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity." |
| 2077 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | Oracle Solaris Userland Cryptographic Framework (Software Versions: 1.0 and 1.1) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/06/2014 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server Oracle Solaris 11.1 running on a Sun Server X3-2 with PAA Oracle Solaris 11.1 running on a Sun Server X3-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2308 and #2569); Triple-DES (Certs. #1455 and #1556); RSA (Certs. #1191 and #1317); DSA (Certs. #726 and #785); ECDSA (Certs. #373 and #443); SHS (Certs. #1992 and #2165); HMAC (Certs. #1422 and #1586); RNG (Certs. #1150 and #1221) -Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them." |
| 2076 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200928-0 | Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5 (Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 02/06/2014 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #2310 and #2572); Triple-DES (Certs. #1457 and #1558); RSA (Certs. #1193 and #1319); DSA (Certs. #727 and #787); ECDSA (Certs. #375 and #444); SHS (Cert. #1994); HMAC (Certs. #1424 and #1594); RNG (Certs. #1153 and #1224) -Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography." |
| 2075 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1 or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.240.0, 7.0.250.0 or 7.0.251.2) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/29/2014 02/20/2014 03/13/2015 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Cert. #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1230 and #2014); Triple-DES (Cert. #935); DRBG (Cert. #289) -Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); FIPS 186-2 RNG (Cert. #741); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 2071 | Fujitsu limited 4-1-1 Kamikodanaka Nakahara-ku Kawasaki, Kanagawa 211-8588 Japan Eugene Owens TEL: 408-746-6486 FAX: 408-746-8016 Hiroyuki Miura CST Lab: NVLAP 200822-0 | ETERNUS DX400/DX8000 Controller Module (Firmware Version: V20L80-1000) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 01/24/2014 | Overall Level: 1 -Mitigation of Other Attacks: N/A -Tested: ETERNUS DX410 with VxWorks 6.3 ETERNUS DX8400 with VxWorks 6.3 -FIPS Approved algorithms: AES (Cert. #2542); RNG (Cert. #1207); SHS (Cert. #2142) -Other algorithms: Fujitsu Original Encryption (Encryption/Decryption); AES (Cert. #2542, key wrapping) Multi-chip embedded "ETERNUS DX400/DX8000 Controller Module is a module which manages the whole disk storage system. In order to prevent a data leakage by removal of disks, the disk encryption mechanism encrypts data on the disks. This encryption function is valid if the Disk Encryption mechanism is activated through GUI." |
| 2069 | Hewlett-Packard Company 8000 Foothills Blvd Roseville, CA 95747 USA Sunil Amanna TEL: 916-785-1183 FAX: 916-785-1103 Harjit Dhillon TEL: 916-785-0341 FAX: 916-785-1103 CST Lab: NVLAP 200002-0 | HP Networking 3800 Switch Series (Hardware Versions: Switches: (3800-24G-PoE+-2SFP+ Switch (J9573A) [1]; 3800-48G-PoE+-4SPF+ Switch (J9574A) [2]; 3800-24G-2SFP+ Switch (J9575A) [3]; 3800-48G-4SFP+ Switch (J9576A) [4]; 3800-24G-2XG Switch (J9585A) [5]; 3800-48G-4XG Switch (J9586A) [6]; 3800-24G-PoE+-2XG Switch (J9587A) [7]; 3800-48G-PoE+-4XG Switch (J9588A) [8] and 3800-24SFP-2SFP+ Switch (J9584A) [9]); Power Supplies: (J9580A [1,2,7,8] and J9581A [3,4,5,6,9]) with Tamper Evident Seal Kit: J9740A; Firmware Version: KA.15.10.0015) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2013 | Overall Level: 2 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Cert. #2051); Triple-DES (Cert. #1322); HMAC (Cert. #1248); SHS (Certs. #1795 and 1796); RSA (Certs. #1067 and #1068); DSA (Cert. #649); RNG (Cert. #1071) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; MD5-96; SHA-1-96 (non-compliant); RNG (Cert. #544; non-compliant); NDRNG Multi-chip standalone "The HP Networking 3800 Switch Series cryptographic modules are a family of next-generation gigabit Layer 2/3 enterprise-class access layer switches. The 3800 Switch Series, which is designed with a custom HP ProVision ASIC, delivers unmatched performance and scalability to meet the needs of the most demanding enterprise networks. The HP Networking 3800 Switch Series modules integrate 10 Gb connectivity for high-performance links to the network aggregation and core; allowing for increased throughput and network link redundancy." |
| 2068 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Andy Nissen CST Lab: NVLAP 200556-0 | McAfee SIEM Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/24/2013 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee Nitro OS 9.1 running on McAfee SIEM Appliance (single-user mode) -FIPS Approved algorithms: AES (Certs. #2229 and #2230); CVL (Certs. #33 and #34); DSA (Certs. #690 and #691); ECDSA (Certs. #343 and #344); HMAC (Certs. #1357 and #1358); RNG (Certs. #1115 and #1116); RSA (Certs. #1141 and #1142); SHS (Certs. #1917 and #1918); Triple-DES (Certs. #1395 and #1396) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The McAfee SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM environments." |
| 2067 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Andy Nissen CST Lab: NVLAP 200556-0 | McAfee Virtual SIEM Cryptographic Module (Software Version: 1.0) (The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/24/2013 | Overall Level: 1 -Physical Security: N/A -Mitigation of Other Attacks: N/A -Tested Configuration(s): Tested as meeting Level 1 with McAfee Nitro OS 9.1 on VMWare ESXi 5.0 running on a McAfee SIEM appliance -FIPS Approved algorithms: AES (Certs. #2228 and #2231); CVL (Certs. #32 and #35); DSA (Certs. #689 and #692); ECDSA (Certs. #342 and #345); HMAC (Certs. #1356 and #1359); RNG (Certs. #1114 and #1117); RSA (Certs. #1140 and #1143); SHS (Certs. #1916 and #1919); Triple-DES (Certs. #1394 and #1397) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The McAfee Virtual SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM virtual environments." |
| 2065 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco 5508 Wireless LAN Controller (Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.240.0, 7.0.250.0 or 7.0.251.2) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/24/2013 02/20/2014 02/20/2015 | Overall Level: 2 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #2014, #1228 and #1230); Triple-DES (Cert. #935); DRBG (Cert. #289) -Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 2063 | Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux 92220 France Nathalie TORTELLIER TEL: 33 01 45 36 30 72 FAX: 33 01 45 36 30 10 CST Lab: NVLAP 200983-0 | PSD MODEL 145, 146, 147, 148 (Hardware Version: 4150859LB; Firmware Versions: P/N A0015972B, Version 28.02) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/18/2013 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: RSA (Cert. #260); AES (Cert. #563); HMAC (Cert. #300); SHS (Cert. #629); ECDSA (Cert. #385); RNG (Cert. #328); CVL (Cert. #96) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip embedded "Neopost PSD (Postal Security Device) for low range Postage Evidencing Systems (PES)." |
| 2061 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 1-781-442-0451 Linda Gallops TEL: 1-781-442-0451 FAX: 1-781-442-0451 CST Lab: NVLAP 200928-0 | Oracle Solaris Kernel Cryptographic Framework (Software Versions: 1.0 and 1.1) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 12/13/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server without PAA Oracle Solaris 11.1 running on a Sun Server X3-2 with PAA Oracle Solaris 11.1 running on a Sun Server X3-2 without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2309 and #2573); Triple-DES (Certs. #1456 and #1559); RSA (Certs. #1192 and #1320); ECDSA (Certs. #374 and #445); SHS (Certs. #1993 and #2173); HMAC (Certs. #1423 and #1595); RNG (Certs. #1151 and #1225) -Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs." |
| 2060 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Joshua Brickman TEL: 781-442-0451 FAX: 1-781-442-0451 Linda Gallops TEL: 1-781-442-0451 FAX: 1-781-442-0451 CST Lab: NVLAP 200928-0 | Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and SPARC T5 (Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1) (When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 12/13/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode) -FIPS Approved algorithms: AES (Certs. #2311 and #2574); Triple-DES (Certs. #1458 and #1560); RSA (Certs. #1194 and #1321); ECDSA (Certs. #376 and #446); SHS (Cert. #1994); HMAC (Certs. #1425 and #1596); RNG (Certs. #1152, #1154, #1222 and #1226) -Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs. The module includes the SPARC T4 processor special instruction sets for hardware-accelerated cryptography." |
| 2059 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 CST Lab: NVLAP 100432-0 | Gemini (Hardware Version: 1.0.0; Firmware Versions: 2.0.0 and 2.1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/13/2013 05/22/2014 10/31/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829 and #830); CVL (Cert. #115) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5 Multi-chip embedded "The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed." |
| 2055 | ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101 CST Lab: NVLAP 200427-0 | ActivIdentity Digital Identity Applet v2 on Gemalto IDCore 3020 (v2) (Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Digital Identity Applet Suite 2.7) (When operated with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) PIV Certificate #34 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/05/2013 02/06/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (IDCore 3020 v2) with 128K EEPROM memory and the ActivIdentity Digital Identity Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
| 2052 | Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200697-0 | MX Series 3D Universal Edge Routers with the Multiservices DPC (Hardware Versions: [(MX240 with one to two 750-024064), (MX480 and MX960 with one to four 750-024064)] with (750-021524 and RE-S-2000-4096-S) and JNPR-FIPS-TAMPER-LBL; Firmware Version: JUNOS-FIPS 10.4R11) (The tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/05/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #762, #2218, #2221 and #2222); Triple-DES (Certs. #667, #1388, #1390 and #1391); SHS (Certs. #769, #1908, #1909, #1912 and #1913); HMAC (Certs. #417, #1348, #1349, #1351 and #1352); RNG (Cert. #1112); DSA (Cert. #688); RSA (Cert. #1137) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant); SSH KDF (non-compliant); IKEv1 KDF (non-compliant); NDRNG; ANSI X9.62 RNG (non-compliant) Multi-chip standalone "MX Series 3D Universal Edge Routers is a family of Ethernet routers designed to meet very large scale and medium-to-small size applications. It is capable of supporting business, mobile, and residential, services in even the fastest-growing networks and markets. With the Multiservices DPC (the MX Series) provides dedicated high-performance processing for flows and sessions, and integrates advanced security capabilities that protect the network infrastructure as well as user data." |
| 2046 | WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA Peter Eng TEL: 206-613-6600 CST Lab: NVLAP 200556-0 | XTM 515, XTM 525, XTM 535 and XTM 545 (Hardware Versions: NC2AE8 (XTM 515, XTM 525, XTM 535 and XTM 545) with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.5) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/18/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #1079 and #1380); AES (Certs. #1659 and #2180); SHS (Certs. #1453 and #1890); HMAC (Certs. #974 and #1334); RSA (Cert. #1124); ECDSA (Cert. #339); RNG (Cert. #1103); DSA (Cert. #684) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; TKIP; AES-CCM (non-compliant); Password Based Key Derivation Function (for 128 bit AES key; non-compliant) Multi-chip standalone "WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need." |
| 2044 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung Key Management Module (Software Versions: KM1.1 and KM1.3) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/18/2013 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S2 and Galaxy S3 Android Jelly Bean 4.1 running on Galaxy Note II Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143, #2257 and #2393); SHS (Certs. #1792, #1822, #1864, #1865, #1944 and #2055); RNG (Certs. #1069, #1080, #1097, #1098, #1127 and #1185); HMAC (Certs. #1245, #1273, #1309, #1310, #1384 and #1484); PBKDF (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform." |
| 2040 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032 (Hardware Versions: (FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032) with FRU-686-0089-00; Firmware Version: 8.3.1) (When installed, initialized and configured as indicated in the Security Policy in Section 3. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/15/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 2037 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Christopher Marks TEL: 408-333-0480 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; 6520 FC Switch; and 7800 Extension Switch (Hardware Versions: {[DCX Backbone P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01; DCX 8510-8 Backbone P/Ns 80-1004917-04 and 80-1007025-01; DCX-4S Backbone P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01; DCX 8510-4 Backbone P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01)] with Blade P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01 80-1000696-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1000233-10, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05; 6510 FC Switch P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03; 6520 FC Switch P/Ns 80-1007245-01, 80-1007246-01, 80-1007242-01, 80-1007244-01 and 80-1007257-01; 7800 Extension Switch P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.1.0 (P/N 63-1001187-01)) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #1048 and #1049) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF; TLSv1.0 KDF Multi-chip standalone "The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 2034 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco FIPS Object Module (Software Versions: 3.0 and 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2013 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on HP Pro 3130 Microtower with PAA Mac OS X 10.7 running on Apple Mac Mini 5,2 with PAA Free BSD 9.0 running Cisco UCS C200 M2 without PAA Linux 2.6 running on Cisco UCS C210 M2 with PAA Linux 2.6 running on Cavium CN5200-EVP-MB4-Y without PAA Android 4.0 running on Samsung SGH-T989 without PAA Linux 2.6 running on Cisco ASR1K without PAA Apple iOS 5.1 running on Apple iPad (MC705LL) without PAA Android 4.0 running on Samsung Galaxy S II without PAA Linux 2.6 running on a Cisco ASR1K without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2255 and #2558); CVL (Certs. #40 and #95); DRBG (Certs. #275 and #385); DSA (Certs. #703 and #783); ECDSA (Certs. #362 and #440); HMAC (Certs. #1382 and #1578); RNG (Certs. #1125 and #1215); RSA (Certs. #1156 and #1310); SHS (Certs. #1942 and #2157); Triple-DES (Certs. #1410 and #1548) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols." |
| 2033 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200900-0 | RSA BSAFE Crypto-J Software Module (Software Version: 4.1) (When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1291) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/13/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Linux 2.6 with Sun JRE 5.0 running on Samsung MFP with PowerPC (32bit) Linux 2.6 with Sun JRE 6.0 running on Samsung MFP with ARM9 (32bit) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1109 and #2602); DRBG (Certs. #15 and #396); DSA (Certs. #357 and #789); ECDSA (Certs. #130 and #447); HMAC (Certs. #621 and #1609); RNG (Certs. #616 and #1231); RSA (Certs. #522 and #1330); SHS (Certs. #1032 and #2186); Triple-DES (Certs. #806 and #1568) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements." |
| 2032 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720, VDX 6730 and VDX 8770 with Network OS (NOS) v3.0.1 Firmware (Hardware Versions: VDX6710-54-F (P/N 80-1004843-04), VDX6710-54-R (P/N 80-1004702-04), VDX6720-16-F (P/N 80-1004566-07, 80-1006701-02), VDX6720-16-R (P/N 80-1004567-07, 80-1006702-02), VDX6720-24-F (P/N 80-1004564-07, 80-1006699-02), VDX6720-24-R (P/N 80-1004564-07, 80-1006700-02), VDX6720-40-F (P/N 80-1004565-07, 80-1006305-02), VDX6720-40-R (P/N 80-1004571-07, 80-1006306-2), VDX6720-60-F (P/N 80-1004568-07, 80-1006303-02), VDX6720-60-R (P/N 80-1004569-07, 80-1006304-02), VDX6730-16-F (P/N 80-1005469-03, 80-1006709-02), VDX6730-16-R (P/N 80-1005651-03, 80-1006711-02), VDX6730-24-F (P/N 80-1005648-03, 80-1006708-02), VDX6730-24-R (P/N 80-1005650-03, 80-1006710-02), VDX6730-40-F (P/N 80-1005680-03, 80-1006719-02), VDX6730-40-R (P/N 80-1005681-03, 80-1006720-02), VDX6730-60-F (P/N 80-1005679-03, 80-1006718-02), VDX6740-60-R (P/N 80-1005678-03, 80-1006717-02), VDX8770-4 (P/N 80-1005850-02, 80-1006532-02) and VDX8770-8 (P/N 80-1005905-02, 80-1006533-02) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v3.0.1) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/13/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1174 and #1175) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF (non-compliant); TLS KDF (non-compliant) Multi-chip standalone |
| 2030 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 CST Lab: NVLAP 100432-0 | Aspen (Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1 and 1.2.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/13/2013 11/22/2013 01/23/2014 08/29/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829, #830, #1279); CVL (Cert. #115) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5; Multi-chip embedded "The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed." |
| 2026 | McAfee, Inc. 2821 Mission College Blvd. Suite 100 Santa Clara, CA 95054 USA James Reardon TEL: 651-628-5346 CST Lab: NVLAP 200928-0 | McAfee Database Security Server Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS140_MODE) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/12/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0 Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "McAfee Database Security Server Cryptographic Module provides FIPS 140-2 validated services to the server component of the McAfee Database Security product line." |
| 2025 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Diana Robinson TEL: (845) 454-6397 FAX: (801) 999-2973 Tammy Green TEL: (845) 454-6397 CST Lab: NVLAP 200928-0 | Blue Coat Systems, Software Cryptographic Module (Software Version: 1.0) (When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/12/2013 05/20/2014 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Solera Operating Environment v6.5.0 running on a Dell Poweredge model R720 Solera Operating Environment v6.5.0 on Vmware ESXi v5.0 running on Dell Poweredge model R720 Solera Operating Environment v6.6.9 on Vmware ESX 5.5 running on Dell Poweredge model R720 Solera Operating Environment v6.6.9 running on Dell Poweredge model R720 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1364); AES (Cert. #2153); SHS (Cert. #1873); HMAC (Cert. #1318); RNG (Cert. #1101); DSA (Cert. #669); RSA (Cert. #1108) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; AES-CFB1 (non-compliant); ECDSA (non-compliant); EC Diffie-Hellman Multi-chip standalone "The Blue Coat Systems, Software Cryptographic Module is a software multi-chip standalone module, providing cryptographic services for Solera DeepSee Software. Solera DeepSee is a solution for security intelligence and analytics that creates a complete record of network traffic. The module is a shared library that links to Solera DeepSee components." |
| 2023 | Nuvoton Technology Corporation 8 Hasadnaot Street Herzlia 46130 Israel Rachel Menda-Shabat TEL: (972) 9-9702219 Oren Tanami TEL: (972)9-9702219 CST Lab: NVLAP 200556-0 | Nuvoton TPM 1.2 (Hardware Version: FD5C37; Firmware Version: 4.1.5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/08/2013 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #2354); RSA (Cert. #1215); SHS (Cert. #2028); HMAC (Cert. #1460); RNG (Cert. #1174); CVL (Cert. #59) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Single-chip "Nuvoton Trusted Platform Module is a hardware cryptographic module, a member of the Nuvoton SafeKepper family, which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification for PC-Client TPM." |
| 2018 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey S250/D250 (Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Versions: 4.0.4 and 4.0.5) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2013 02/20/2014 03/08/2016 05/26/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms." |
| 2017 | Motorola Solutions, Inc. 6480 Via Del Oro San Jose, CA 95119 USA Udayan Borkar TEL: 408-528-2361 FAX: 408-528-2540 Colin Cooper TEL: 408-528-2871 FAX: 408-528-2540 CST Lab: NVLAP 100432-0 | AP 71xx Series Wireless Access Points - AP 7131N, AP 7131N-GR, AP 7161, AP 7181 (Hardware Versions: AP7131N, AP7131N-GR, AP7161, AP7181; Firmware Version: 5.4.10.0-050GR) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2013 12/20/2013 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #861, #1114, #2377 and #2378); HMAC (Cert. #1478); KDF (Cert. #10); CVL (Certs. #66, #67, #68 and #69); RNG (Cert. #1180); RSA (Cert. #1231); SHS (Certs. #1037 and #2048); Triple-DES (Cert. #1487) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG; MD5 Multi-chip standalone "The AP-71xx Series 802.11n Wireless Access Points deliver the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual and tri-radio options provide simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and wireless intrusion detection/prevention services." |
| 2014 | Atmel Corporation 1150 E. Cheyenne Mountain Blvd. Colorado Springs, CO 80906 USA Jim Hallman TEL: 919-846-3391 Todd Slack TEL: (719) 540-3021 CST Lab: NVLAP 200002-0 | Atmel Trusted Platform Module (Hardware Versions: AT97SC3204-X4 [1], AT97SC3204-U4 [1], AT97SC3204-G4 [1], AT97SC3204-H4 [1], AT97SC3205-X3 [2], AT97SC3205-U3 [2], AT97SC3205-G3 [2], AT97SC3205-H3 [2], AT97SC3205T-X3 [3], AT97SC3205T-U3 [3], AT97SC3205T-G3 [3] and AT97SC3205T-H3 [3]; Firmware Versions: 1.2.29.01 [1], 1.2.42.05 [2] and 1.2.42.06 [3]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2013 04/11/2014 05/20/2014 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #2333 and #2806); SHS (Certs. #2015 and #2354); HMAC (Certs. #1445 and #1757); RSA (Certs. #1203 and #1469); RNG (Certs. #1163 and #1273); CVL (Cert. #250) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MGF1; NDRNG Single-chip "The AT97SC3204 and AT97SC3205 are single chip cryptographic modules used for cryptographic key generation, key storage and key management as well as generation and secure storage for digital certificates." |
| 2013 | Dispersive Technologies, Inc. 2555 Westside Parkway Suite 500 Alpharetta, GA 30004 USA Douglas Dimola TEL: 844.403.5851 CST Lab: NVLAP 200556-0 | DSI V2VNet Mobile Crypto Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2013 09/18/2015 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "V2VNet Mobile Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Mobile Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications." |
| 2011 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-200B [1], FortiGate-300C [2], FortiGate-310B [3], FortiGate-600C [4] and FortiGate-620B [5] (Hardware Versions: C4CD24 [1], C4HY50 [2], C4ZF35 [3], C4HR40 [4] and C4AK26 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1, 3, 5] or FIPS-SEAL-RED [2,4]; Firmware Versions: FortiOS 4.0, build3830, 131223) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/05/2013 06/27/2014 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2277, #2279, #2607 and #2608); Triple-DES (Certs. #1424, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #1960, #2191 and #2194); HMAC (Certs. #1395, #1397, #1615 and #1616); RSA (Certs. #1168, #1170 and #1334) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2010 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-5140 Chassis with FortiGate 5000 Series Blades (Hardware Versions: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build3830, 131223) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/05/2013 06/27/2014 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2276, #2277, #2278, #2607 and #2608); Triple-DES (Certs. #1423, #1424, #1425, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1957, #1958, #1959, #2191 and #2192); HMAC (Certs. #1394, #1395, #1396, #1615 and #1616); RSA (Certs. #1168, #1169 and #1334) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 2008 | Hewlett-Packard TippingPoint 7501N. Capital of Texas Highway Austin, TX 78731 USA Dinesh Vakharia TEL: 512-681-8271 Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0 | HP TippingPoint Intrusion Prevention System (Hardware Versions: 5200NX and 7100NX; Firmware Version: 3.5) (When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Cert. #2183); HMAC (Cert. #1337); RNG (Cert. #1105); RSA (Cert. #1126); SHS (Cert. #1892); Triple-DES (Cert. #1383) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 2007 | GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA Pranay Kumar TEL: 852-2507 9565 FAX: (852) 2507 1131 Peter Lin TEL: (852) 2507 9557 FAX: (852) 2507 1131 CST Lab: NVLAP 100432-0 | Standalone IMB (Hardware Versions: GDC-IMB-v2, R8 and R9; Firmware Version: 2.0 with Security Manager Firmware Version 1.3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/25/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2148 and #2149); SHS (Certs. #1869 and #1870); RNG (Cert. #1100); RSA (Cert. #1105); HMAC (Certs. #1315 and #1316) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box; EC Diffie-Hellman Multi-chip embedded "A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, and logging." |
| 2005 | UTC Fire & Security Americas Corporation, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA Michael O'Brien TEL: 585-267-8345 CST Lab: NVLAP 100432-0 | Lenel OnGuard Communication Server (Software Versions: 6.5.624, 6.6.287, 7.0.932 or 7.1.481) (When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode) or (Windows 8 and Windows Server 2012 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1894 operating in FIPS mode)])) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/25/2013 11/07/2014 11/25/2014 08/14/2015 10/20/2015 | Overall Level: 1 -Physical Security: N/A -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: N/A -Tested Configuration(s): Microsoft Windows 7 running on a Dell OptiPlex 755 Microsoft Windows Server 2008 running on a Dell OptiPlex 760 Microsoft Windows 8 running on Dell OptiPlex 7010 Microsoft Windows Server 2012 running on SuperMicro 827-14 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1650 and #3088); RNG (Certs. #882 and #1313) -Other algorithms: RC2 Multi-Chip Stand Alone "The Lenel OnGuard Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution." |
| 2003 | Doremi Labs 1020 Chestnut St. Burbank, CA 91506 USA Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0 | IMS-SM (Hardware Versions: (IMS-SM-C1 and IMS-SM-C2) [1] and (IMS-SM-E1 and IMS-SM-E2) [2]; Firmware Versions: (4.0.3-0, 4.0.0-3 and 6.0.3-0) [1] and (4.2.0-4, 4.2.0-3 and 6.0.12-0) [2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/30/2013 01/03/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1252, #1383 and #2220); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman (non-compliant), TI S-box Multi-chip embedded |
| 2001 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200928-0 | SafeNet ProtectDrive Cryptographic Engine (Software Version: 1.0.1) (When operated in FIPS mode. For Windows 7: With module Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/17/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP3 (X86 version) running on Dell E6400 Windows 7 Ultimate Edition SP1 (X86 version) running on Dell E6400 Windows 7 Ultimate Edition SP1 (X64 version) running on Dell E6400 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed) -Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant) Multi-chip standalone "SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media." |
| 2000 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200928-0 | SafeNet ProtectDrive Cryptographic Engine (Software Version: 1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/17/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 2 with Dell Optiplex GX620 3.0 GHz Intel Pentium D Processor 830 (1 CPU), running 32-bit WindowsXP version 5.1 SP2 -FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed) -Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant) Multi-chip standalone "SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media." |
| 1999 | Thales Communications, Inc. 22605 Gateway Center Drive Clarksburg, MD 20871 USA Darlo Concepcion TEL: 240-864-7866 FAX: 240-864-7698 Jim Kent TEL: 240-864-7681 FAX: 240-864-7698 CST Lab: NVLAP 200427-0 | Liberty™ Cryptographic Module (Firmware Version: 01.00.05.0018) (When operated in FIPS Mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 09/17/2013 | Overall Level: 1 -Tested: Thales Liberty Radio PRC7332 with Green Hills INTEGRITY Version 5.0.10 -FIPS Approved algorithms: AES (Cert. #2185); HMAC (Cert. #1338); RNG (Cert. #1106); SHS (Certs. #1893 and #1894) -Other algorithms: AES (Cert. #2185, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #2185, vendor affirmed; P25 AES OTAR); DES; DES MAC Multi-chip standalone "The Liberty™ Cryptographic Module is a firmware stand alone executable module which provides FIPS 140-2 Level 1 certified cryptographic functionality for devices that utilize the APCO project 25 standard. The Liberty™ Cryptographic Module uses Green Hills Integrity™ address space seperation to provide secure isolation of the cryptographic module without requiring a separate cryptographic hardware module." |
| 1998 | Motorola Mobility LLC 600 North U.S. Highway 45 Libertyville, IL 60048 USA Jose Afonso Pinto TEL: +55 19-3847-6580 FAX: n/a Wesley Ribeiro TEL: +55 19-3847-6199 FAX: n/a CST Lab: NVLAP 100432-0 | Motorola Mobility Linux Kernel Software Cryptographic Module (Software Version: 1.0) (No assurance of the minimum strength of provided entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/17/2013 01/03/2014 04/17/2015 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.1.2 running on a Motorola Droid Razr HD/XT926 Android 4.2.2 running on a Motorola Droid Ultra (XT1080) Android 4.3 running on a Motorola Moto G (XT1028) Android 4.4 running on a Motorola Moto X (XT1060) Android 5.0.2 running on a Motorola Droid Turbo (XT1254) (single-user mode) -FIPS Approved algorithms: AES (Cert. #2287); HMAC (Cert. #1403); RNG (Cert. #1138); SHS (Cert. #1968); Triple-DES (Cert. #1435) -Other algorithms: N/A Multi-chip standalone "Motorola Mobility Linux Kernel Software Cryptographic Module is a software only Linux kernel cryptographic module intended to operate on a multi-chip standalone personal mobile device running Android. It provides general-purpose cryptographic services to the remainder of the Linux kernel. It is designed to operate at FIPS 140-2 overall security level 1." |
| 1996 | Fixmo, Inc. 15 Toronto Street Suite 1100 Toronto, Ontario M5C 2E3 Canada Daniel Ford TEL: 443-380-3673 CST Lab: NVLAP 200556-0 | Fixmo Client Crypto Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus iOS 5.1 running on a iPad 3 iOS 6 running on a iPad 3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Fixmo Client Crypto Module provides cryptographic functions for Fixmo client applications and solutions." |
| 1995 | Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA Security Evaluations Manager TEL: 781-442-0451 CST Lab: NVLAP 200427-0 | Sun Crypto Accelerator 6000 (Hardware Versions: 375-3424, Revisions -02, -03, -04, -05 and -06; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware versions 1.1.7, 1.1.8 or 1.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/11/2013 12/17/2013 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #397 and #2312); DSA (Cert. #319); ECDSA (Cert. #377); HMAC (Certs. #1427 and #1428); RNG (Cert. #1155); RSA (Certs. #1195 and #1196); SHS (Certs. #1995 and #1996); Triple-DES (Cert. #435) -Other algorithms: AES (Cert. #2312, key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a low-profile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System." |
| 1990 | Ultra Stereo Labs, Inc. 181 Bonetti Drive San Luis Obispo, CA 93401 USA Larry McCrigler TEL: 805-549-0161 FAX: 805-549-0163 CST Lab: NVLAP 100432-0 | IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks (Hardware Version: Rev. 14; Firmware Version: 02272013) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/13/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Certs. #798 and #1165); RSA (Cert. #712); CVL (Cert. #52) -Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman Multi-chip embedded "The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas." |
| 1985 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Kyunghee Lee TEL: +82-10-9397-1589 CST Lab: NVLAP 200658-0 | Samsung FIPS BC for Mobile Phone and Tablet (Software Version: SBC1.45_1.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/23/2013 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2124); SHS (Cert. #1848); RNG (Cert. #1090); Triple-DES (Cert. #1350); HMAC (Cert. #1295); RSA (Cert. #1093); DSA (Cert. #665) -Other algorithms: MD2; MD4; MD5; DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); IES; ISSAC; SKIPJACK (non-compliant); Blowfish; Twofish; RC2; RC4; RC5; RC6; SALSA20; HC128; HC256; VMPC; SERPENT; RIJNDAEL; CAST5; CAST6; GOST28147; GOST3411; TEA; XTEA; ELGAMAL; IDEA; Tiger; RIPEMD; WHIRPOOL; ISO9797AG3MAC; GOST28147MAC; GOST3410; VPMCMAC; ECGOST3410; Grain; Camelia; Noekeon; SEED; Direct random generator; Thread-based generator; Reverse window generator; ECDSA (non-compliant); RSA (encrypt/decrypt); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant) Multi-chip standalone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit." |
| 1983 | A10 Networks, Inc. 3 West Plumeria Drive San Jose, CA 95134 USA John Chiong TEL: 408-325-8668 FAX: 408-325-8666 CST Lab: NVLAP 200968-0 | AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-11-GCF, AX5100, AX5200-11, AX1030, AX3030, AX3400, AX3200-12, AX3530 and AX5630, and Thunder Series Application Delivery Controller TH1030S, TH3030S, TH5430S, and TH6430S (Hardware Versions: AX2500[1,2], AX2600-GCF[1,2], AX3000-11-GCF[1,2], AX5100[1,2], AX5200-11[1,2], AX1030[2], AX3030[2], AX3400[2], AX3200-12[2], AX3530[2], AX5630[2], TH1030S[3], TH3030S[3], TH5430S[3], and TH6430S[3]; Firmware Versions: R261-GR1-P7[1], R270-P2[2] and R271-P2[3]) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/23/2013 12/20/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128, #1129 and #1463); AES (Certs. #1693, #1739, #1740 and #2329); SHS (Certs. #1480, #1519, #1524, #1525 and #2013); HMAC (Certs. #985, #1011, #1016, #1017 and #1444); RSA (Certs. #829, #858, #862, #863 and #1202); RNG (Certs. #900 and #1088) -Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications." |
| 1982 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45V+E, WS-X4712-SFP+E, WS-X4640-CSFP-E, WS-X4748-NGPOE+E, and WS-X4748-RJ45-E) (Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, A], Catalyst 4503-E [2, 5, 7, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, D], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C] and WS-C4510-FIPS-KIT= [D]) and Filler Plate (C4K-SLOT-CVR-E); Firmware Version: 3.3.1SG) (When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/17/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1977 and #2057); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282) -Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1977, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev." |
| 1973 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Virtual Appliance for Crossbeam XOS (Software Version: 8.2.1) (When installed, initialized and configured as specified in the Security Policy Section 3.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/10/2013 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with McAfee Secure OS v8.2 on Crossbeam XOS v9.6.0 running on a Crossbeam X-60 McAfee Secure OS v8.2 on Crossbeam XOS v9.9.0 running on a Crossbeam X-60 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1960 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Virtual Appliance for VMware ESXi 4.1 (Software Version: 8.2.1) (When installed, initialized and configured as specified in the Security Policy Section 3.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/12/2013 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with McAfee Secure OS v8.2 on VMware ESXi v4.1 running on a McAfee 7032 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1959 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA Malcom Levy TEL: +972-37534561 FAX: 732-416-1370 CST Lab: NVLAP 200427-0 | Check Point CryptoCore (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/12/2013 | Overall Level: 1 -EMI/EMC: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without PAA (User Space) Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without PAA (Kernel Space) Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with PAA (User Space) Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with PAA (Kernel Space) Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without PAA (User Space) Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without PAA (Kernel Space) Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with PAA (User Space) Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with PAA (Kernel Space) Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without PAA (User Space) Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without PAA (Kernel Space) Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with PAA (User Space) Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with PAA (Kernel Space) Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without PAA (User Space) Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without PAA (Kernel Space) Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with PAA (User Space) Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with PAA (Kernel Space) UEFI Pre-boot (64-bit) running on a Apple MacBook Pro without PAA UEFI Pre-boot (64-bit) running on a Apple MacBook Pro with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #2182); DRBG (Cert. #255); HMAC (Cert. #1336); RNG (Cert. #1104); RSA (Cert. #1125); SHS (Cert. #1891); Triple-DES (Cert. #1382); Triple-DES MAC (Triple-DES Cert. #1382, vendor affirmed) -Other algorithms: AES (Cert. #2182, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5; PKCS#5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries." |
| 1954 | ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009 USA Ben Davis TEL: 760-476-2200 FAX: 760-929-3941 CST Lab: NVLAP 100432-0 | Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; Firmware Version: 02.03.02) (The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/30/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1203, #1204 and #2242); SHS (Certs. #1931 and #1932); HMAC (Cert. #1372); ECDSA (Cert. #351); RNG (Cert. #1121) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "The Enhanced Bandwidth Efficient Modem (EBEM) is a high-performance multi-input/multi-output SCPC satellite modulator/demodulator that converts multiple baseband digital input signals into multiple waveform intermediate frequencies (IF) and vice-versa.The EBEM provides extensive backwards compatibility with fielded modem and crypto technology, while adding high-order terminal modulation and Turbo coding to further enhance bandwidth efficiency." |
| 1953 | NXP Semiconductors Mikronweg 1 Gratkorn 8101 Austria Markus Moesenbacher TEL: +43 3124 299 652 FAX: +43 3124 299 270 CST Lab: NVLAP 100432-0 | NXP JCOP 2.4.2 R2 (Hardware Versions: P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R2 Mask ID 59 and patchID 3 with Demonstration Applet v1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/23/2013 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Certs. #1144 and #1145); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Certs. #2120, #2121, #2151 and #2152); SHS (Cert. #1553); RSA (Certs. #1090 and #1091); ECDSA (Cert. #317); CVL (Cert. #26) -Other algorithms: HW RNG; RSA (non-compliant); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of security strength); AES (Certs. #2120 or #2151, key wrapping; key establishment methodology provides 128 bits of security strength) Single-chip "NXP J3D081, J2D081, J3D145, J2D145 Secure Smart Card Controller Revision 2" |
| 1951 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-80C [1], FortiGate-110C [2], FortiGate-60C [3] and FortiWiFi-60C [4] (Hardware Versions: C4BC61 [1], C4HA15 [2], C4DM93 [3] and C4DM95 [4] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1,2] or FIPS-SEAL-RED [3,4]; Firmware Versions: (FortiOS 4.0, build3830, 131223)) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/23/2013 11/08/2013 06/27/2014 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2277, #2607 and #2608); Triple-DES (Certs. #1424, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #2191 and #2192); HMAC (Certs. #1395, #1615 and #1616); RSA (Certs. #1168 and #1334) -Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1950 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 x7416 FAX: 613-225-2951 CST Lab: NVLAP 200928-0 | FortiGate-1000C [1], FortiGate-1240B [2] and FortiGate-3140B [3] (Hardware Versions: C4HR40 [1], C4CN43 [2] and C4XC55 [3] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3] or FIPS-SEAL-BLUE [2]; Firmware Versions: (FortiOS 4.0, build3767, 130923) [1] and (FortiOS 4.0, build3830, 131223) [2,3]) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/23/2013 11/08/2013 06/27/2014 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2278, #2279, #2607 and #2608); Triple-DES (Certs. #1425, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1959, #1960, #2191 and #2192); HMAC (Certs. #1396, #1397, #1615 and #1616); RSA (Certs. #1169, #1170 and #1334) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1948 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Ross Choi TEL: 972-761-7628 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0 | Samsung OpenSSL Cryptographic Module (Software Version: SFOpenSSL1.0.0e-1.1) (When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/16/2013 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #2108); HMAC (Cert. #1282); SHS (Cert. #1831); Triple-DES (Cert. #1343); RSA (Cert. #1082); DSA (Cert. #658); RNG (Cert. #1083) -Other algorithms: Blowfish; Triple-DES-CTR (non compliant); AES-CTR (non compliant); MD5; IDEA; RC2; RC4; Diffie-Hellman; md_rand.c Multi-chip standalone "Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit." |
| 1943 | VT iDirect, Inc. 13865 Sunrise Valley Drive Suite 100 Herndon, VA 20171 USA Paul Harr TEL: 703-648-8225 FAX: 703-648-8088 CST Lab: NVLAP 200556-0 | Evolution e8350™ - Satellite Router [1], iConnex e800™ - Satellite Router Board [2], iConnex e850MP™ Satellite Router Board [3], iConnex e850MP™ - IND Satellite Router Board [4], iConnex e850MP™ - IND with Heat Sink Satellite Router Board [5], Evolution eM1D1™ Line Card [6] and Evolution eM0DM™ (Hardware Version: Part #E0000051-0003 [1]; Part #E0001340-0002 [2]; Part #E0000731-0001 [3]; E0000731-0002 [4]; Part #E0000731-0003 [5]; Part #E0000080-0002 [6]; Part #E0000080-0005 [7]; Firmware Version: iDX version 2.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/02/2013 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; PBKDF (non-compliant) Multi-chip embedded "iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical" |
| 1942 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+ (Hardware Versions: Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+; FIPS kit packaging (CVPN4500FIPS/KIT=); Firmware Version: 3.3.1SG) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/02/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1977); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282) -Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The fixed-aggregation Cisco Catalyst 4500-X Series Switches deliver best-in-class scalability, simplified network virtualization, and integrated network services for space-constrained environments in campus networks. The Catalyst 4500-X switches provide a secure and manageable platform that meets FIPS 140-2 Level 2 requirements." |
| 1941 | IBM Internet Security Systems, Inc. 6303 Barfield Road Atlanta, GA 30328 USA Scott Sinsel TEL: 404-236-2722 FAX: 404-236-2632 CST Lab: NVLAP 200416-0 | Proventia GX Series Security Appliances (Hardware Versions: GX7800 and GX7412; with FIPS-LABELS: FIPS 140 tamper evidence labels; Firmware Version: 4.3) (When operated in FIPS mode when installed with Firmware v4.3 and with the tamper evidence seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/30/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #2006); HMAC (Cert. #1211); RNG (Cert. #1049); RSA (Cert. #1035); SHS (Cert. #1756) -Other algorithms: RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence." |
| 1936 | Mxtran Inc. 9F, No.16, Li-Hsin Road, Science Park Hsin-chu, Taiwan 300 Republic of China C.W. Pang TEL: +886-3-6661778#29300 FAX: +886-3-6662568 CST Lab: NVLAP 200824-0 | Mxtran Payeeton Solution (Hardware Version: MX12E320128E; Firmware Version: Simker v3.20) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/24/2013 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1691); ECDSA (Cert. #340); HMAC (Cert. #1339); RNG (Cert. #1107); RSA (Cert. #1127); SHS (Cert. #1479); Triple-DES (Cert. #1091) -Other algorithms: Triple-DES (Cert. #1091, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "Mxtran Payeeton Solution of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via Short Message Service for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset." |
| 1934 | VT iDirect, Inc. 13865 Sunrise Valley Drive Suite 100 Herndon, VA 20171 USA Paul Harr TEL: 703-648-8225 FAX: 703-648-8088 CST Lab: NVLAP 200556-0 | Evolution e8350™ - FIPSL2 Satellite Router [1], iConnex e800™ - FIPSL2 Satellite Router Board [2], iConnex e850MP™ - FIPSL2 Satellite Router Board [3], Evolution eM1D1™ - FIPSL2 Line Card [4] and Evolution eM0DM™ - FIPSL2 Line Card [5] (Hardware Version: Part #E0000051-0005 [1]; Part #E0001340-0001 [2]; Part #E0000731-0004 [3]; Part #E0001306-0001 [4]; Part #E0001306-0002 [5]; Firmware Version: iDX version 2.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/18/2013 | Overall Level: 1 -Physical Security: Level 2 -FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant) Multi-chip embedded "iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical" |
| 1933 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode with Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758, Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module validated to FIPS 140-2 under Cert. #1901, Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module validated to FIPS 140-2 under Cert. #1757 and NSS Cryptographic Module validated to FIPS 140-2 under Cert. #1837, each module shall be obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policies specifies the precise RPM file containing each module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/15/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without PAA running on HP ProLiant DL585 Red Hat Enterprise Linux 6.2 with PAA running on IBM HS22 Red Hat Enterprise Linux 6.2 without PAA running on IBM HS22 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1657, #1658, #1659, #1660, #1661, #1662, #1663, #1664, #1725, #1726, #1741 and #1742); HMAC (Certs. #1128, #1129, #1130, #1131, #1132, #1133, #1134, #1135, #1199 and #1200); RNG (Certs. #988, #991, #992 and #993); DSA (Certs. #628, #629, #634 and #635); PBKDF (vendor affirmed) -Other algorithms: DES; AES-CTR (non-compliant); AES-XTS (non-compliant); AES-CBC (non-compliant) Multi-chip standalone "Device-mapper is an infrastructure in the Linux kernel that provides a generic way to create virtual layers of block devices on top of real block devices. dm-crypt is a device-mapper target that provides transparent encryption of block devices using the Kernel Crypto API shipped with RHEL 6.2. The user can specify one of the symmetric ciphers, a key (of any allowed size), an IV generation mode which allows the user to create a new block device in /dev. Writes to this device will be encrypted and reads decrypted transparent to the user." |
| 1932 | Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances (Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3] or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 8.4.4.1) (Validated when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy and when operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Certs. #105, #1407, #2047, #2049 and #2050); HMAC (Certs. #125, #301, #1244, #1246 and #1247); RNG (Certs. #144, #329, #772, #1068 and #1070); RSA (Certs. #106, #261, #1064, #1065 and #1066); SHS (Certs. #196, #630, #1791, #1793 and #1794); Triple-DES (Certs. #217, #559, #960, #1320 and #1321) -Other algorithms: DES; HMAC MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes" |
| 1930 | SUSE Linux Products GmbH Maxfeldstr. 5 Nuremberg 90409 Germany Roman Drahtmüller TEL: +49-911-74053127 CST Lab: NVLAP 200658-0 | OpenSSL Module (Software Version: 0.9.8j) (The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in the security policy section 9.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 04/08/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 without PAA SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 with PAA SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 without PAA SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 with PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2052, #2053, #2054 and #2055); Triple-DES (Certs. #1323 and #1324); DSA (Certs. #650 and #651); SHS (Certs. #1797 and #1798); RNG (Certs. #1073 and #1074); HMAC (Cert. #1249 and #1250); RSA (Certs. #1069 and #1070) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The OpenSSL Module is a software library supporting FIPS 140-2 -approved cryptographic algorithms for the purposes of protecting data in transit and at rest on the SUSE Linux platforms." |
| 1929 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | SRA EX9000 (Hardware Version: P/N 101-500352-50 Rev A; Firmware Version: SRA 10.6.1) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 04/21/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4 Multi-chip standalone "Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell SonicWALL Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices." |
| 1928 | Christie Digital Systems Canada Inc. 809 Wellington St. N. Kitchener, ON N2G 4Y7 CANADA Kevin Draper TEL: 519-741-3741 FAX: 519-741-3912 CST Lab: NVLAP 200802-0 | Christie IMB-S2 4K Integrated Media Block (IMB) (Hardware Version: 000-102675-01; Firmware Version: 1.0.1-2641 or 1.0.3-3047 or 1.1.0-3271 or 1.2.0-3400 or 1.2.1-3546) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/08/2013 04/19/2013 07/05/2016 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Cert. #1066); RSA (Cert. #1062) -Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box Multi-chip embedded "The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material." |
| 1925 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Ross Choi TEL: 972-761-7628 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0 | Samsung Key Management Module (Software Version: KM1.1) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/04/2013 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 on Galaxy S2 and Galaxy S3 Android Jelly Bean 4.1 on Galaxy Note II (single-user mode) -FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143 and #2257); SHS (Certs. #1792, #1822, #1864, #1865 and #1944); RNG (Certs. #1069, #1080, #1097, #1098 and #1127); HMAC (Certs. #1245, #1273, #1309, #1310 and #1384); PBKDF (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform." |
| 1924 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP MSR30/50 Routers with Encryption Accelerator Modules (Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-10 DC with JG585A and JG582A, HP MSR30-40 with JG585A and JG580A, HP MSR30-40 DC with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-60 DC with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR30-20 DC with JG585A and JG579A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A and HP MSR50-60 with JG586A and JG584A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/26/2013 10/25/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Certs. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform." |
| 1923 | Crossbeam Systems, Inc. 80 Central Street Boxborough, MA 01719 USA CST Lab: NVLAP 200556-0 | X60 and X80-S Platforms (Hardware Versions: (APM-9600, CPM-9600, NPM-9610 and NPM-9650) with XS-FIPS-LABEL-KIT; Firmware Version: XOS v9.9.0.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/22/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Certs. #1877 and #1878); Triple-DES (Certs. #1220 and #1221); RSA (Cert. #958); SHS (Certs. #1650 and #1651); RNG (Certs. #983); DSA (Cert. #587) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (Cert #961; non-compliant); PRNG (Cert #986; non-compliant); DSA (Cert #590; non-compliant); Blowfish; RC4; CAST128 Multi-chip standalone "Crossbeam’s X-Series network security platform offers enterprises, service providers and governments an open, high-performance architecture that easily scales multiple security applications to meet changing security threats. Crossbeam intelligently manages risk and protects businesses from evolving threats." |
| 1915 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Ross Choi TEL: 972-761-7628 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0 | Samsung Kernel Cryptographic Module (Software Versions: SKC1.4.1, SKC 1.4.1.1 and SKC.1.4.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 03/20/2013 05/23/2013 06/21/2013 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S3 Android Jelly Bean 4.1 running on Note II Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode) -FIPS Approved algorithms: AES (Certs. #2056, #2097, #2141, #2144, #2256 and #2392); SHS (Certs. #1799, #1821, #1863, #1866, #1943 and #2054); RNG (Certs. #1075, #1079, #1096, #1099, #1126 and #1184); Triple-DES (Certs. #1325, #1334, #1361, #1362, #1411 and #1491); HMAC (Certs. #1251, #1272, #1308, #1311, #1383 and #1483) -Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash) Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 1914 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP MSR30/50 Routers (Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-20 with JG585A and JG579A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR 30-40 PoE with JG585A and JG580A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A, HP MSR50-60 with JG586A and JG584A, HP MSR50-40 DC with JG586A and JG583A and HP MSR50-60 DC with JG586A and JG584A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform." |
| 1913 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP A-Series Routers (Hardware Versions: HP 6602 with JG586A and JG575A, HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor." |
| 1912 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP Networking Switches (Hardware Versions: HP 5120-24G EI with JG585A and JG557A, HP 5120-48G EI with JG585A and JG557A, HP 5120-24G-PoE+ EI with JG585A and JG559A, HP 5120-48G-PoE+ EI with JG585A and JG559A, HP 5500-24G EI with JG585A and JG557A, HP 5500-24G-PoE+ EI with JG585A and JG559A, HP 5500-24G-SFP EI with JG585A and JG558A, HP 5500-48G EI with JG585A and JG557A, HP 5500-48G-PoE+ EI with JG585A and JG559A, HP 5800-24G with JG585A and JG563A, HP 5800-24G-PoE+ with JG585A and JG560A, HP 5800-24G-SFP with JG585A and JG562A, HP 5800-48G with JG585A and JG563A, HP 5800-48G-PoE with JG585A and JG560A, HP 5800-48G-2slot with JG585A and JG561A, HP 5820-14XG-SFP with JG585A and JG561A, HP 5820-24XG-SFP with JG585A and JG564A, HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 03/20/2013 07/31/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter application and are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes fixed-port L2/L2+ managed Ethernet switch appliances, fixed-port L3 managed Ethernet switch appliances, and modular Ethernet switches. Each device is based on the Comware 5.2 platform." |
| 1911 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP A-Series Routers with VPN Firewall Module (Hardware Versions: HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor." |
| 1910 | Hewlett-Packard Company 153 Taylor Street Littleton, MA 01460 USA Boby Joseph TEL: 978-264-5379 FAX: 978-264-5522 CST Lab: NVLAP 200427-0 | HP Networking Switches with VPN Firewall (Hardware Versions: HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Firmware Version: 5.2; Software Version: 5.2) (When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 07/31/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter applicationan are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes modular Ethernet switches. Each device is based on the Comware 5.2 platform." |
| 1909 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 FAX: n/a CST Lab: NVLAP 100432-0 | Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K-K9 [B, C, D], WS-SVC-WISM2-K-K9= [B, C, D], WS-SVC-WISM2-K9= [A, B, C, D], WS-SVC-WISM2-5-K9= [A, B, C, D], WS-SVC-WISM2-3-K9= [A, B, C, D], WS-SVC-WISM2-1-K9= [A, B, C, D], WS-SVC-WISM2-5-K9 [A, B, C, D], WS-SVC-WISM2-3-K9 [A, B, C, D] or WS-SVC-WISM2-1-K9 [A, B, C, D]]; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1, or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.230.0 [A], 7.2.103.0 [B], 7.2.115.1 [C] or 7.2.115.2 [D]) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/20/2013 05/16/2013 07/12/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 1908 | Panzura, Inc. 22 Great Oaks Blvd # 150 San Jose, CA 95119 USA Randy Chou TEL: 408-457-8504 CST Lab: NVLAP 100432-0 | Panzura Cryptographic Module 4.2 (Software Version: 4.2) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/20/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Panzura Cloud Controller 8.0 running on Dell PowerEdge R410 with PAA Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 with PAA Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 (single user mode) -FIPS Approved algorithms: AES (Cert. #2269); DRBG (Cert. #278); DSA (Cert. #707); HMAC (Cert. #1389); RNG (Cert. #1130); RSA (Cert. #1162); SHS (Cert. #1951); Triple-DES (Cert. #1417); ECDSA (Cert. #366); CVL (Cert. #42) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The Panzura Cryptographic Module provides validated cryptographic services for multiple Panzura products." |
| 1907 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco Aironet® CAP3602E and CAP3602I Wireless LAN Access Points (Hardware Versions: CAP3602E Revision B0 and CAP3602I Revision B0; FIPS Kit AIR-AP-FIPSKIT=, Version B0; Firmware Versions: 7.2.103.0, 7.2.115.1 or 7.2.115.2) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/14/2013 05/03/2013 05/16/2013 07/12/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1991, #1992 and #1993); HMAC (Certs. #1204 and #1205); RNG (Cert. #1046); RSA (Cert. #1033); SHS (Certs. #1746 and #1747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet® 3600 Series sustains reliable connections at higher speeds further from the access point than competing solutions, resulting in up to three times more availability of 450 Mbps rates, and optimizing the performance of more mobile devices. Cisco Aironet® 3600 Series is an innovative, modular platform that offers unparalleled investment protection with future module expansion to support incoming 802.11ac clients with 870 Mbps rates, or offer comprehensive security and spectrum monitoring and control." |
| 1902 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey S250/D250 (Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.5.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/21/2013 03/08/2016 05/31/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip standalone "The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms." |
| 1901 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/21/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without PAA running on HP ProLiant DL585 Red Hat Enterprise Linux 6.2 with PAA running on IBM HS22 Red Hat Enterprise Linux 6.2 without PAA running on IBM HS22 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs. #628, #629, #634 and #635) -Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant) Multi-chip standalone "The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator." |
| 1900 | Gemalto Avenue du Pic de Bertagne - BP100 Gemenos 13881 France Anthony Vella TEL: +33 4 42 36 61 38 FAX: +33 4 42 36 52 36 CST Lab: NVLAP 100432-0 | MultiApp ID V2.1 Platform (Hardware Versions: P5CC081 [1] and P5CC145 [2]; Firmware Versions: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/21/2013 | Overall Level: 3 -Physical Security: Level 4 -FIPS Approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17) -Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman Single-chip "MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment." |
| 1891 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA Tim Myers TEL: 800-MICROSOFT CST Lab: NVLAP 200427-0 | Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Kernel Mode Cryptographic Primitives Library (CNG.SYS) (Software Version: 6.2.9200) (When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/06/2013 01/09/2015 | Overall Level: 1 -Design Assurance: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521 Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode) -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387) -Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Multi-chip standalone "Kernel Mode Cryptographic Primitives Library (CNG.SYS) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter." |
| 1890 | IBM Internet Security Systems, Inc. 6303 Barfield Road Atlanta, GA 30328 USA Scott Sinsel TEL: 404-236-2722 FAX: 404-236-2632 CST Lab: NVLAP 200416-0 | SiteProtector Cryptographic Module (Software Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/19/2013 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270 -FIPS Approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090) -Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts." |
| 1888 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco Aironet 1552E Outdoor Access Point (Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1, 7.2.115.2 or 7.0.251.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/11/2013 03/28/2013 05/03/2013 05/16/2013 07/12/2013 02/20/2014 02/20/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera." |
| 1886 | Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA Wallace Davis TEL: 480-333-2189 CST Lab: NVLAP 200427-0 | DMD2050E TRANSEC Module (Hardware Versions: PL-0000192-1, Revision A; Firmware Version: 1.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5 Multi-chip embedded "The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic." |
| 1882 | Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA Entrust Sales CST Lab: NVLAP 100432-0 | Entrust IdentityGuard PIV Credential (Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799) (When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9) PIV Certificate #33 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/08/2013 02/06/2014 05/28/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5); CVL (Certs. #219 and #223) -Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model." |
| 1879 | TechGuard Security 28 Hawk Ridge Circle Suite 107 Lake St. Louis, MO 63367 USA David Maestas TEL: 636-489-2230 CST Lab: NVLAP 200002-0 | PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance (Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 02/04/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries." |
| 1877 | Palo Alto Networks 3300 Olcott Street Santa Clara, CA 95054 USA Jake Bajic TEL: 408-753-3901 FAX: 408-753-4001 CST Lab: NVLAP 100432-0 | PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls (Hardware Versions: HW P/Ns 910‐000006‐00O Rev. O with FIPS Kit P/N 920‐000005‐00A Rev. A (PA‐500), 910‐000094‐00O Rev. O with FIPS Kit P/N 920‐000005‐00A (PA‐500‐2GB), 910‐000004‐00Z Rev. Z with FIPS Kit P/N 920‐000004‐00A Rev. A (PA‐2020), 910‐000003‐00Z Rev. Z with FIPS Kit P/N 920‐000004‐00A Rev. A (PA‐2050), 910‐000002‐00AB Rev. AB with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4020), HW P/N 910‐000001‐00AB Rev. AB with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4050), 910‐000005‐00S Rev. S with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4060), 910‐000010‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5020), 910‐000009‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5050) and 910‐000008‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5060); Firmware Version: 4.0.10 or 4.0.12‐h2) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/30/2013 08/16/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications." |
| 1875 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0, 7.0.240.0, 7.0.250.0 or 7.0.251.2) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/25/2013 02/20/2014 02/20/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 1874 | Ultra Stereo Labs, Inc. 181 Bonetti Drive San Luis Obispo, CA 93401 USA Larry McCrigler TEL: 805-549-0161 FAX: 805-549-0163 CST Lab: NVLAP 100432-0 | IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks (Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/18/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI Multi-chip embedded "The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas." |
| 1872 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 4150F (Hardware Versions: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1871 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 2150F (Hardware Versions: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1870 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100F (Hardware Versions: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/08/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant) Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1869 | WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA Peter Eng TEL: 206-613-6600 CST Lab: NVLAP 200556-0 | XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23] (Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/21/2012 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5 Multi-chip standalone "WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need." |
| 1868 | Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA Main Office TEL: 601-519-0123 FAX: 601-510-9080 Stella Kwon TEL: 703-736-8363 FAX: 601-510-9080 CST Lab: NVLAP 200002-0 | B200™, B300™ and B400™ Remote Support Appliances (Hardware Versions: B200 [1], B300r1 [2], B300r2 [4] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3,4]; Front Bezels: (FB000300 [2,4] and FB000400 [3]); Firmware Versions: 3.3.2FIPS [1,2,3], 3.4.0FIPS [1,2], 3.4.1FIPS [1,2] and 3.5.1FIPS [1,2,4]; Software Versions: 12.1.6FIPS [1,2,3], 13.1.3FIPS [1,2] and 14.3.3FIPS [1,2,4]) (When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/15/2013 04/08/2014 10/31/2014 07/06/2015 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #2219, #2543, #3033 and #3340); Triple-DES (Certs. #1389, #1538, #1774 and #1909); RSA (Certs. #1136, #1297, #1575 and #1715); SHS (Certs. #1910, #2143, #2531 and #2774); HMAC (Certs. #1350, #1564, #1915 and #2130); RNG (Certs. #1113, #1208, #1311 and #1372) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions." |
| 1866 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0 | FortiGate-3950B/3951B (Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/19/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network." |
| 1865 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware (Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2] or ArubaOS_MMC_6.1.4.5-FIPS [1] and Dell_PCW_MMC_6.1.4.5-FIPS [2] or ArubaOS_MMC_6.1.4.7-FIPS [1] and Dell_PCW_MMC_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/18/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services" |
| 1861 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200900-0 | RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks) (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/10/2012 02/12/2016 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with VxWorks (single user mode) -FIPS Approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture." |
| 1857 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0 | Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities." |
| 1856 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0 | Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/29/2012 12/03/2012 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities." |
| 1855 | Nexus Wireless Artists Court 15 Manette Street London W1D 4AP United Kingdom Paul Richards TEL: +44-207-734-0200 FAX: +44-207-734-0210 CST Lab: NVLAP 200416-0 | Nexus FIPS 140-2 Crypto Module (Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/18/2013 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524) -Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment.The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification.The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra" |
| 1853 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.230.0, 7.0.240.0, 7.0.250.0 or 7.0.251.2) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 02/20/2014 02/20/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management." |
| 1852 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0 | FortiWiFi-60C (Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1851 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center (Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 12/12/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 1850 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200427-0 | RSA BSAFE® Crypto-C Micro Edition (Software Versions: 3.0.0.16 [1], 3.0.0.20 [2] and 3.0.0.25 [3]) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/29/2012 01/24/2013 06/24/2013 07/23/2015 02/12/2016 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) [1] Wind River VxWorks General Purpose Platform 6.8 running on a Fuji Xerox 960K 61580 [2] Wind River VxWorks General Purpose Platform 6.8.2 running on an Arm11 MPCore [3] (single-user mode) -FIPS Approved algorithms: AES (Certs. #2018 [1], #2485 [2], and #3429 [3]); DRBG (Certs. #192 [1], #343 [2], and #830 [3]); DSA (Certs. #643 [1], #765 [2], and #966 [3]); ECDSA (Certs. #293 [1], #294 [1], #414 [2], #416 [2], #688[3] and #691 [3]); HMAC (Certs. #1222 [1], #1527 [2], and #2181 [3]); RNG (Certs. #1058 [1], #1203 [2], and #1373 [3]); RSA (Certs. #1047 [1], #1274 [2], and #1755 [3]); SHS (Certs. #1768 [1], #2103 [2] and #2829 [3]); Triple-DES (Certs. #1303 [1], #1523 [2], and #1934 [3]) -Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more." |
| 1849 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba AP-60 and AP-61 Wireless Access Points (Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/06/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1848 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 4150E (Hardware Versions: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1847 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 2150E (Hardware Versions: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1846 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100E (Hardware Versions: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/19/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1845 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1843 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0 | Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2 (Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10) (When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) PIV Certificate #30 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 02/06/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed); CVL (Certs. #217 and #224) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
| 1842 | Dell Software, Inc. 5455 Great America Parkway Santa Clara, CA 95054 USA Lawrence Wagner TEL: 408-752-7886 CST Lab: NVLAP 100432-0 | SRA EX6000 and SRA EX7000 (Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 04/21/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4 Multi-chip standalone "Built on Aventail's powerful, proven SSL VPN platform, the Dell SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources." |
| 1841 | InZero Systems 13755 Sunrise Valley Drive Suite 750 Herndon, VA 20171 USA FIPS Product Team TEL: 703-636-2048 FAX: 703-793-1805 CST Lab: NVLAP 200002-0 | InZero Gateway (Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/29/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility." |
| 1840 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware (Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS or ArubaOS_MMC_6.1.4.1-FIPS or ArubaOS_MMC_6.1.4.5-FIPS or ArubaOS_MMC_6.1.4.7-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/11/2013 03/08/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services" |
| 1838 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points (Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/08/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1836 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Rohit Mathur TEL: +61 7 3032 5220 CST Lab: NVLAP 200900-0 | RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS) (Software Versions: 3.0.0.1 and 3.0.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/08/2012 02/12/2016 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with pSOS (single user mode) -FIPS Approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture." |
| 1834 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0 | FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3] (Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/08/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1833 | Motorola Solutions, Inc. One Motorola Plaza Holtsville, NY 11742 USA Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164 CST Lab: NVLAP 200968-0 | Fusion 802.1x Authentication Supplicant (Software Version: H_3.40.0.0.19) (When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/07/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002 Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. #1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4 Multi-chip standalone "Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government" |
| 1832 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0 | FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/07/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1830 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0 | FortiGate-5140 Chassis with FortiGate 5000 Series Blades (Hardware Versions: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1829 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0 | Cisco 5508 Wireless LAN Controller (Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.230.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 05/16/2013 07/12/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 1828 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points (Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1827 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0 | Symantec Scanner Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/05/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with CentOS 5.5 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts." |
| 1825 | TIBCO LogLogic®, Inc. 110 Rose Orchard Way Suite 200 San Jose, CA 95134 USA Thor Taylor TEL: 408-215-5941 Phuong Hoang TEL: (408) 731-7022 CST Lab: NVLAP 200928-0 | LogLogic Communications Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/25/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode) -FIPS Approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data." |
| 1822 | Data-Pac Mailing Systems Corp. 1217 Bay Road Webster, NY 14580 USA Ken Yankloski TEL: 585-787-7074 FAX: 585-671-1409 John Keirsbilck TEL: 585-787-7077 FAX: 585-671-1409 CST Lab: NVLAP 200427-0 | iButton Postal Security Device (Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/01/2012 | Overall Level: 3 -Physical Security: Level 3 +EFT -FIPS Approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526) -Other algorithms: N/A Multi-chip standalone "The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds." |
| 1821 | Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middelsex NW10 0UF United Kingdom Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 Samik Halai TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0 | Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2] (Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/01/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666) -Other algorithms: NDRNG Multi-chip standalone "The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint." |
| 1820 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points (Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/05/2012 01/24/2013 11/14/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1819 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0 | Symantec Control Center Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/12/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5 Multi-chip standalone |
| 1816 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey S250/D250 (Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.0.1 or 4.0.2) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2012 01/04/2013 03/08/2016 05/26/2016 05/26/2016 05/26/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms." |
| 1815 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points (Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2012 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n." |
| 1814 | Websense, Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA Joshua Rosenthol TEL: 858-320-3684 CST Lab: NVLAP 200928-0 | Crypto Module C (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2012 01/22/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 32-bit Red Hat Enterprise Linux 6 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant) Multi-chip standalone "Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions." |
| 1813 | Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA Guillaume Gavillet FAX: 408-936-1801 Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0 | Junos-FIPS 10.4 L2 OS Cryptographic Module (Firmware Version: 10.4R5) (When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 10/11/2012 | Overall Level: 2 -Design Assurance: Level 3 -Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6] Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]) Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]) Blanking Plate (540-015089 Rev02 [5]) Control Boards: (750-009188 [2] and 750-024570 [6]) with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6]) -FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip embedded "Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing." |
| 1812 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise Control Center Virtual Appliance (Software Versions: 5.2.0 and 5.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 10/11/2012 10/31/2012 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with CGLinux (single-user mode) -FIPS Approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products." |
| 1810 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0 | FortiGate-1240B [1] and FortiGate-3140B [2] (Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Versions: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance." |
| 1803 | Websense, Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA Joshua Rosenthol TEL: 858-320-3684 CST Lab: NVLAP 200928-0 | Crypto Module Java (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/25/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5 Multi-chip standalone "The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software." |
| 1802 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware (Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01)) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/07/2012 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management." |
| 1799 | Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0 | CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/04/2012 03/08/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps." |
| 1798 | Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0 | CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/06/2012 03/08/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps." |
| 1797 | Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0 | CEP10G VSE (Hardware Versions: [CEP10G VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/04/2012 03/08/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps." |
| 1796 | Brocade Communications Systems, Inc. 130 Holger W San Jose, CA 95134 USA Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0 | Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch (Hardware Versions: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B]) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/31/2012 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology." |
| 1795 | Giesecke+Devrient Mobile Security America Inc. 45925 Horseshoe Drive Dulles, VA 20166 USA Jatin Deshpande TEL: 669-999-6323 FAX: 650-312-8129 Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0 | Sm@rtCafé Expert 6.0 FIPS (Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2012 07/14/2017 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications." |
| 1793 | HID Global 15370 Barranca Pkwy Irvine, CA 92618 USA Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101 CST Lab: NVLAP 100432-0 | HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2 (Hardware Version: P/N P5CD145; Firmware Versions: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1) PIV Certificate #29 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/28/2012 02/06/2014 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885); CVL (Cert. #219) -Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model." |
| 1792 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/24/2012 10/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 1791 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/24/2012 10/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode." |
| 1790 | ARX (Algorithmic Research) 10 Nevatim Street Petah-Tikva 49561 Israel Ezer Farhi TEL: +972-39279529 FAX: +972-39230864 CST Lab: NVLAP 200002-0 | PrivateServer (Hardware Version: 4.7; Firmware Version: 4.8.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/05/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196) -Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; DES MAC Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability." |
| 1789 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032 (Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1788 | Q1 Labs 890 Winter Street Suite 230 Waltham, MA 02451 USA Ellen Knickle TEL: 506-444-6870 FAX: 506-459-7016 Peter Clark TEL: 506-635-4900 FAX: 506-459-7016 CST Lab: NVLAP 200427-0 | Cryptographic Security Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/22/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7 CentOS 5.7 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5, RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine." |
| 1787 | GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA Pranay Kumar TEL: 877-743-2872 FAX: (877) 643-2872 CST Lab: NVLAP 100432-0 | IMB (Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box Multi-chip embedded "A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging." |
| 1784 | Hewlett-Packard Company 8000 Foothills Blvd Rosevillle, CA 95747 USA Sunil Amanna TEL: 916-785-1183 FAX: 916-785-1103 Harjit Dhillon TEL: 916-785-0341 FAX: 916-785-1103 CST Lab: NVLAP 200002-0 | HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series (Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B] [C]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B] [C]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B] [C]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B] [C]); Fabric Module: (two J9093A [3,4] [A] [B] [C]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A], K.15.07.0012 [B] and K.15.09.0004 [C]) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/15/2012 12/13/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership." |
| 1782 | SafeNet, Inc. 20 Colonnade Drive Suite 200 Ottawa, Ontario K2E 7M6 Canada Security and Certifications Team CST Lab: NVLAP 200427-0 | ProtectServer Internal Express (PSI-e) (Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00, 3.20.01, 3.20.05, 3.20.09 and 3.20.10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2012 11/05/2012 10/16/2014 01/27/2016 07/07/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip embedded "The SafeNet PSI-e is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), anextensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for keystorage, a hardware random number generator, and an RTC." |
| 1781 | Valid S/A Av. Paulista, 1000, terreo Sao Paulo 01310-100 Brazil Carlos Okada TEL: +55 11 2575-6800 FAX: +55 11 2575-6500 CST Lab: NVLAP 100432-0 | IDflex V (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/07/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications." |
| 1777 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Nathan Turajski TEL: 954-888-6201 CST Lab: NVLAP 200427-0 | Thales e-Security keyAuthority® (Hardware Version: 1.0; Firmware Version: 3.0.3) (This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/07/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices." |
| 1776 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0 | Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/01/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services." |
| 1775 | SafeNet, Inc. 20 Colonnade Road Suite 200 Nepean, Ontario K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0 | Luna® PCM Key Export (KE) Cryptographic Module (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/01/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance." |
| 1774 | SafeNet, Inc. 20 Colonnade Road, Suite 200 Ottawa, ON K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0 | Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 08/01/2012 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance." |
| 1772 | Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA Guillaume Gavillet FAX: 408-936-1801 Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0 | Junos-FIPS 10.4 L1 OS Cryptographic Module (Firmware Version: 10.4R5) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/31/2012 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i] -FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip embedded "Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing." |
| 1771 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Version: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/31/2012 08/07/2012 01/04/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat" |
| 1769 | Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, Québec H4S 0A4 Canada Gilbert Moineau TEL: 514-920-4250 CST Lab: NVLAP 200002-0 | HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller (Hardware Versions: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Versions: 5.6.0 [A] and K.15.07.0003 [B]) (When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921) -Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions." |
| 1768 | Blue Coat® Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200928-0 | ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3] (Hardware Versions: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Version: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 08/07/2012 01/04/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat" |
| 1765 | Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0 | BlackBerry Cryptographic Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/31/2012 10/10/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit Solaris 10, 64-bit Red Hat Linux AS 5.5, 32-bit Red Hat Linux AS 5.5, 64-bit Windows Vista, 32-bit Windows Vista, 64-bit Windows 2008 Server, 64-bit] (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products." |
| 1763 | Motorola Solutions, Inc. Unit A1, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom Richard Carter TEL: +44 1364 655504 FAX: +44 1364 654625 CST Lab: NVLAP 100432-0 | Motorola PTP 800 Series CMU Cryptographic Module (Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2012 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution." |
| 1761 | Motorola Solutions, Inc. 1303 E. Algonquin Rd Schaumburg, IL 60196 USA Richard Carter TEL: 44-0-1364-655500 FAX: 44-0-1364-654625 CST Lab: NVLAP 100432-0 | Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2012 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RADIUS Multi-chip standalone "PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations." |
| 1760 | Catbird Networks, Inc. 1800 Green Hills Road Suite 113 Scotts Valley, CA 95066 USA Michael Berman TEL: 800-673-6775 CST Lab: NVLAP 100432-0 | Catbird vSecurity Crypto Module v1.0 (Software Version: v1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2012 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track." |
| 1759 | Cummings Engineering Consultants, Inc. 145 S. 79th St. Suite 26 Chandler, AZ 85226 USA Darren Cummings TEL: 480-809-6024 CST Lab: NVLAP 100432-0 | Cummings Engineering's Secure Mobility Suite B Crypto Module (Software Version: v1.0 or v1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2012 04/19/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON Ubuntu 10.04 running on Intel Pentium Fedora 14 running on Intel Core i5 with PAA Windows 7 running on Intel Core i5 with PAA Windows 7 running on Intel Celeron Android 2.2 running on Intel Pentium Android 2.2 running on Intel Core i5 with PAA: Apple OS X 10.7 running on Intel Core i7-3615QM Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (single-user mode) -FIPS Approved algorithms: AES (Certs. #1916 and #2373); DRBG (Certs. #161 and #309); DSA (Certs. #607 and #744); HMAC (Certs. #1151 and #1475); RNG (Certs. #1007 and #1178); RSA (Certs. #984 and #1228); SHS (Certs. #1681 and #2045); Triple-DES (Certs. #1246 and #1484); ECDSA (Certs. #272 and #391); CVL (Certs. #13 and #64) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens." |
| 1758 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2012 10/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs. #1129, #1130, #1134 and #1135) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2." |
| 1757 | Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 TEL: 919-754-3700 FAX: 919-754-3701 CST Lab: NVLAP 200658-0 | Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/27/2012 10/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2." |
| 1756 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2] (Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters." |
| 1755 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | NetScreen-5200 [1] and Netscreen-5400 [2] (Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/27/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters." |
| 1754 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0 | FortiOS™ (Firmware Version: 4.0 MR3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 07/17/2012 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate 3950B -FIPS Approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities." |
| 1753 | Utimaco® Safeware AG Hohemarkstrasse 22 Oberursel, Hessen D-61440 Germany Dr. Gesa Ott TEL: +49 241-1696-200 FAX: +49 241-1696-199 CST Lab: NVLAP 100432-0 | SafeGuard® CryptoServer Se (Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/24/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant) Multi-chip embedded "SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator." |
| 1752 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2012 07/18/2012 12/12/2012 01/10/2014 01/30/2017 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 1751 | Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Ken Fuchs TEL: 847-387-2670 CST Lab: NVLAP 100432-0 | Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2012 07/18/2012 12/12/2012 01/10/2014 01/30/2017 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management." |
| 1748 | Vocality International Ltd Lydling Barn, Puttenham Lane Shackleford, Surrey GU8 6AP United Kingdom Martin Saunders TEL: +44 1483 813130 FAX: +44 1483 813121 CST Lab: NVLAP 100432-0 | BASICS IP PC104 (Hardware Version: 68551-01-1/68551C6; Firmware Version: 08_42.05) (When configured in FIPS mode as specified in Section 8 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/27/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip embedded "The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones." |
| 1745 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0 | Vormetric Data Security Server Module (Hardware Version: 1.0; Firmware Version: 4.4.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/25/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module." |
| 1735 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0 | IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module (Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 06/25/2012 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode) -FIPS Approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2 Multi-chip standalone "z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files." |
| 1734 | Kingston Technology Company, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA Jason J. Chen TEL: 714-445-3449 FAX: 714-438-2765 Joel Tang TEL: 714-445-3433 FAX: 714-438-2765 CST Lab: NVLAP 100432-0 | IronKey S250/D250 (Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64, and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.0.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/21/2012 03/08/2016 05/26/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms." |
| 1732 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Gorczyca CST Lab: NVLAP 200556-0 | Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0.0.2) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/20/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation." |
| 1731 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | SSG 320M and SSG 350M (Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/12/2012 07/24/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters." |
| 1730 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks SSG 520M and SSG 550M (Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/12/2012 07/24/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters." |
| 1728 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 100432-0 | Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/01/2012 06/21/2012 03/13/2015 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management." |
| 1727 | Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0 | Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware (Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2] or ArubaOS_6xx_6.1.4.5-FIPS [1] and Dell_PCW_6xx_6.1.4.5-FIPS [2] or ArubaOS_6xx_6.1.4.7-FIPS [1] and Dell_PCW_6xx_6.1.4.7-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/24/2012 01/24/2013 07/26/2013 01/23/2014 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform." |
| 1726 | Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0 | Voltage IBE Cryptographic Module for z/OS (Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Firmware Version: 4764-001(2096a16d); Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 05/31/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108 -FIPS Approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139) -Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES Multi-chip standalone "The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic." |
| 1724 | Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA Tim Young TEL: 301-428-1632 CST Lab: NVLAP 200427-0 | Hughes SPACEWAY Crypto Kernel (Firmware Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 05/23/2012 | Overall Level: 1 -Tested: ST HN9500 with VxWorks 5.4 AGW2 with VxWorks 5.4 AGW5 with VxWorks 5.4 -FIPS Approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone "The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems." |
| 1723 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | SSG 140 (Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/23/2012 07/24/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters." |
| 1721 | Vormetric, Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0 | Vormetric Encryption Expert Cryptographic Module (Software Version: 4.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 05/23/2012 06/05/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows 2003 32-bit Windows 2008 64-bit Solaris 10 64-bit Redhat Linux 5.7 64-bit HPUX 11i v3 64-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services." |
| 1720 | Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder D-16547 Germany Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0 | mRevenector 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/23/2012 | Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346) -Other algorithms: NDRNG Multi-chip embedded "mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware." |
| 1719 | Green Hills Software 30 W Sola Street Santa Barbara, CA 93101 USA David Sequino TEL: 206-310-6795 FAX: 978-383-0560 Douglas Kovach TEL: 727-781-4909 FAX: 727-781-3915 CST Lab: NVLAP 200427-0 | INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 1.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/22/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with RHEL 5 Green Hills Software INTEGRITY OS v5.0.11 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546) -Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (non-compliant) Multi-chip standalone "Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems." |
| 1718 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks LN1000 Mobile Secure Router (Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/07/2012 12/11/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids." |
| 1716 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/02/2012 | Overall Level: 2 Multi-chip standalone |
| 1715 | Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, Québec H4S 0A4 Canada Gilbert Moineau TEL: 514-920-4250 CST Lab: NVLAP 200002-0 | HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9] (Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 05/03/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916) -Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn." |
| 1714 | Honeywell Scanning and Mobility (HSM) - USA 700 Visions Dr, PO Box 208 Building A Skaneateles Falls, NY 13153-0208 USA Mike Robinson TEL: 315-554-6387 FAX: 856-232-2932 Tom Amundsen TEL: 856-374-5589 FAX: 856-232-2932 CST Lab: NVLAP 200928-0 | Scanning and Mobility FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 07/11/2012 07/12/2012 | Overall Level: 1 -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025 ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API." |
| 1713 | Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0 | BlackBerry Cryptographic Library (Software Versions: 2.0.0.10 and 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 05/03/2012 01/24/2013 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products." |
| 1710 | Red Hat®, Inc. 100 East Davie Street Raleigh, NC 27601 USA Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0 | NSS Freebl Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 04/30/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode) -FIPS Approved algorithms: DSA (Cert. #602); SHS (Cert. #1675) -Other algorithms: MD2; MD5 Multi-chip standalone "The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/" |
| 1709 | Hewlett-Packard TippingPoint 14231 Tandem Blvd Austin, TX 78728 USA Dinesh Vakharia TEL: 512-432-2628 Freddie Jimenez Jr. TEL: 512-432-2907 CST Lab: NVLAP 200427-0 | HP TippingPoint Intrusion Prevention System (Hardware Version: S6100N; Firmware Version: 3.2.1.1639) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/27/2012 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS Approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical." |
| 1707 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0 | FortiMail-3000C (Hardware Version: C4GY52; Firmware Versions: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/12/2012 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities." |
| 1706 | Fortinet, Inc. 326 Moodie Drive Ottawa, Ontario K2H 8G3 Canada Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0 | FortiMail™ OS (Firmware Versions: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 04/12/2012 | Overall Level: 1 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiMail-3000C -FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities." |
| 1704 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks SRX650 Services Gateways (Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 04/05/2012 12/11/2013 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven" |
| 1703 | S&C Electric Company 6601 Northridge Boulevard Chicago, IL 60626-3997 USA Prakash Ramadass TEL: 510-749-5648 FAX: 510-864-6860 CST Lab: NVLAP 100432-0 | IntelliCom WAN 1720 (Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 04/03/2012 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133) -Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "IntelliCom™ WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node." |
| 1701 | Apple Inc. 11921 Freedom Drive Reston, VA 20190 USA Shawn Geddis TEL: 703-264-5103 CST Lab: NVLAP 200002-0 | Apple FIPS Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/30/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216) -Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant key generation) Multi-chip standalone "Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications." |
| 1700 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs) (Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Versions: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/28/2012 04/02/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients." |
| 1699 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 CST Lab: NVLAP 200556-0 | McAfee EMM Cryptographic Module (Software Version: 1.0) (When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/28/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081) -Other algorithms: N/A Multi-chip standalone "The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing." |
| 1698 | Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0 | HIBUN Cryptographic Module for Pre-boot (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 Consolidated Validation Certificate JCMVP Cert. #J0017 Security Policy | Software | 03/28/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment." |
| 1697 | Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0 | HIBUN Cryptographic Module for Kernel-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 Consolidated Validation Certificate JCMVP Cert. #J0016 Security Policy | Software | 03/28/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional Windows Vista Ultimate Windows 7 Ultimate Windows 7 Ultimate 64bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode.Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)" |
| 1696 | Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0 | HIBUN Cryptographic Module for User-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 Consolidated Validation Certificate JCMVP Cert. #J0015 Security Policy | Software | 03/28/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional Windows Vista Ultimate Windows 7 Ultimate Windows 7 Ultimate 64bit Linux Kernel 2.6 (Fedora 12) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode.Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)" |
| 1695 | NEC Corporation 1753 Shimonumabe Nakahara-ku Kawasaki, Kanagawa 211-8666 Japan NEC Corporation TEL: +81-44-455-8326 CST Lab: NVLAP 200835-0 | iPASOLINK MODEM AES Card (Hardware Version: 5.00; Firmware Version: NWA-055300-004) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 05/18/2012 | Overall Level: 1 -FIPS Approved algorithms: AES (Cert. #1834) -Other algorithms: N/A Multi-chip embedded "iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR." |
| 1692 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Firmware Version: 4765-001 (e1ced7a0); Software Versions: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 03/12/2012 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)) Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions." |
| 1691 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/09/2012 | Overall Level: 3 Multi-chip standalone |
| 1690 | Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat 13705 France Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0 | Protiva PIV v1.55 on TOP DL v2 (Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55) (When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) PIV Certificate #27 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/09/2012 02/06/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved." |
| 1689 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G (Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2 or 9.4(2)) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/09/2012 12/31/2014 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design." |
| 1688 | Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 200427-0 | Momentus® FDE Attached Storage Drives FIPS 140 Module (Hardware Version: ST9500326AS; Firmware Version: 566) (When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/09/2012 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697) -Other algorithms: DES Multi-chip embedded "The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download." |
| 1687 | Mitsubishi Space Software Co., Ltd. Tsukuba Mitsui Bldg., 1-6-1, Takezono Tsukuba-shi, Ibaraki-ken 305-0032 Japan Shinichi Shimazaki TEL: +81-29-856-0154 FAX: +81-29-859-0320 Ikuo Shionoya TEL: +81-29-856-0154 FAX: +81-29-859-0320 CST Lab: NVLAP 200928-0 | Command Encryption Module (Firmware Version: 2.0) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 03/30/2012 | Overall Level: 2 -EMI/EMC: Level 3 -Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000 -FIPS Approved algorithms: Triple-DES (Cert. #1119) Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions." |
| 1686 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2] (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/09/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with PAA Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with PAA) [1] (McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without PAA McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with PAA) [2] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Certs. #1124 and #1125); SHS (Certs. #1653 and #1654); -Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone |
| 1685 | ZyFLEX Technologies Incorporation 4F, No.5-2, Industry E. 9th Rd. Science Park Hsinchu Hsin-Chu, Taiwan 30075 Republic of China Nick Tseng TEL: +886-3-5679168 FAX: +886-3-5679188 CST Lab: NVLAP 200824-0 | ZyFLEX Crypto Module ZCM-100 (Hardware Version: AAM; Firmware Version: 1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 03/09/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio." |
| 1684 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA Vinnie Moscaritolo TEL: 650-527-9000 CST Lab: NVLAP 200802-0 | PGP Cryptographic Engine (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/24/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7 IOS 5 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043) -Other algorithms: AES (EME2 mode; non-compliant) Multi-chip standalone "The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption." |
| 1683 | UTC Fire & Security Americas Corporation, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA Michael O’Brien TEL: 585-267-8345 FAX: 585-248-9185 CST Lab: NVLAP 100432-0 | Lenel OnGuard Communication Server (Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500) (When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)]) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/15/2012 08/14/2015 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 Microsoft Windows Server 2008 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1650); RNG (Cert. #882) -Other algorithms: RC2 Multi-chip standalone "The Lenel OnGuard Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution." |
| 1682 | Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0 | Voltage IBE Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 02/14/2012 02/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115) -Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 112 bits encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman; DES Multi-chip standalone "Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES" |
| 1681 | Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA Vinnie Moscaritolo TEL: 650-527-8000 CST Lab: NVLAP 200802-0 | PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/28/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional SP3 Mac OS X 10.7 Linux, 32-bit: CentOS 5.5 iOS 5 (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products." |
| 1680 | Absolute Software Corporation Suite 1600, Four Bentall Centre 1055 Dunsmuir Street PO Box 49211 Vancouver, BC V7X 1K8 Canada Tim Parker TEL: 604-730-9851 ext. 194 FAX: 604-730-2621 CST Lab: NVLAP 200556-0 | Absolute Encryption Engine (Software Version: 1.2.0.46) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/14/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit Windows 7 32-bit Windows XP 32-bit Windows Vista 32-bit Windows Vista 64-bit Red Hat Enterprise Linux (RHEL) 6 32-bit Mac OS X v10.6.7 32-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1610); RNG (Cert. #864) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product." |
| 1679 | Senetas Corporation Ltd. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia John Weston TEL: +61 (3) 9868 4515 FAX: +61 (3) 9821 4899 Horst Marcinsky TEL: +61 (3) 9868 45555 FAX: +61 (3) 9821 4899 CST Lab: NVLAP 200426-0 | CN1000 Fibre Channel Encryptor (Hardware Version: A5175B; Firmware Version: 1.9.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/14/2012 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms." |
| 1678 | Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129 Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0 | StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0 (Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/09/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength) Multi-chip standalone "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications." |
| 1677 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0 (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/09/2012 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with PAA Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654) -Other algorithms: RC5; AES (non-compliant) Multi-chip standalone |
| 1676 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0 | Symantec Java Cryptographic Module Version 1.1 (Software Version: 1.1) (When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 03/09/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0 Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant) Multi-chip standalone "The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite." |
| 1675 | Uplogix, Inc. 7600B N. Capital of Texas Highway Austin, TX 78731 USA Martta Howard TEL: 512-857-7043 CST Lab: NVLAP 200427-0 | Uplogix 430 [1] and 3200 [2] (Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally.Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies." |
| 1673 | Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0 | Secure Router 2330 (Hardware Versions: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/06/2012 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert. #942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80) -Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant) Multi-chip standalone "The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs." |
| 1672 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA William F Penny TEL: 845-435-3010 FAX: 845-433-7510 James Sweeny TEL: 845-435-7453 FAX: 845-435-8530 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module (Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Firmware Versions: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0); Software Versions: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software-Hybrid | 02/06/2012 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool Multi-chip standalone "The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards." |
| 1671 | Sensage, Inc. 1400 Bridge Parkway Suite 202 Redwood City, CA 94065 USA Brad Kekst TEL: 415-215-3567 FAX: 650-631-2810 Rao Yendluri TEL: 650-830-0484 FAX: 650-631-2810 CST Lab: NVLAP 200002-0 | CryptoCore Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 02/06/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1 Redhat Enterprise Linux Version 5.5 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product." |
| 1670 | Dolby Laboratories, Inc. 100 Potrero Avenue San Francisco, CA 94103 USA Dean Bullock TEL: 415-645-5336 FAX: 415-645-4000 CST Lab: NVLAP 100432-0 | CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC (Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 02/02/2012 02/09/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy." |
| 1668 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Common Cryptographic Module (C3M) (Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 01/19/2012 02/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with PAA Red Hat Enterprise Linux v5 running on Intel Xeon with PAA or Intel Core i7 with PAA (single-user mode) -FIPS Approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols." |
| 1667 | Qube Cinema, Inc. 601 S. Glenoaks Blvd. Ste. 102 Burbank, CA 91502 USA Rajesh Ramachandran TEL: 818-392-8155 FAX: 818-301-0401 CST Lab: NVLAP 100432-0 | Secure Media Block (Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/11/2012 06/21/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip embedded "The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium." |
| 1666 | Motorola Mobility, Inc. 600 North US Highway 45 Libertyville, IL 60048 USA Ed Simon TEL: 800-617-2403 CST Lab: NVLAP 100432-0 | Motorola Mobility Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 01/25/2012 03/07/2012 03/14/2012 05/29/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.3 Android 4.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home." |
| 1665 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 S (Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/10/2012 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 1664 | Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, Ontario L4W 0B5 Canada Certicom Sales TEL: 905-507-4220 FAX: 905-507-4230 Kris Orr TEL: 289-261-4104 FAX: 905-507-4230 CST Lab: NVLAP 200928-0 | Security Builder® FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 01/10/2012 03/30/2012 | Overall Level: 1 -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025 ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API." |
| 1663 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2012 | Overall Level: 2 Multi-chip standalone |
| 1662 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 4150F (Hardware Versions: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/29/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1661 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 2150F (Hardware Versions: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/29/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications" |
| 1660 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100F (Hardware Versions: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/29/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1659 | A10 Networks, Inc. 2309 Bering Drive San Jose, CA 95131 USA John Chiong TEL: 408-325-8668 FAX: 408-325-8666 CST Lab: NVLAP 200648-0 | AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11 (Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/29/2011 06/14/2012 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933) -Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications." |
| 1658 | Samsung Electronics Co., Ltd. 275-18, Samsung 1-ro Hwaseong-si, Gyeonggi-do 445-330 Korea Jisoo Kim TEL: +82-31-208-3870 FAX: +82-10-3204-4201 CST Lab: NVLAP 200648-0 | Samsung SSD PM810 SED FIPS 140 Module (Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/29/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878) -Other algorithms: N/A Multi-chip standalone "SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal." |
| 1657 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Catalyst 3560-X and 3750-X Switches (Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/22/2011 02/23/2012 05/29/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength) Multi-chip standalone "Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules.The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev" |
| 1656 | SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0 | Luna® PCI Cryptographic Module for Luna® IS and RSS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/22/2011 01/11/2012 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed) -Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card." |
| 1655 | Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0 | Concepteers Teleconsole TCS6U4W (Hardware Version: A2; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/15/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (2) (non-compliant); RC4; Multi-chip standalone "The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance." |
| 1654 | Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA Michael Hong TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200648-0 | Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW (Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2011 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (non-compliant); SHS (non-compliant) Multi-chip standalone "Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS" |
| 1653 | McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2011 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 1652 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | SSG 5 and SSG 20 (Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 12/15/2011 07/24/2012 12/11/2013 | Overall Level: 2 -FIPS Approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters." |
| 1651 | Nexgrid, LLC 4444 Germanna Hwy Locust Grove, VA 22508 USA Thomas McLure TEL: 888-556-0911 ext 1010 FAX: 703-562-8385 Haim Shaul TEL: 888-556-0911 ext 1003 FAX: 703-562-8385 CST Lab: NVLAP 200427-0 | ecoNet smart grid gateways: ecoNet SL and ecoNet MSA (Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/05/2012 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 224 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring." |
| 1650 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Unified IP Phone 6921, 6941, 6945 and 6961 (Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1 or 9.4(1)SR1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/14/2011 02/23/2012 12/31/2014 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design." |
| 1649 | AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0 | SpectraGuard® Enterprise Server (Firmware Version: 6.5.35) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 12/14/2011 01/31/2012 | Overall Level: 1 -Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2 -FIPS Approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 178 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160 Multi-chip standalone "The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks" |
| 1648 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Ross Choi TEL: 972-761-7628 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0 | Samsung Kernel Crypto API Cryptographic Module (Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2) (When operated in FIPS mode and only on the specific platforms specified on the reverse) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/14/2011 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1) Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009) -Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash) Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest." |
| 1647 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Unified IP Phone 6901 and 6911 (Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1 or 9.3.1 SR1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/22/2011 02/23/2012 12/31/2014 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design." |
| 1646 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0 | Network Security Platform Sensor M-8000 P (Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/06/2011 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks." |
| 1645 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Web Gateway WG5000 and WG5500 Appliances (Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 12/15/2011 01/17/2012 08/24/2012 08/24/2012 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875) -Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant) Multi-chip standalone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic." |
| 1644 | VMware, Inc. 3401 Hillview Avenue Palo Alto, CA 94304 USA Pam Takahama TEL: 650-427-2063 CST Lab: NVLAP 200556-0 | PCoIP Cryptographic Module for VMware View (Software Version: 3.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 12/06/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850 Microsoft Windows XP running on a Dell Optiplex GX260 Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850 -FIPS Approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964) -Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications." |
| 1643 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco Common Cryptographic Module (C3M) (Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/29/2011 02/23/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit) Red Hat Enterprise Linux v5 (32-bit and 64-bit) Linux Kernel 2.6.27.7 Yellow Dog Linux 6.2 Windows 7 SP1 (32-bit and 64-bit) Mac OS X 10.6 (32-bit and 64-bit) Openwall Linux 3.0 (32-bit) Android 2.3.3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols." |
| 1642 | U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0 | PKI BLADE Cosmo (Hardware Version: P/N B0; Firmware Versions: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6) PIV Certificate #25 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/21/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3) -Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics." |
| 1641 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/17/2011 05/29/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.3 Android 4.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1640 | Watchdata Technologies Pte Ltd No.2 Yandong Business Park Wanhong West Street Capital Airport Road Beijing, Chaoyang District 100015 People's Republic of China Bai Jing CST Lab: NVLAP 200658-0 | WatchKey USB Token (Hardware Versions: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 11/17/2011 | Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425) -Other algorithms: SHA-1 (non-compliant) Multi-chip standalone "The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users." |
| 1638 | Chunghwa Telecom Co., Ltd. 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0 | HiKey - Flash and HiKey PKI Token (Hardware Versions: 2.0 and 2.1; Firmware Version: 2.0; Software Version: Card OS version 3.2 with PKI Applet: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/16/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839) -Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards." |
| 1637 | Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0 | Security Builder® FIPS Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/16/2011 08/24/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit Solaris 10, 64-bit Red Hat Linux AS 5.5, 32-bit Red Hat Linux AS 5.5, 64-bit Windows Vista, 32-bit Windows Vista, 64-bit Windows 2008 Server, 64-bit (single-user mode) -FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL." |
| 1634 | Pierson Capital Technology LLC 129 North La Salle Street Suite 3800 Chicago, IL 60602 USA Frank Psaila TEL: +86 13501108625 FAX: +86 1085183930 Likely Lee TEL: +86 13810220119 FAX: +86 1085183930 CST Lab: NVLAP 200658-0 | MIIKOO (Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/10/2011 | Overall Level: 3 -FIPS Approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network." |
| 1633 | Doremi Labs 1020 Chestnut St. Burbank, CA 91506 USA Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0 | Dolphin DCI 1.2 (Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/10/2011 06/07/2013 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5 Multi-chip embedded "The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)." |
| 1632 | Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea Ross Choi TEL: 972-761-7628 Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0 | Samsung Key Management Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 11/10/2011 | Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2) Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS Approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform." |
| 1631 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 01/24/2012 05/03/2012 | Overall Level: 2 Multi-chip standalone |
| 1630 | Advantor Systems, LLC 12612 Challenge Parkway Suite 300 Orlando, FL 32826 USA Chuck Perkinson TEL: 407-926-6960 FAX: 407-857-1635 CST Lab: NVLAP 200427-0 | Infraguard Processor Module (Hardware Version: 5.1; Firmware Version: 1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 11/10/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip embedded "The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product." |
| 1629 | Protected Mobility LLC 6259 Executive Blvd Rockville, MD 20852 USA Paul Benware TEL: 585-582-5601 FAX: 585-582-3297 Donald Paris TEL: 301-770-4556 FAX: 240-238-6637 CST Lab: NVLAP 200697-0 | PMCryptolib (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/16/2011 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with iOS 4.2 iOS 4.3 Android 2.2 Android 2.3 Android 3.0 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222) Multi-chip standalone "PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)." |
| 1628 | NAL Research Corporation 9300 West Courthouse Rd. Suite 102 Manassas, VA 20110 USA Peter Kormendi TEL: 703-392-1136 CST Lab: NVLAP 200697-0 | XM Crypto Module (Firmware Version: 1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Firmware | 11/07/2011 | Overall Level: 1 -Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0 -FIPS Approved algorithms: AES (Cert. #1698) -Other algorithms: N/A Multi-chip standalone "A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port." |
| 1626 | ViaSat UK Ltd. Sanford Lane Wareham, Dorset BH20 4DY United Kingdom Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25 CST Lab: NVLAP 200556-0 | FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/31/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano." |
| 1625 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Suite B Module (Software Version: 5.3.1v) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 11/30/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with ThreadX v5.3 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910) -Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1624 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/24/2011 12/21/2011 | Overall Level: 4 Multi-chip embedded |
| 1623 | CST Lab: NVLAP 100432-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/24/2011 12/21/2011 | Overall Level: 4 Multi-chip embedded |
| 1622 | Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0 | CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/24/2011 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 to 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication." |
| 1620 | Klas Ltd 1101 30th Street NW Suite 500 Washington, DC 20007 USA Frank Murray TEL: 866-263-5467 FAX: (866)-532-3091 CST Lab: NVLAP 100432-0 | KlasRouter (Hardware Versions: KlasRouter, Versions 3.02 and 3.03; Firmware Versions: KlasOS3, Version 3.1.0 rc0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant) Multi-chip standalone "KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment." |
| 1619 | Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089-1206 USA Seyed Safakish TEL: 408-745-2000 FAX: 408-745-2100 Bishakha Banerjee TEL: 408-745-2000 FAX: 408-745-2100 CST Lab: NVLAP 100432-0 | FIPS Multi Service PIC (Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/19/2011 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES Multi-chip embedded "The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future." |
| 1618 | CST Lab: NVLAP 200427-0 | Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/18/2011 | Overall Level: 2 Multi-chip standalone |
| 1617 | Dell, Inc. One Dell Way Round Rock, TX 78682 USA CST Lab: NVLAP 200697-0 | Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways (Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/06/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS." |
| 1616 | Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0 | Concepteers Teleconsole E (Hardware Version: rev A1; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/05/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance." |
| 1615 | Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0 | Symantec Java Cryptographic Module (Software Version: 1.0) (This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/30/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5 Multi-chip standalone "The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite." |
| 1613 | Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways (Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/06/2011 11/08/2011 12/11/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven" |
| 1612 | Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0 | Mocana Cryptographic Loadable Kernel Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/29/2011 10/26/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819) -Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com." |
| 1611 | Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks SRX3400 and SRX3600 Services Gateways (Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 10/06/2011 11/08/2011 12/11/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions." |
| 1610 | EMC Corporation 176 South Street Hopkinton, MA 01748 USA Dan Reddy TEL: 508-249-2733 Kerry Mahoney TEL: 508-249-4940 FAX: 508-249-3172 CST Lab: NVLAP 200427-0 | 4 Gb/s FC I/O Module with Encryption (Hardware Version: 303-176-100B B04) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2011 | Overall Level: 1 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1638) -Other algorithms: AES (Cert. #1638, key wrapping) Multi-chip embedded "Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once.EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported." |
| 1609 | AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0 | SpectraGuard® Enterprise Sensor (Hardware Versions: SS-300-AT-C-10 [1] and SS-300-AT-C-60 [2] with SS-FIPS-TPL; Firmware Versions: 6.2.39p1 [1] and 6.7.U4.48FIPS [2]) (When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2011 09/16/2013 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #1310 and #2609); SHS (Certs. #1199 and #2193); RNG (Certs. #732 and #1235); RSA (Certs. #628 and #1335); HMAC (Certs. #763 and #1617) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5 Multi-chip standalone "The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks." |
| 1608 | Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 USA Gloria English TEL: 408-447-3979 Mihai Damian TEL: 408-447-3977 CST Lab: NVLAP 200002-0 | NonStop Volume Level Encryption (NSVLE) (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/26/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0 Debian Linux HPTE Ver. 4.0.0 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert. #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5 Multi-chip standalone |
| 1607 | Verdasys, Inc. 404 Wyman St. Suite 320 Waltham, MA 02451 USA Harvey Morrison TEL: 781-788-8180 CST Lab: NVLAP 200002-0 | Verdasys Secure Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 09/26/2011 08/24/2012 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit Windows XP 64-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (non-compliant) Multi-chip standalone "The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption." |
| 1606 | Fortress™ Technologies, Inc. 2 Technology Park Dr Suite 2200 Oldsmar, FL 34677 USA Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200427-0 | Fortress Mesh Points (Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1) (When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/26/2011 05/17/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits security strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5 Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects." |
| 1605 | Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0 | CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/26/2011 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-complaint); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication." |
| 1604 | Centrify Corporation 785 N. Mary Avenue Suite 200 Sunnyvale, CA 94085 USA Kitty Shih TEL: 408-542-7500 FAX: 408-542-7575 CST Lab: NVLAP 200648-0 | Centrify Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/20/2011 12/01/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.6.5 Mac OS X 10.7 RedHat Enterprise Linux ES v5 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products." |
| 1603 | Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA Mark Kettle TEL: 613-763-2422 FAX: 613-763-7191 Bao-Chau Nguyen TEL: 613-763-1671 FAX: 613-763-7191 CST Lab: NVLAP 200556-0 | Optical Metro 5130 (Hardware Versions: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/20/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS Approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler Multi-chip standalone "The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day." |
| 1602 | Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA 94089 USA Claudio Baserga TEL: 408-936-0961 CST Lab: NVLAP 200697-0 | Juniper Networks SRX5600 and SRX5800 Services Gateways (Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 09/20/2011 11/08/2011 12/11/2013 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant) Multi-chip standalone "Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions." |
| 1601 | McAfee, Inc. 27201 Puerta Real, Suite 400 Mission Viejo, CA 92691 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | McAfee Endpoint Encryption for PCs (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/08/2011 10/04/2011 | Overall Level: 1 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit Windows Vista 64-bit (single-user mode) -FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments." |
| 1600 | IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0 | IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Firmware Version: 4765-001 (e1ced7a0); Software Versions: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software-Hybrid | 09/08/2011 | Overall Level: 1 -Cryptographic Module Specification: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)) Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode) -FIPS Approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions." |
| 1599 | STMicroelectronics, Inc. 750 Canton Drive Suite 300 Coppell, TX 75019 USA Gianfranco Scherini TEL: 408-919-8426 FAX: 408-919-0250 CST Lab: NVLAP 200802-0 | HardCache™-SL3/PC v2.1 (Hardware Version: STM7007) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/20/2011 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security." |
| 1598 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0 | Symantec Cross-Platform Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 09/02/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Windows 2003 Server (32-bit) RHEL 5 (32-bit) Solaris 10 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83) -Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform." |
| 1597 | Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA Main Office TEL: 601-519-0123 FAX: 601-510-9080 Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0 | B200™ and B300™ Remote Support Appliances (Hardware Versions: B200, B300 or B300r1; Firmware Version: 3.2.2 FIPS; Software Version: 10.6.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2011 10/26/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions." |
| 1596 | Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA Main Office TEL: 601-519-0123 FAX: 601-510-9080 Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0 | B400™ Remote Support Appliance (Hardware Version: B400 or B400r1; Firmware Version: 3.2.2 FIPS; Software Version: 10.6.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/31/2011 10/26/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions." |
| 1595 | Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA John Gorczyca CST Lab: NVLAP 200556-0 | Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/31/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 (single-user mode) -FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA (KeyGen, non-compliant); ANSI X9.31 RSA (SigVer, non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation." |
| 1594 | SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0 | SafeNet Ethernet Encryptor, Branch Office (Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2]) (When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 09/27/2011 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Camellia; SEED Multi-chip standalone "The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system." |
| 1593 | Mxtran Inc. 9F, No.16, Li-Hsin Road, Science Park Hsin-chu, Taiwan 300 Republic of China C.W. Pang TEL: +886-3-6661778#29300 FAX: +886-3-6662568 CST Lab: NVLAP 200824-0 | Mxtran Payeeton Solution (Hardware Version: MX11E25644E; Firmware Version: Simker v2.30) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/22/2011 | Overall Level: 3 -FIPS Approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820) -Other algorithms: N/A Single-chip "Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset." |
| 1591 | Symantec Corporation 20330 Stevens Creek Blvd Cupertino, CA 95014 USA John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0 | Symantec Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/12/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943) -Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (Cert. #789, key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform." |
| 1590 | BAE Systems 2525 Network Place Herndon, VA 22171 USA John Ata TEL: 703-736-4384 FAX: 703-736-4348 CST Lab: NVLAP 200427-0 | STOP OS 7 Kernel Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/10/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048) -Other algorithms: DES Multi-chip standalone "The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules." |
| 1589 | ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0 | UEP Cryptographic Module (Software Version: 4.11.10) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/10/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode) -FIPS Approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74) -Other algorithms: N/A Multi-chip standalone "UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest." |
| 1588 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | Agent Cryptographic Module (Software Version: 1.0 or 1.1) (When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/05/2011 04/26/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199); -Other algorithms: NDRNG Multi-chip standalone "McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products." |
| 1587 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | ePO Cryptographic Module (Software Versions: 1.0, 1.1, 1.2, 1.3, or 1.4) (When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 08/05/2011 11/17/2011 04/02/2012 08/16/2012 01/04/2013 | Overall Level: 1 -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode) -FIPS Approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707); -Other algorithms: NDRNG Multi-chip standalone "McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products." |
| 1586 | ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0 | Unified Platform Cryptographic Library (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 08/09/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode) -FIPS Approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish Multi-chip standalone "Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest." |
| 1585 | Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0 | FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Versions: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2011 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network." |
| 1584 | Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0 | FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4] (Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Versions: FortiOS 4.0, build6341, 100617) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2011 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network." |
| 1583 | Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0 | FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7] (Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Versions: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2011 | Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network." |
| 1582 | Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0 | IPCryptR2 (Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/27/2011 | Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -Tested Configuration(s): Level 3 -FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG Multi-chip standalone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems." |
| 1581 | Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA David Ambrose TEL: 703-628-2935 Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0 | Check Point IP Appliance (Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 10/11/2011 | Overall Level: 2 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418) -Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access." |
| 1580 | Hewlett-Packard TippingPoint 7501 N. Capital of Texas Highway Austin, TX 78737 USA Dinesh Vakharia TEL: 512-681-8271 Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0 | HP TippingPoint Security Management System (Firmware Version: 3.2.0.8312.3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Firmware | 08/10/2011 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server -FIPS Approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068) -Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED Multi-chip standalone "The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments." |
| 1576 | Teledyne Webb Research 82 Technology Park Drive East Falmouth, MA 02536 USA David Pingal TEL: 508-548-2077 x 146 CST Lab: NVLAP 200002-0 | MiniCrypt (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 07/21/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26 -FIPS Approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738) -Other algorithms: N/A Multi-chip standalone "MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions." |
| 1575 | Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200556-0 | BlackBerry Smartcard Reader (Hardware Version: 2.0; Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/15/2011 | Overall Level: 3 -FIPS Approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers." |
| 1574 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/15/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit) Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems." |
| 1573 | U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0 | PKI BLADE Applet and Protiva PIV DL Card (Hardware Version: P/N P5CD144 Version A1047808; Firmware Versions: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12) PIV Certificate #22 Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/15/2011 02/06/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450); CVL (Cert. #214) -Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics." |
| 1572 | Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA Hang Liu TEL: 434-455-9610 Dennis Boyer TEL: 919-609-0608 CST Lab: NVLAP 200426-0 | Harris AES Software Load Module (Software Version: 1.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 07/13/2011 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1482) -Other algorithms: N/A Multi-chip standalone "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals." |
| 1571 | Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200002-0 | nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3] (Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30) (When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 07/13/2011 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Triple-DES Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681) -Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures." |
| 1570 | SanDisk Corporation Atir Yeda 7 Kfar-Saba Israel Boris Dolgunov TEL: +972-9-7645000 FAX: +972-3-5488666 CST Lab: NVLAP 100432-0 | Cruzer Enterprise FIPS Edition (Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 08/12/2011 | Overall Level: 2 -EMI/EMC: Level 3 -FIPS Approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises." |
| 1569 | Doremi Labs 1020 Chestnut St. Burbank, CA 91506 USA Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0 | IMB (Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f)) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 07/11/2011 08/16/2012 06/07/2013 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box Multi-chip embedded "The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault™, allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB." |
| 1568 | McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0 | Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/30/2011 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2003 (32-bit) Windows Server 2008 (64 bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems." |
| 1567 | Lumension Security, Inc. 15880 Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 USA Chris Chevalier TEL: 480-970-1025 FAX: 480-970-6323 Ron Smith TEL: 480-663-8763 FAX: 480-970-6323 CST Lab: NVLAP 200002-0 | Lumension Cryptographic Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/27/2011 | Overall Level: 2 -Tested Configuration(s): Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version) Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version) Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version) Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version) -FIPS Approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; ECIES Multi-chip standalone "The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media." |
| 1566 | RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0 | RSA BSAFE® CNG Cryptographic Primitives Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Software | 06/27/2011 01/24/2013 | Overall Level: 1 -Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit) Microsoft Windows 7 (x86_64 64-bit) (single-user mode) -FIPS Approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed." |
| 1565 | Xceedium, Inc. 30 Montgomery Street Suite 1020 Jersey City, NJ 07302 USA Trevor Brown TEL: 613 801 0466 CST Lab: NVLAP 200556-0 | Xceedium Xsuite (Hardware Versions: 5, 5a and 5b; Firmware Version: 1.0.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/23/2011 12/03/2012 10/23/2014 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (Cert. #483; non compliant) Multi-chip standalone "Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control." |
| 1564 | Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163 USA Joe Casebolt TEL: 509-332-1890 FAX: 509-332-7990 CST Lab: NVLAP 100432-0 | SEL-3044 (Hardware Version: 1.0; Firmware Version: R101 or R103) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/23/2011 02/15/2013 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412) -Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio." |
| 1563 | 3e Technologies International, Inc. Suite 500, 9715 Key West Avenue Rockville, MD 20850 USA Chris Guo TEL: 301-944-1294 FAX: 301-670-6989 CST Lab: NVLAP 200002-0 | 3e-030-2 Security Server Cryptographic Core (Software Version: 4.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Software | 06/20/2011 | Overall Level: 1 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested Configuration(s): Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode) -FIPS Approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5 Multi-chip standalone "The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5" |
| 1562 | Thales e-Security Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA Joe Warren CST Lab: NVLAP 200416-0 | Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2] (Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 4.5) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy Vendor Product Link | Hardware | 06/20/2011 02/13/2015 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG Multi-chip standalone "The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM." |
| 1561 | Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA David Hostetter TEL: 303-272-7126 FAX: 303-272-6555 CST Lab: NVLAP 100432-0 | StorageTek™ T10000C Tape Drive (Hardware Version: P/N 316052503; Firmware Version: 1.51.318) (When operated in FIPS mode) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/17/2011 | Overall Level: 1 -FIPS Approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763) -Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution." |
| 1560 | Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA Global Certification Team CST Lab: NVLAP 200427-0 | Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs) (Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2011 02/23/2012 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Multi-chip standalone "The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options." |
| 1559 | Hewlett Packard®, Enterprise 153 Taylor Street Littleton, MA 01460 USA Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0 | Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 610113-002 Rev. C; Firmware Versions: Loader Version 0.66, PSMCU Version 0.98) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2011 09/19/2011 01/25/2016 02/09/2016 | Overall Level: 3 -FIPS Approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing." |
| 1558 | Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 CST Lab: NVLAP 200802-0 | Gemini (Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/14/2011 07/19/2011 | Overall Level: 2 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367) -Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed." |
| 1557 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 2150E (Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1556 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 1100E (Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/09/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications." |
| 1555 | BlockMaster AB Kyrkogatan 17 Lund S-222 22 Sweden Johan Söderström TEL: +46 (0) 46-2765100 Anders Pettersson TEL: +46 (0) 46-2765100 CST Lab: NVLAP 200002-0 | BM-C1000 (Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/07/2011 | Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -FIPS Approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683); RSA (Cert. #617) -Other algorithms: NDRNG; RSA-512 (non-compliant) Multi-chip embedded "The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)." |
| 1554 | McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0 | McAfee Firewall Enterprise 4150E (Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Consolidated Validation Certificate Security Policy | Hardware | 06/07/2011 | Overall Level: 2 -FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryp |