CMVP Main Page

CMVP Historical Validation List

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 8/31/2017

The Historical list includes modules that Federal Agencies should not include in new procurements. This does not mean that the overall FIPS-140 certificates for these modules have been revoked, rather it indicates that the certificates and the documentation posted with them are more than 5 years and have not been updated to reflect latest guidance and/or transitions, and may not accurately reflect how the module can be used in FIPS mode (see SP800-131A Revision 1 Transitions below). Agencies may make a risk determination on whether to continue using the modules on this list based on their own assessment of where and how the module is used.

The SP800-131A Revision 1 Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths dated November 2015 provision addressing the RNG transition went into effect January 1, 2016. After 2015, the use of the RNGs specified in FIPS 186-2, [ANSI X9.31] and the 1998 version of [ANSI X9.62] are disallowed. Therefore, all the RNG implementations that were previously validated are non-compliant, and any algorithms reliant on the output of these RNGs are also non-compliant. Modules that include an RNG as a FIPS Approved algorithm have been moved to this list. The modules on this list are not to be used for procurement by federal agencies. Please see CMVP Notice dated 11-24-2015 for more details. This does not mean that the overall FIPS-140 certificate has been revoked, rather it indicates that the certificate and the documentation posted with it do not accurately reflect how the module can be used in FIPS mode. Agencies may make a risk determination on whether to continue using the modules on this list based on their own assessment of where and when the RNG is used by the module.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Level / Description
2516Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0840
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade VDX 6740, VDX 6740T and VDX 8770 Switches
(Hardware Versions: {[BR-VDX8770-4-BND-AC (80-1005850-02), BR-VDX8770-4-BND-DC (80-1006532-03), BR-VDX8770-8-BND-AC (80-1005905-02), BR-VDX8770-8-BND-DC (80-1006533-03)] with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006431-01 and 80-1006429-01), BR-VDX6740-24-F (80-1007295-01), BR-VDX6740-24-R (80-1007294-01), BR-VDX6740-48-F (80-1007483-01), BR-VDX6740-48-R (80-1007481-01), BR-VDX6740-64-ALLSW-F (80-1007484-01), BR-VDX6740-64-ALLSW-R (80-1007482-01), BR-VDX6740T-24-F (80-1007273-01), BR-VDX6740T-24-R (80-1007274-01), BR-VDX6740T-48-F (80-1007485-01), BR-VDX-6740T-48-R (80-1007487-01), BR-VDX6740T-64-ALLSW-F (80-1007486-01), BR-VDX6740T-64-ALLSW-R (80-1007488-01), BR-VDX6740T-56-1G-R (80-1007863-03) and BR-VDX6740T-56-1G-F (80-1007864-03)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Network OS (NOS) v5.0.0 P/N: 63-1001501-01)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/29/2015
01/26/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1745); AES (Cert. #2937); SHS (Cert. #2473); HMAC (Cert. #1861); RNG (Cert. #1296); RSA (Cert. #1540); ECDSA (Cert. #530); CVL (Cert. #338); EC Diffie-Hellman (CVL Cert. #337, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; Triple-DES (non-compliant); BLOWFISH; CAST128; ARCFOUR; HMAC-MD5; HMAC-SHA-1 (non-compliant); UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96; SNMPv3 KDF (non-compliant); SHA-1 (non-compliant); MD5; SHA-256 (non-compliant); NDRNG; EC Diffie-Hellman (CVL Cert. #337, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Multi-Chip Stand Alone

"The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments."
2513Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade(R) DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch, 7800 and 7840 Extension Switch
(Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02), 7840 (P/N 80-1008000-01)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.3.0 (P/N 63-1001447-01))
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/24/2015
04/21/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2876, #2892 and #2893); CVL (Certs. #311, #312, #318, #319, #320 and #321); ECDSA (Certs. #518, #522 and #523); HMAC (Certs. #1814, #1828 and #1829); RNG (Certs. #1284, #1288 and #1289); RSA (Certs. #1514, #1522 and #1523); SHS (Certs. #2417, #2435 and #2436); Triple-DES (Certs. #1719, #1723 and #1724)

-Other algorithms: EC Diffie-Hellman (CVL Certs. #311, #318 and #320, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; ARCFOUR; Triple-DES (non-compliant); BLOWFISH; CAST128; HMAC-MD5; HMAC-SHA-1 (non-compliant); UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96; MD5; SHA-1 (non-compliant); SHA-256 (non-compliant); SNMPv3 KDF (non-compliant); HMAC-SHA-512 (non-compliant); NDRNG
Multi-Chip Stand Alone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2512Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
CANADA

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie F-IMB 4K Integrated Media Block (IMB)
(Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4217)
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2015
06/27/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); CVL (Cert. #97); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); SHS (Certs. #1788 and #1789)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH
Multi-Chip Embedded

"The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material."
2477Dolby Laboratories, Inc.
1020 Chestnut St.
Burbank, CA 91506
USA

Jean-Philippe Viollet
TEL: 818-524-2956

Camille Rizko
TEL: 818-524-2957

CST Lab: NVLAP 200802-0
IMS-SM
(Hardware Versions: IMS-SM-C1 [A], IMS-SM-C2 [A], IMS-SM-E1 [A], IMS-SM-E2 [A], IMS2-SM-C1 [A], IMS2-SM-C2 [A] and IMS2-SM-C3 [A]; Firmware Versions: (4.4.1-0, 4.2.0-3 and 6.0.12d-0) [A])
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/23/2015Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2974, #2975, #2976 and #2996); KTS (AES Cert. #2996; key establishment methodology provides 128 bits of encryption strength); HMAC (Cert. #1897); SHS (Cert. #2500); RNG (Certs. #1300 and #1301); RSA (Certs. #1567, #1568 and #1569); CVL (Cert. #365)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; HMAC-MD5; TI ECDH
Multi-Chip Embedded

"The IMS-SM is the Security Manager module present in the Dolby Laboratories, Inc. IMS1000 (for hardware models IMS-SM-C1, IMS-SM-C2, IMS-SM-E1 and IMS-SM-E2) or IMS2000 (for hardware models IMS2-SM-C1, IMS2-SM-C2, IMS2-SM-C3) that can be hosted inside D-Cinema DLP projectors. It supports highest JPEG-2000 decoding capabilities and accepts alternative content as well."
2439Nuvoton Technology Corporation
4, Creation Road III
Hsinchu Science Park
Taiwan

Yossi Talmi
TEL: +972-9-9702364

CST Lab: NVLAP 200556-0
NPCT6XX TPM 1.2
(Hardware Versions: FB5C85D IN TSSOP28 PACKAGE and FB5C85D IN QFN32 PACKAGE; Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1)
(When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/03/2015
08/15/2016
Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3093); RSA (Cert. #1582); HMAC (Cert. #1938); SHS (Cert. #2554); RNG (Cert. #1315); CVL (Cert. #373)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; RSA (non-compliant); AES (Cert. #3093, key wrapping)
Single-chip

"Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation."
2437HID Global
6623 Dumbarton Circle
Fremont, CA 94555
USA

Jean-Luc Azou
TEL: 510-574-1738
FAX: 510-574-0101

CST Lab: NVLAP 100432-0
HID Global ActivID Applet Suite v2.6.2B on Oberthur Technologies ID-One Cosmo V7
(Hardware Versions: P/Ns B0, BA, C4 and C7; Firmware Version: FC10 / 069778 with HID Global ActivID Applet Suite Version 2.6.2B.7)
(When operated with module Oberthur ID-One Cosmo V7-n validated to FIPS 140-2 under Cert. #1236 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/2015Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Single-chip

"This product combines the Oberthur Technologies ID-One Cosmo V7 card loaded with the HID Global ActivID Applet Suite v2.6.2B. The smart card is a JC2.2.2 & GP2.1.1 compliant dual-interface module. HID ActivID Applet framework works over dual-interface and supports GSC-IS v2.1 specifications. The product supports secure issuance and post-issuance along with SMA protocol (secure messaging) for FIPS 140-2 L3 and One Time Password generation. The combined product is suitable for government and corporate deployments."
2436Huawei Device (Dongguan) Co. Ltd.
B2-5 of Nanfang Factory
No.2 of Xincheng Rd
Songshan Lake Science & Technology Industrial Zone
Dongguan, Guangdong 523808
China

Mr. Hongtailiang
TEL: 86-755-36376922

Mr. Blue Lee
TEL: 86-755-28976679

CST Lab: NVLAP 100414-0
EDK Management Module
(Software Version: P7-L00V100R001C17B210)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Emotion UI 2.3, Android 4.4.2 on Huawei P7 mobile phone (single user mode)

-FIPS Approved algorithms: AES (Certs. #2967 and #3178); HMAC (Cert. #1881); PBKDF (vendor affirmed); RNG (Cert. #1299); SHS (Cert. #2495)

-Other algorithms: N/A
Multi-chip standalone

"The Huawei EDK Management Module provides cryptographic services for applications/services running on Huawei mobile phones."
2424Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

Verl Day
TEL: 319-295-8545

Ron Broden
TEL: 319-263-1116

CST Lab: NVLAP 200002-0
DVP-200
(Hardware Versions: 822-2506-002 (Rev B or Rev C), 822-2506-003 (Rev B or Rev C) and 822-2506-004 (Rev C or Rev D); Firmware Versions: 811-4562-004 and 811-4563-002)
(The module generates cryptographic keys whose strengths are modified by availableentropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #1504); RNG (Cert. #817); SHS (Cert. #1352)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); AES (Cert. #1504, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #1504; non-compliant)
Multi-chip standalone

"The DVP-200 is data and voice (audio) encryption unit. The DVP uses 128-bit AES for encryption. Public key exchanges and over-the-air rekey capable. Digital voice encoding/decoding to NATO STANAG 4591 MELPe at 2400 and 1200 bps. The DVP's internal modem is configurable from 75 bps through 2400 bps. Data rates through 19200 bps are obtainable using an external modem."
2418Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Paul Tucker
TEL: 512-432-2626

Freddy Mercado
TEL: 512-432-2947

CST Lab: NVLAP 200427-0
TippingPoint Intrusion Prevention System
(Hardware Version: S6100N; Firmware Version: 3.8.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/30/2015
08/14/2015
12/09/2015
Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3214); CVL (Cert. #438); HMAC (Cert. #2027); RNG (Cert. #1347); RSA (Cert. #1637); SHS (Cert. #2662); Triple-DES (Cert. #1829)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).
Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2412CellTrust® Corporation
20701 N. Scottsdale Rd
Suite #107-451
Scottsdale, AZ 85255
USA

Behnam B. Shariati
TEL: 301-237-6761

CST Lab: NVLAP 200427-0
CellTrust Cryptographic Module (CTCM)
(Software Version: 2.0)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/22/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6)
Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)
Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2234 and #3090); CVL (Certs. #49 and #372); DRBG (Certs. #264 and #607); DSA (Certs. #693 and #896); ECDSA (Certs. #378 and #558); HMAC (Certs. #1363 and #1937); RNG (Certs. #1119 and #1314); RSA (Certs. #1145 and #1581); SHS (Certs. #1923 and #2553); Triple-DES (Certs. #1398 and #1780)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)
Multi-chip standalone

"The CellTrust Cryptographic Module v2.0 (CTCM) is part of CellTrust Trusted Foundation that performs cryptographic operations for transmission and storage of sensitive information. The CTCM is classified by FIPS 140-2 as a software module, multi-chip standalone module embodiment. FIPS is Federal Information Processing Standards developed by the United States federal government."
2406Digicine Oristar Technology Development (Beijing) Co., Ltd.
No.1 Di Sheng West Street, BDA, Da Xing District
Beijing 100176
China

Mr. Xiao, liqun
TEL: +86-010-8712 9372
FAX: +86-010-8712 7010

Dr. Sun, Xiaobin
TEL: +86-010-8712-9111
FAX: +86-010-8712 7010

CST Lab: NVLAP 100432-0
AQ42-M
(Hardware Version: 2.0.0; Firmware Version: 1.3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/09/2015Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2932, #2933 and #2934); SHS (Certs. #2468, #2469, #2470 and #2471); HMAC (Certs. #1858 and #1859); RSA (Certs. #1537 and #1538); RNG (Certs. #1293, #1294 and #1295); CVL (Cert. #333)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5
Multi-chip embedded

"AQ42-M is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2399Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
Dell SonicWALL NSA Series 2600, 3600, 4600, 5600
(Hardware Versions: P/Ns 101-500362-63, Rev. A (NSA 2600), 101-500338-64, Rev. A (NSA 3600), 101-500365-64, Rev. A (NSA 4600), 101-500360-65, Rev. A (NSA 5600); Firmware Version: SonicOS v6.2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/29/2015Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2756); Triple-DES (Cert. #1657); SHS (Cert. #2322); DSA (Cert. #843); RSA (Cert. #1444); RNG (Cert. #1269); HMAC (Cert. #1727); DRBG (Cert. #466); CVL (Cert. #226)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RSA (non-compliant)
Multi-chip standalone

"Enterprise-class security and performance made afordable for small- to medium-sized business. The NSA Series offers industry leading next-generation firewall protection, performance, and scalability. A suite of tools, including intrusion prevention, gateway anti-virus, and anti-spyware plus application intelligence and control, offer granular control through application blocking, bandwidth management and more."
2384Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch and 7800 Extension Switch
(Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.1 (P/N 63-1001421-01))
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3 and 5 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/21/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #1252 and #1253); RSA (Certs. #1389 and #1390); CVL (Certs. #157 and #158)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bit of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; BLOWFISH-CBC; CAST128; ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-MD5-96; HMAC-SHA-1-96 (non-compliant)
Multi-chip standalone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2383Hewlett-Packard Company
11445 Compaq Center Dr. West
Houston, TX 77070-1433
USA

Phillip M O’Hara
TEL: 832-502-6181
FAX: 281-514-1325

Sandeep KS
TEL: +91 80 251 65431

CST Lab: NVLAP 200802-0
HP Virtual Connect 16Gb 24-Port FC Module
(Hardware Version: 40-1000779-08 Rev C (80-1007799-04); Firmware Version: VC 4.41)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/21/2015
07/06/2015
Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1596); HMAC (Cert. #934); RNG (Cert. #1252); RSA (Cert. #1389); SHS (Cert. #1408); Triple-DES (Cert. #1043); CVL (Certs. #157 and #363); ECDSA (Cert. #548)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); MD5; NDRNG
Multi-chip embedded

"The HP Virtual Connect 16Gb 24-Port FC Module is an embedded blade that meets FIPS 140-2 Level 1 security requirements, and is designed to be embedded inside HP BladeSystem c-Class enclosures."
2378ChaseSun Information Security Technology Development (Beijing) Co., Ltd.
North Building 13, Xindacheng Plaza, 197# Guangzhou Road, Yuexiu District
Guangzhou 510075
China

Peng Sun
TEL: +86-20-22387717
FAX: +86-20-22387717

CST Lab: NVLAP 200802-0
ChaseSun CS100
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/19/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2977 and #2978); RSA (Cert. #1563); SHS (Certs. #2501 and #2502); RNG (Certs. #1302 and #1336); HMAC (Certs. #1886 and #1887); CVL (Cert. #359)

-Other algorithms: RSA (key wrapping; key establishment provides 112 bits of encryption strength); MD5; NDRNG
Multi-chip embedded

"The ChaseSun CS100 Cryptographic Module is a multi-chip embedded cryptographic module designed to decrypt and decode audio/video data for a digital cinema projector."
2359DataLocker Inc.
7007 College Blvd Suite 240
Overland Park, KS 66211
USA

Jay Kim
TEL: 913-310-9088

CST Lab: NVLAP 100432-0
IronKey H350
(Hardware Versions: P/Ns MXKB1B500G5001FIPS, MXKB1B001T5001FIPS, and MXKB1B002T5001FIPS; Firmware Version: 1.0.0)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/13/2015
10/20/2015
03/22/2016
03/22/2016
03/23/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-Chip Stand Alone

"IronKey H350 is a Secure USB 3.0 hard disk drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities to help control user access to desktops, sensitive data and critical applications. IronKey H350 allows enterprise class device management features like policy updates, password recovery and remote kill features."
2347Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-3000 and W-6000/M3 Mobility Controllers with Dell AOS FIPS Firmware
(Hardware Versions: W-3200-F1, W-3200-USF1, W-3400-F1, W-3400-USF1, W-3600-F1, W-3600-USF1 and [(W-6000-F1 or W-6000-USF1) with W-6000M3, and (HW-PSU-200 or HW-PSU-400)] with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/15/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"see change letterDell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2346Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-IAP3WN, W-IAP3WNP, W-IAP108, W-IAP109, W-AP114, and W-AP115 Wireless Access Points with Dell AOS FIPS Firmware
(Hardware Versions: W-IAP3WN-F1, W-IAP3WN-USF1, W-IAP3WNP-F1, W-IAP3WNP-USF1, W-IAP108-F1, W-IAP108-USF1, W-IAP109-F1, W-IAP109-USF1, W-AP114-F1 and W-AP115-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs
Multi-chip standalone

"Dell W-Series 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2345Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-AP134 and W-AP135 Wireless Access Points with Dell AOS FIPS Firmware
(Hardware Versions: W-AP134-F1 and W-AP135-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG
Multi-chip standalone

"Dell W-Series 802.11n wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies"
2344Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-620 and W-650 Mobility Controllers with Dell AOS FIPS Firmware
(Hardware Versions: W-620-F1, W-620-USF1, W-650-F1 and W-650-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Dell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2339Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-AP224 and W-AP225 Wireless Access Points with Dell AOS FIPS Firmware
(Hardware Versions: W-AP224-F1 and W-AP225-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs
Multi-chip standalone

"Dell W-Series 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2337Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Version: SKC1.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/16/2015Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android KitKat 4.4.4 running on Samsung Galaxy Note 4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3007 and #3010); SHS (Certs. #2514 and #2518); RNG (Certs. #1304 and #1305); Triple-DES (Cert. #1766); HMAC (Certs. #1900 and #1902)

-Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; krng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO; AES-GCM (non-compliant); RFC4106-AES-GCM (non-compliant); RFC4543-AES-GCM (non-compliant); AES-CTR (non-compliant); Triple-DES-CTR (non-compliant); GHASH; GF128MUL
Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2335Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-AP92, W-AP93, W-AP104, W-AP105, and W-AP175 Wireless Access Points with Dell AOS FIPS Firmware
(Hardware Versions: W-AP92-F1, W-AP93-F1, W-AP104-F1, W-AP105-F1, W-AP175P-F1, W-AP175AC-F1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/11/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs
Multi-chip standalone

"Dell W-Series 802.11n wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2334Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-IAP155 and W-IAP155P Wireless Access Points with Dell AOS FIPS Firmware
(Hardware Versions: W-IAP155-F1, W-IAP155-USF1, W-IAP155P-F1 and W-IAP155P-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/05/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG
Multi-chip standalone

"Dell W-Series 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, W-Series APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. W-Series APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2332WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206 613 6600

CST Lab: NVLAP 200556-0
XTM 850 [1], XTM 860 [2], XTM 870 [3], XTM 870-F [4], XTM 1520 [5], XTM 1520-RP [6], XTM 1525 [7], XTM 1525-RP [8], XTM 2520 [9]
(Hardware Versions: SL8AE14 [1-5,7], SL15AE14 [6,8], SL25AE14F4 [9] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.6.5)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/03/2015Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #2360 and #2361); CVL (Cert. #163); DSA (Cert. #738); ECDSA (Cert. #388); HMAC (Certs. #1463 and #1464); RNG (Cert. #1175); RSA (Cert. #1218); SHS (Certs. #2032 and #2033); Triple-DES (Certs. #1476 and #1477);

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; AES-CCM (non-compliant); PBKDF (non-compliant)
Multi-chip standalone

"WatchGuard® XTM Extensible Threat Management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
2331Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

Shigeki Yamamoto
TEL: +81 50 3140 9131
FAX: +81 50 3809 1421

CST Lab: NVLAP 100432-0
Aspen
(Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.3.0, 1.4.0 and 1.5.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/03/2015
05/08/2015
12/15/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #829, #830 and #1279); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strenght); NDRNG; HMAC-MD5; MD5
Multi-chip embedded

"The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2325Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 50 3140 9888
FAX: +81 50 3809 1421

Shigeki Yamamoto
TEL: +81 50 3140 9131
FAX: +81 50 3809 1421

CST Lab: NVLAP 100432-0
Aspen
(Hardware Version: 2.0.0; Firmware Versions: 1.3.0, 1.4.0 and 1.5.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2015
05/08/2015
12/15/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #829, #830 and #1279); CVL (Cert. #160)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5
Multi-chip embedded

"Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2324Curtiss-Wright
333 Palladium Drive
Kanata, ON K2V 1A6
Canada

Andrew McCoubrey
TEL: 613 599-9199 x5176
FAX: 613-599-7777

Johan A Koppernaes
TEL: 613-599-9199 ext 5817
FAX: 613-599-7777

CST Lab: NVLAP 200996-0
CCA-685 Secure Router
(Hardware Version: CCA-685-C2820; Firmware Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2015
12/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111); CVL (Cert. #405)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) DES; MD5
Multi-chip embedded

"The CCA-685 Secure Router is used for strong security in the embedded defense and aerospace industries. It supports industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption."
2323Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.3 or 6.0.8)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/05/2015
03/13/2015
12/07/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2896 and #2897); CVL (Certs. #324 and #325); HMAC (Cert. #1832); RNG (Cert. #1290); RSA (Cert. #1525); SHS (Cert. #2439)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES
Multi-chip standalone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2321Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

Dell Networking Team

CST Lab: NVLAP 200427-0
Dell W-7200 Series Controllers with Dell AOS FIPS Firmware
(Hardware Versions: W-7210-F1, W-7210-USF1, W-7220-F1, W-7220-USF1, W-7240-F1, W-7240-USF1 with Aruba FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/28/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Dell W-Series family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2320Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey S1000
(Hardware Versions: P/Ns IK-S1000-04GB, IK-S1000-08GB, IK-S1000-16GB, IK-S1000-32GB, IK-S1000-64GB, IK-S1000-128GB and IKS1000 Series [4GB, 8GB, 16GB, 32GB, 64GB, 128GB]; Firmware Version: 3.0.5)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/28/2015
02/13/2015
03/08/2016
05/26/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip standalone

"IronKey S1000 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey S1000 allows enterprise class device management features like policy updates, password recovery and remote kill features."
2314Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

Jun Wang
TEL: 408-338-6680
FAX: 408-517-4710

CST Lab: NVLAP 200427-0
Proofpoint Security Library
(Software Version: 1.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/13/2015Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 5 running on Dell Latitude E6400 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1938); ECDSA (Cert. #278); RNG (Cert. #1021); RSA (Cert. #1003); SHS (Cert. #1702)

-Other algorithms: AES RNG; DSA (non-compliant); RC2; Triple-DES (non-compliant)
Multi-chip standalone

"The module is a C++ language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides a variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC running Cent OS 5."
2305Barco n.v.
Noordlaan 5
Kuurne BE-8520
Belgium

Theodore Marescaux
TEL: 32 (0) 56 368 967
FAX: 32 (0) 56 368 862

Steven Stalmans
TEL: 32 56 368761
FAX: 32 (0) 56 368 862

CST Lab: NVLAP 200802-0
Barco ICMP
(Hardware Version: R7681133-08 [A] or R7681133-12 [B]; Firmware Version: 1.1 build 9202 [A] or 1.2 build 10163B [B])
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/24/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2725 and #2726); HMAC (Certs. #1704 and #1705); RNG (Cert. #1262); SHS (Certs. #2295 and #2296); RSA (Cert. #1418); CVL (Cert. #178)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman; HMAC-MD5; MD5; NDRNG
Multi-chip embedded

"Barco digital cinema image and DCI media processing module."
2297Dell Software, Inc.
5455 Great America Parkway
Suite 250
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SRA EX9000
(Hardware Version: P/N 101-500352-59 Rev A; Firmware Version: SRA 10.7.1)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/12/2014
04/21/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: RNG (Cert. #1272); AES (Certs. #2795, #2796 and #2797); RSA (Certs. #1462 and #1463); Triple DES (Certs. #1679, #1680 and #1681); SHS (Certs. #2347, #2348 and #2349); HMAC (Certs. #1751, #1752 and #1753); CVL (Certs. #245 and #246)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; ESPRC4; RC4; ESPRC4; RC4; SNMPv3 KDF (non-compliant)
Multi-chip standalone

"Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell SonicWALL Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices."
2296Dell Software, Inc.
5455 Great America Parkway
Suite 250
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-68 Rev. A (SRA EX6000) and 101-500188-70 Rev. A (SRA EX7000); Firmware Version: SRA 10.7.1)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/12/2014
04/21/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: RNG (Cert. #1272); AES (Certs. #2795, #2796 and #2797); RSA (Certs. #1462 and #1463); Triple DES (Certs. #1679, #1680 and #1681); SHS (Certs. #2347, #2348 and #2349); HMAC (Certs. #1751, #1752 and #1753); CVL (Certs. #245 and #246)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; ESPRC4; RC4; SNMPv3 KDF (non-compliant)
Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the Dell SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
2292Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0
RFS7000 Series Wireless Controller
(Hardware Version: RFS-7010; Firmware Version: 4.1.4.0-0030GR)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/10/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2752 and #2765); HMAC (Certs. #1726 and #1731); CVL (Certs. #190, #191, #192 and #193); RNG (Certs. #1268 and #1270); RSA (Cert. #1443); SHS (Certs. #2321 and #2326); Triple-DES (Certs. #1656 and #1658)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5
Multi-chip standalone

"The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability."
2289Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2903

Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 100432-0
Wireless Access Point AP-7131N-GR
(Hardware Version: AP7131N-GR; Firmware Version: 4.0.4.0-046GRN)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/08/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #861 and #2751); HMAC (Cert. #1725); KBKDF (Cert. #20); CVL (Certs. #186, #187, #188 and #189); RNG (Cert. #1267); RSA (Cert. #1442); SHS (Cert. #2320); Triple-DES (Cert. #1655)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5
Multi-chip standalone

"The AP-7131-GR 802.11n Wireless Access Point delivers the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual radio design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Motorola's Wireless IPS."
2288IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

Peter Clark
TEL: 416-478-0224

CST Lab: NVLAP 200416-0
IBM Security QRadar FIPS Appliance
(Hardware Version: QR24 with FIPS Replacement Labels (Part Number: 00AN000); Firmware Version: v7.1 MR1)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/03/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2562); Triple-DES (Cert. #1550); RSA (Cert. #1313); SHS (Cert. #2160); HMAC (Cert. #1581); RNG (Cert. #1216); CVL (Cert. #194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5
Multi-chip standalone

"IBM(R) Security QRadar(R) FIPS Appliance consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network. The IBM Security QRadar FIPS Appliance provides a secure platform that meets FIPS 140-2 Level 2 requirements while allowing organizations to meet current and emerging compliance mandates."
2287McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 7.1.15.4)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/03/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: CVL (Certs. #57 and #58); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: AES (non-compliant); Triple-DES (non-compliant); RSA (non-compliant); Diffie-Hellman (non-compliant); NDRNG; MD5
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2285Ultra Electronics DNE Technologies
50 Barnes Park North
Wallingford, CT 06492
USA

Stephen Nichols
TEL: 203-697-6521
FAX: 203-265-7151

CST Lab: NVLAP 200427-0
PacketAssure iQ1000
(Hardware Versions: Chassis v.003, PSM v.101; Firmware Versions: 3.2.0 and 3.4.0)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/03/2014
12/21/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2191); DSA (Cert. #685); HMAC (Cert. #1343); RNG (Cert. #1109); RSA (Cert. #1130); SHS (Cert. #1899); Triple-DES (Cert. #1384)

-Other algorithms: AES (Cert. #2191, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNMP KDF; SSH KDF; TLS KDF
Multi-chip standalone

"The Ultra Electronics DNE Technologies PacketAssure iQ1000 is a rugged, one 19" rack unit Service Delivery Management (SDM) network appliance. It integrates IP adaptation for legacy circuit based traffic with high-performance layer-2 IP switching and intelligent IP quality of service, allowing the user to precisely classify/manage their voice, video and data services."
2283Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches
(Hardware Versions: [BR-VDX6710-54-F and BR-VDX6710-54-R, BR-A-16-F (80-1004566-07 and 80-1006701-02), BR-VDX6720-16-R (80-1004567-07 and 80-1006702-02), BR-VDX6720-24-F (80-1004564-07 and 80-1006699-02), BR-VDX6720-24-R (80-1004565-07 and 80-1006700-02), BR-VDX6720-40-F (80-1004570-07 and 80-1006305-02), BR-VDX6720-40-R (80-1004571-07 and 80-1006306-02), BR-VDX6720-60-F (80-1004568-07 and 80-1006303-02) and BR-VDX6720-60-R (80-1004569-07 and 80-1006304-02), BR-VDX6730-16-F (80-1005649-03 and 80-1006709-02), BR-VDX6730-16-R (80-1005651-03 and 80-1006711-02), BR-VDX6730-24-F (80-1005648-03 and 80-1006708-02), BR-VDX6730-24-R (80-1005650-03 and 80-1006710-02), BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-40-F (80-1005680-03 and 80-1006719-02), BR-VDX6730-40-R (80-1005681-03 and 80-1006720-02), BR-VDX6730-60-F (80-1005679-03 and 80-1006718-02), BR-VDX6730-60-R (80-1005678-03 and 80-1006717-02), BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.) and BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.), BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64-ALLSW-F and BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F and BR-VDX6740T-64-ALLSW-R, BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8-BND-AC and BR-VDX8770-8-BND-DC with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 and 80-1006429-01)]; Firmware Version: Network OS (NOS) v4.0.1)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3, 4, 5, 6, and 7 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/08/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1356, #1357, #1358 and #1359); CVL (Certs. #130 and #131)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; BLOWFISH; ARCFOUR; HMAC-MD5; UMAC-64; HMAC-RIPEMD160; HMAC-MD5-96
Multi-chip standalone

"The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments."
2277ND SatCom Products GmbH
Graf von Soden Strasse
Immenstaad 88090
Germany

Dr. Michael Weixler
TEL: +49 7545 939 8198
FAX: +49 7545 939 8302

Petra Visuri
TEL: +49 7545 939 8781
FAX: N/A

CST Lab: NVLAP 100432-0
SKYWAN Cryptographic Module
(Hardware Version: F-11B13860 TQM8349L-CA Rev. 300; Firmware Versions: Boot Loader FW version 2.002.4 and Application FW version 7.250.10)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2740); DSA (Cert. #839); RNG (Cert. #1265); SHS (Certs. #2311 and #2312)

-Other algorithms: AES (Cert. #2740, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip embedded

"ND SatCom FIPS Module, a multichip embedded hardware engine providing AES256 encryption services for Ethernet & Frame-Relay/Serial data traffic and MF-TDMA control signaling for the ND SatCom SkyWAN 7000 Series Satellite modems. This module provides FIPS 140-2 Level 3 TRANSEC services adding no satellite bandwidth overhead."
2274Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches
(Hardware Versions: [BR-VDX6710-54-F and BR-VDX6710-54-R, BR-VDX6720-16-F (80-1004566-07 and 80-1006701-02), BR-VDX6720-16-R (80-1004567-07 and 80-1006702-02), BR-VDX6720-24-F (80-1004564-07 and 80-1006699-02), BR-VDX6720-24-R (80-1004565-07 and 80-1006700-02), BR-VDX6720-40-F (80-1004570-07 and 80-1006305-02), BR-VDX6720-40-R (80-1004571-07 and 80-1006306-02), BR-VDX6720-60-F (80-1004568-07 and 80-1006303-02) and BR-VDX6720-60-R (80-1004569-07 and 80-1006304-02), BR-VDX6730-16-F (80-1005649-03 and 80-1006709-02), BR-VDX6730-16-R (80-1005651-03 and 80-1006711-02), BR-VDX6730-24-F (80-1005648-03 and 80-1006708-02), BR-VDX6730-24-R (80-1005650-03 and 80-1006710-02), BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R with BR-VDX6730-24VCS-01 and BR-VDX6730-24FCOE-01 Lic.), BR-VDX6730-40-F (80-1005680-03 and 80-1006719-02), BR-VDX6730-40-R (80-1005681-03 and 80-1006720-02), BR-VDX6730-60-F (80-1005679-03 and 80-1006718-02), BR-VDX6730-60-R (80-1005678-03 and 80-1006717-02), BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.) and BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R with BR-VDX6730-60VCS-01 and BR-VDX6730-60FCOE-01 Lic.), BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64- ALLSW-F and BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F, BR-VDX6740T-64-ALLSW-R, BR-VDX6740T-56-1G-R and BR-VDX6740T-56-1G-F, BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8- BND-AC and BR-VDX8770-8-BND-DC with FRUs (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 and 80-1006429-01) with FIPS Kit Brocade XBR-000195; Firmware Version: Network OS (NOS) v4.1.1)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in Appendix A of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/10/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1458 and #1467); CVL (Certs. #130 and #131)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; SNMPv3 KDF (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; BLOWFISH-CBC; CAST128; ARCFOUR; HMAC-MD5; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96; HMAC-MD5-96
Multi-chip standalone

"The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments."
2271Digicine Oristar Technology Development (Beijing) Co., Ltd.
No.1 Di Sheng West Street, BDA, Da Xing District
Beijing 100176
People's Republic of China

Mr. Xiao, liqun
TEL: +86-010-8712 9372
FAX: +86-010-8712 7010

Dr. Sun, Xiaobin
TEL: +86-010-8712 9111
FAX: +86-010-8712 7010

CST Lab: NVLAP 100432-0
AQ42-M
(Hardware Version: 2.0.0; Firmware Version: 1.2.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/24/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2932, #2933 and #2934); SHS (Certs. #2468, #2469, #2470 and #2471); HMAC (Certs. #1858 and #1859); RSA (Certs. #1537 and #1538); RNG (Certs. #1293, #1294 and #1295); CVL (Cert. #333)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5
Multi-chip embedded

"AQ42-M is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2269Globo Plc
190 High Street
Tonbridge - Kent TN9 1BE U.K
United Kingdom

Paul DePond
TEL: 408-777-7924

CST Lab: NVLAP 100432-0
Globo Plc Server Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/16/2014
12/31/2014
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Globo Plc Server Cryptographic Module provides cryptographic functions for server-side component of enterprise mobility products from Globo Plc."
2268Globo Plc
190 High Street
Tonbridge - Kent TN9 1BE U.K
United Kingdom

Paul DePond
TEL: 408-777-7924

CST Lab: NVLAP 100432-0
Globo Plc Mobile Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/16/2014
12/31/2014
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Globo Plc Mobile Cryptographic Module provides cryptographic functions for mobile components of enterprise mobility products from Globo Plc."
2266Digicine Oristar Technology Development (Beijing) Co., Ltd.
No.1 Di Sheng West Street, BDA, Da Xing District
Beijing 100176
China

Helen Li
TEL: +86 10 8712 7173
FAX: +86 10 8712 7010

CST Lab: NVLAP 100432-0
CHN-II
(Hardware Version: 1.0; Firmware Versions: 1.0.0 and 1.2.0, Bootloader Version:1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/10/2014
04/17/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2858, #2880, #2881 and #2882); HMAC (Certs. #1798 and #1816); SHS (Certs. #2401, #2421 and #2422); RSA (Cert. #1498); RNG (Cert. #1281)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box
Multi-chip embedded

"Oristar's Integrated Media Block (IMB) product with its model number CHN-II supports 2K/4K JPEG-2000 image decoding for theatrical playback in Digital Cinemas."
2265HealthStackIO Inc.
530 Lytton Avenue
2nd Floor
Palo Alto, CA 94301
USA

HealthStackIO Sales Team

CST Lab: NVLAP 100432-0
HealthStackIO Platform Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/10/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.8 on a MacBook Air
Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
SUSE Linux Enterprise 11SP2 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Cryptographic layer for HealthStackIO platform"
2253Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Nexus 7000 Series Switches
(Hardware Versions: Chassis: N7K-C7004, N7K-C7009, N7K-C7010 and N7K-C7018; Supervisor Cards: N7K-SUP1, N7K-SUP2 and N7K-SUP2E; Fabric Cards: N7K-C7009-FAB-2, N7K-C7010-FAB-1, N7K-C7010-FAB-2, N7K-C7018-FAB-1 and N7K-C7018-FAB-2; Line Cards: N7K-M148GS-11L, N7K-M148GT-11L, N7K-M108X2-12L, N7K-M132XP-12, N7K-F132XP-15, N7K-M202CF-22L, N7K-M206FQ-23L, N7K-M224XP-23L, N7K-F248XP-25E and N7K-F248XT-25E; Firmware Version: 6.2.2a)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert. #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG
Multi-chip standalone

"The Cisco Nexus 7000 is a highly scalable in the Data Center end-to-end 10 Gigabit Ethernet switch for mission-critical data center operations. The fabric architecture scales beyond 15 terabits per second (Tbps), with support for 40-Gbps and 100-Gbps Ethernet. Powered by Cisco NX-OS, a state of the art modular operating system, the platform is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility."
2252Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Nexus 7700 Series Switches
(Hardware Versions: Chassis: N7K-C7710 and N7K-C7718; Supervisor Card: N77-SUP2E; Fabric Cards: N77-C7710-FAB-2 and N77-C7718-FAB-2; Line Card: N77-F248XP-23E; Firmware Version: 6.2.2a)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert. #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG
Multi-chip standalone

"The Cisco Nexus 7700 Switches are the latest extension to the Cisco Nexus 7700 Series modular switches. With more than 83 terabits per second (Tbps) of overall switching capacity, the Cisco Nexus 7700 Switches delivers the highest-capacity 10, 40, and 100 Gigabit Ethernet ports in the industry, with up to 768 native 10-Gbps ports, 384 40-Gbps ports, or 192 100-Gbps ports. This high system capacity is designed to meet the scalability requirements of the largest cloud environments."
2247NXP Semiconductors
Stresemannallee 101
Hamburg D-22529
Germany

Hans-Gerd Albertsen
TEL: +49-40-5613-2548
FAX: +49-40-5613-62548

Markus Moesenbacher
TEL: +43-3124-299-652
FAX: +43-3124-299-270

CST Lab: NVLAP 100432-0
NXP JCOP 2.4.2 R3
(Hardware Versions: P/Ns P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R3 Mask ID 64 and patchID 1 with Demonstration Applet v1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/15/2014Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Certs. #2561, #2564, #2596 and #2597); CVL (Cert. #26); ECDSA (Cert. #317); RNG (Cert. #1229); RSA (Certs. #1090 and #1091); SHS (Cert. #1553); Triple-DES (Certs. #1552 and #1553); Triple-DES MAC (Triple-DES Cert. #1552, vendor affirmed)

-Other algorithms: NDRNG; AES (Certs. #2561 and #2596, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1552, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single-chip

"Single Chip Module with NXP Secure Smart Card Controller of P5CD081 Family. P5CD081 Family comprises: P5CD145 V0A, P5CC145 V0A, P5CN145 V0A, P5CD128 V0A, P5CC128 V0A, P5CD081 V1A, P5CC081 V1A, P5CN081 V1A, P5CD051 V1A, P5CD041 V1A, P5CD021 V1A, P5CD016 V1A, P5CD145 V0B, P5CC145 V0B, and P5CD081 V1D."
2240Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

Richard Bishop
TEL: 408-753-4061
FAX: 408-753-4001

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series and PA-5000 Series Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6] and PA-5060 P/N 910-000008-00F Rev. F [6]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5] and 920-000037-00A Rev. A [6]; Firmware Versions: 5.0.11 and 5.0.16)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/08/2014
05/18/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2728); CVL (Cert. #227); HMAC (Cert. #1707); RNG (Cert. #1263); RSA (Cert. #1420); SHS (Cert. #2298)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES
Multi-chip standalone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, and PA-5000 Series next-generation firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. This unique ability empowers customers to safely enable applications, make informed decisions on network access, and strengthen network security."
2238McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.2 with patch number 8.3.2E14)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/08/2014Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2712 and #2714); Triple-DES (Certs. #1275, #1629 and #1631); RSA (Certs. #1408 and #1410); DSA (Certs. #829 and #831); ECDSA (Certs. #473 and #475); SHS (Certs. #1722, #2277 and #2279); HMAC (Certs. #1184, #1691 and #1693); RNG (Cert. #1032); DRBG (Certs. #449 and #451); CVL (Certs. #170 and #172)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2237McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FEW-S1104, FEW-S2008, FEW-S3008, FEW-S4016, FEW-S5032 and FEW-S6032) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/08/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2236McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/08/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2235McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0
McAfee Email Gateway for Virtual Environments
(Software Version: 7.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/04/2014Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Intel Xeon w/ Red Hat Linux 9 running on VMware ESXi v4.1 and ESXi v5.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2012, #2079 and #2280); Triple-DES (Certs. #1298, #1330 and #1428); DSA (Certs. #638, #654 and #710); RSA (Certs. #1041, #1074 and #1171); SHS (Certs. #1762, #1809 and #1962); RNG (Certs. #1054, #1077 and #1133); HMAC (Certs. #1217 and #1260)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)
Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2234McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0
McAfee Email Gateway L2
(Hardware Versions: EMG-5500-C and EMG-5000-C; Firmware Version: 7.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/05/2014Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)
Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2233McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0
McAfee Email Gateway L1
(Hardware Versions: EMG-5500-B, EMG-5000-B, EMG-4500-B, EMG-4000-B, EWS-3400-B, EWS-3300-B, EWS-3200-B, EWS-3100-B and HP Proliant BL460c Gen6 Blade Server (Model: 595729-L21); Firmware Version: 7.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/05/2014Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)
Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2220Guidance Software, Inc.
215 North Marengo Avenue, Suite 250
Pasadena, CA 91101
USA

Emily Woodman
TEL: 626-768-4615
FAX: 626-229-9199

CST Lab: NVLAP 200556-0
Guidance Software EnCase Cryptographic Engine
(Software Version: 1.0)
(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/28/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2682 and #2683); HMAC (Certs. #1669 and #1670); RSA (Certs. #1382 and #1383); SHS (Certs. #2253 and #2254)

-Other algorithms: N/A
Multi-chip standalone

"The module is the Guidance Software EnCase Cryptographic Engine, version 1.0, which is a software shared library that provides cryptographic services required by Guidance Software host applications."
2218Tripwire, Inc.
101 SW Main St.
Suite 1500
Portland, OR 97204
USA


TEL: 503-276-7500
FAX: 503-223-0182

CST Lab: NVLAP 200802-0
Tripwire Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/07/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 960
Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 9010 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2719); RSA (Cert. #1414); RNG (Cert. #1260); HMAC (Cert. #1698); SHS (Cert. #2284); DSA (Cert. #835); CVL (Cert. #176)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms via the standard Java Cryptographic Extension (JCE) framework."
2214Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Version: SKC 1.4.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/31/2014
08/29/2014
Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android KitKat 4.4.2 running on Samsung Galaxy S5
Tizen 2.2.1 running on Samsung Z (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2809, #2810, #2938 and #2939); SHS (Certs. #2357, #2358, #2474 and #2475); RNG (Certs. #1275, #1276, #1297 and #1298); Triple-DES (Certs. #1687 and #1746); HMAC (Certs. #1760, #1761, #1862 and #1863)

-Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO
Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2213Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 50 3140 9888
FAX: +81 50 3809 1421

Shigeki Yamamoto
TEL: +81 50 3140 9131
FAX: +81 50 3809 1421

CST Lab: NVLAP 100432-0
Aspen
(Hardware Version: 2.0.0; Firmware Versions: 1.2.1 and 1.2.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/23/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #828, #829, #830 and #1279); CVL (Cert. #160)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5
Multi-chip embedded

"Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2209Western Digital Corporation
3355 Michelson, Suite 100
Irvine, CA 92612
USA

Danny Ybarra
TEL: 949-672-9929

CST Lab: NVLAP 100432-0
Verdi Self Encrypting Drive (SED)
(Hardware Version: WD4001FYUG-01UVZ; Firmware Version: VR08)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2014Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1669 and #1678); HMAC (Cert. #1062); RNG (Cert. #951); RSA (Cert. #901); SHS (Cert. #1580)

-Other algorithms: NDRNG
Multi-chip embedded

"A WDC Verdi product is a storage device that supports the Trusted Computing Group security protocol as defined by the TCG Enterprise SSC ( a set of security features that manage self encrypting drive functionality)."
2207Gemalto
Avenue du Jujubier
Z.I Athelia IV
La Ciotat 13705
France

Florence DEFRANCE
TEL: +33 (0) 442366734
FAX: +33 (0) 442365792

Anthony VELLA
TEL: +33 (0) 442366138
FAX: +33 (0) 442365236

CST Lab: NVLAP 100432-0
MultiApp V3 Platform
(Hardware Versions: M7820 SLE78CLX1600P (Contact-only) and M7820 SLE78CLX1600P (Contactless-only); Firmware Versions: MultiApp V3.0, Demonstration Applet V1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/09/2014Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RNG (Cert. #1128); RSA (Certs. #1287 and #1288); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #2261, key wrapping; key establishment methodology provides 128 bits of encryption strength)
Single-chip

"MultiApp V3.0 is a highly secured smartcard platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on the SLE78 chip from Infineon. This field-proven OS has the largest number of references in national ID programs. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling ePassport, secure data storage, identification, authentication and digital signature with biometry control."
2203Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810
USA

Dave Riley
TEL: 203-796-3208
FAX: 203-617-6060

Thomas J. Niglio
TEL: 203-922-5239
FAX: 203-617-6060

CST Lab: NVLAP 200983-0
Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Versions: 09.02.00; Indicia Type: 0, 1, 2, 5, 7 and 8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/09/2014Overall Level: 3

-Physical Security: Level 3 +EFP
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Cert. #2286); RNG (Cert. #1261); Triple-DES (Cert. #1636); DSA (Cert. #836); HMAC (Cert. #1699)

-Other algorithms: Triple-DES MAC (Non-Compliant)
Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Royal Mail Mailmark and other international postal authorities' specification. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
2194Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845-454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
Blue Coat® Systems SSL Visibility Appliance
(Hardware Versions: Model: SV2800; 090-03063 and 080-03562 with FIPS Label Kit: FIPS-LABELS-SV; Firmware Version: 3.5.2 build 961)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2642); Triple-DES (Cert. #1585); RSA (Certs. #1238 and #1352); SHS (Cert. #2215); HMAC (Cert. #1634); RNG (Cert. #1246); PBKDF (vendor affirmed); CVL (Cert. #123)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES
Multi-chip standalone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2193Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA 250M and NSA 250MW
(Hardware Versions: P/N 101-500343-58, Rev. A (NSA 250M) and P/N 101-500326-61, Rev. A (NSA 250MW); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2192Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA E10000 Series
(Hardware Versions: P/N 101-500340-50, Rev. A (E10100), P/N 101-500336-50, Rev. A (E10200), P/N 101-500337-50, Rev. A (E10400) and P/N 101-500280-50, Rev. A (E10800); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2191Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA E8500 and NSA E8510
(Hardware Versions: P/N 101-500308-57, Rev. A (NSA E8500) and P/N 101-500344-57, Rev. A (NSA E8510); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2189Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA 4500 and NSA E5500
(Hardware Versions: P/Ns 101-500249-63, Rev. B (NSA 4500) and 101-500228-65, Rev. A (NSA E5500); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2188Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA 3500
(Hardware Versions: P/N 101-500248-63, Rev. B; Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA Series: The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2187Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA 220, NSA 220W and NSA 240
(Hardware Versions: P/Ns 101-500347-62 Rev. A (NSA 220), 101-500342-50 Rev. B (NSA 220W) and 101-500193-62 Rev. A (NSA 240); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2186Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA 2400 and NSA 2400MX
(Hardware Versions: P/N 101-500171-75, Rev. A (NSA 2400) and P/N 101-500270-50, Rev. A (NSA 2400MX); Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"The Dell SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2185Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA E6500
(Hardware Versions: P/N 101-500227-64, Rev. A; Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2183Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey Workspace W700
(Hardware Versions: P/Ns WGHC0B032G0001FIPS, WGHC0B032G0001FIPS (Rev 1), WGHC0B064G0001FIPS, WGHC0B064G0001FIPS (Rev 1), WGHC0B128G0001FIPS, WGHC0B128G0001FIPS (Rev 1), WGHB0B008G0010, WGHB0B008G0010 (Rev 1), IK-W700-32GB-SC, IK-W700-64GB-SC, IK-W700-128GB-SC and IKW700 Series [8GB, 32GB, 64GB, 128GB]; Firmware Versions: 3.0.3 and 3.0.5)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
09/26/2014
01/16/2015
07/23/2015
03/08/2016
05/26/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip standalone

"IronKey Workspace W700 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey Workspace W700 allows enterprise class device management features like policy updates, password recovery and remote kill features."
2180VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 1.650.427.1902

CST Lab: NVLAP 200928-0
VMware Kernel Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode with VMware NSS Cryptographic Module validated to FIPS 140-2 under Cert. #2155 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/20/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with PAA
VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1635); AES (Cert. #2718); SHS (Cert. #2283); HMAC (Cert. #1697); RNG (Cert. #1259)

-Other algorithms: DES; Triple-DES (non-compliant); AES-GCM (non-compliant); AES-CCM (non-compliant); AES-XTS (192 bit key; non-compliant); SHA-[384 and 512] (non-compliant); HMAC-SHA-[384 and 512] (non-compliant); RNG (X9.31 with stdrng; non-compliant)
Multi-chip standalone

"The VMware Kernel Cryptographic Module is a flexible software library providing FIPS-140-2 approved cryptographic operations for VMware products and platforms."
2179Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0
FortiOS 4.0 MR3
(Firmware Versions: FortiOS v4.0, build3830, 131223)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware06/20/2014
07/24/2014
Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested: FortiGate 3950B with FortiOS v4.0, build3767, 130920

-FIPS Approved algorithms: AES (Certs. #2607 and #2608); Triple-DES (Certs. #1572 and #1573); HMAC (Certs. #1615 and #1616); SHS (Certs. #2191 and #2192); RSA (Cert. #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)
Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2174Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

Julie Ritter
TEL: 281-514-4087

Tim McDonough
TEL: 281-518-7531

CST Lab: NVLAP 200928-0
HP BladeSystem Onboard Administrator Firmware
(Firmware Version: 3.71)
(When installed, initialized and configured as indicated in the Security Policy in Section 3 and operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware06/17/2014Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure
BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure
BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure

-FIPS Approved algorithms: AES (Cert. #2289); Triple-DES (Cert. #1439); RSA (Cert. #1178); SHS (Certs. #1972 and #1973); HMAC (Cert. #1406); RNG (Cert. #1140)

-Other algorithms: NDRNG; DSA; RC4; HMAC-SHA1-96; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure."
2172McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0
NSM Application Cryptographic Module
(Software Version: 7.1.15.1.11)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/17/2014Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a GIGABYTE GA-EP45-UD3P

-FIPS Approved algorithms: AES (Cert. #2469); HMAC (Cert. #1513); RNG (Cert. #1198); RSA (Cert. #1259); SHS (Cert. #2083); CVL (Cert. #78)

-Other algorithms: RSA (key wrapping; non-compliant); MD5; HMAC-MD5; NDRNG
Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application."
2170DragonWave Inc.
600-411 Legget Drive
Ottawa, Ontario K2K 3C9
Canada

Erik McLaughlin
TEL: 613-599-9991

Greg Friesen
TEL: 613-599-9991

CST Lab: NVLAP 200928-0
DragonWave® Secure Cryptographic Module
(Hardware Versions: Horizon® Quantum (PN: 74-000320) and Horizon® Compact+ (PN: 74-000320) with Tamper Evident Seal (PN: 65-000185-01-01); Firmware Versions: 1.2.5 (Compact+) and 1.3 (Quantum))
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid06/12/2014Overall Level: 1


-Tested: Horizon Quantum (PN 60-000471-03) and Horizon Compact+ (PN CP-HP-18-B1-S-X-010-N-00-R1) with QNX Neutrino Real-Time Operating System Version 6.4.1

-FIPS Approved algorithms: AES (Certs. #2706, #2707, #2708 and #2709); Triple-DES (Certs. #1625 and #1626); RSA (Certs. #1404 and #1405); SHS (Certs. #2273 and #2274); RNG (Certs. #1256 and #1257); HMAC (Certs. #1687 and #1688); CVL (Certs. #164 and #165)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength); DSA (non compliant); MD5; SHA-[224, 384 and 512] (non-compliant); HMAC-SHA-[224, 256, 384 and 512] (non-compliant); RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant)
Multi-chip standalone

"The DragonWave® Secure Cryptographic Module is a hybrid cryptographic module consisting of firmware and hardware. The hardware portion of the module provides AES for bulk data encryption between two Horizon Compact+ or Horizon Quantum peer devices in a radio link, while the firmware provides cryptographic state management as well as secure peer-to-peer management communications over a protected TLS tunnel."
2168Tendyron Corporation
Room 1908, Shougang International Building
No. 60 Xizhimen North Street
Haidian District
Beijing 100082
People's Republic of China

Mr. Blair Liang
TEL: +86-10-5667566 ext. 1006
FAX: +86-10-56675667

Mr. Yang Liu
TEL: +86-10-56675666 ext. 3301
FAX: +86-10-56675667

CST Lab: NVLAP 100414-0
OnKey193 USB Token
(Hardware Version: 122.V102; Firmware Version: DBFips-V0.1.12-120313-C000)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/11/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #889); RNG (Cert. #509); RSA (Certs. #430 and #1138); SHS (Certs. #879 and #1735); Triple-DES (Cert. #725)

-Other algorithms: AES (Cert. #889, key wrapping); RSA (Cert. #430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #725, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The OnKey193 USB Token provides RSA, TDES, AES, RNG cryptographic service for government and corporate identification, payment, banking and Web applications."
2167Neopost Technologies, S.A.
113 Rue Jean Marin Naudin
Bagneux 92220
France

Nathalie TORTELLIER
TEL: +33 1 45 36 30 72
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 200983-0
Neopost Postal Security Device (PSD)
(Hardware Versions: A0014227-B, A0014227-C; Firmware Versions: a22.17.01, a22.17.02, a23.08.01, a23.08.03, a28.02.01, a28.02.04, a28.05 and a28.08)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/11/2014
08/29/2014
09/18/2015
01/04/2016
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Certs. #2565 and #2566); ECDSA (Cert. #441); HMAC (Certs. #1583 and #1603); CVL (Cert. #92); RNG (Cert. #1217); RSA (Cert. #1314); SHS (Cert. #2162)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant)
Multi-chip embedded

"The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access."
2163MikroM GmbH
Dovestrasse 3
Berlin, Berlin 10587
Germany

Holger Krahn
TEL: +49 30 398839 0
FAX: +49 30 398839 29

Michael Hagemeister
TEL: +49 30 398839 0
FAX: +49 30 398839 29

CST Lab: NVLAP 100432-0
MVC201
(Hardware Versions: MVC201-IS1 rev.1.1, MVC201-IF1 rev.1.1, MVC201-MS1 rev.1.1, MVC201-MF1 rev.1.1, MVC201-RS1 rev.1.1 and MVC201-RS2 rev.1.1; Firmware Versions: 1.10.65.18189, 1.10.68.18200, 1.20.98.19460 and 1.20.118.19949; Bootloader Versions: 1.3.5.17849, 1.3.7.18217 and 1.3.7.17798)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/05/2014
07/24/2014
05/08/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: RSA (Cert. #1034); AES (Certs. #1994, #1995, #1996, #1997 and #2898); RNG (Cert. #1047); HMAC (Certs. #1206, #1207 and #1833); SHS (Certs. #1748, #1749 and #1750)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box
Multi-chip embedded

"MVC201 - Digital Cinema Image Media Block for integration into a TI Series 2 DLP Cinema projector"
2161McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F, and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.1)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/27/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2159Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200928-0
Unified Crypto Module
(Hardware Version: PL-0000235-2; Firmware Version: 2.1.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/27/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1538, #2026 and #2417); Triple-DES (Cert. #1505); RNG (Certs. #1173 and #1193); SHS (Cert. #2074); HMAC (Cert. #1502); RSA (Cert. #1249); DSA (Cert. #755); ECDSA (Cert. #397)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG
Multi-chip embedded

"The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic."
2154McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100E, 2150E and 4150E
(Hardware Versions: NSA-1100-FWEX-E, NSA-2150-FWEX-E, NSA-4150-FWEX-E with FRU-686-0089-00; Firmware Version: 8.3.1)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/14/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength).
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2153McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Virtual Appliance for Crossbeam
(Software Version: 8.3.1)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/13/2014Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on Crossbeam XOS v9.9.0 running on a Crossbeam X80-S AC (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725); CVL (Certs. #127 and #129)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2147SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, Ontario K2L1A1
Canada

Paul Hampton
TEL: +44 (0) 1276 608057
FAX: +44 (0) 1276 608080

CST Lab: NVLAP 200427-0
SafeNet LUNA® EFT
(Hardware Versions: GRK-15, Version Code 0100; Firmware Version: MAL1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2629); RNG (Cert. #1242); RSA (Cert. #1350); SHS (Cert. #2212); Triple-DES (Cert. #1578)

-Other algorithms: N/A
Multi-chip standalone

"SafeNet LUNA® EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
2146Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 881W, 881GW, 1941W, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, and C819HWD-A-K9 Integrated Services Routers (ISRs)
(Hardware Versions: Cisco 881W, 881GW, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, C819HWD-A-K9 and 1941W with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Versions: Router Firmware Version: IOS 15.2(4)M6A and AP Firmware Version: 15.2.2-JB)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014
08/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648, #1791, #2611 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627, #1606 and #1618); RNG (Cert. #1236); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2194, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco 800 Series Integrated Services Routers are fixed-configuration routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer wireless, Metro Ethernet, and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2144Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0
FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B and FortiGate-3951B with SKU-FIPS-SEAL-RED; Firmware Versions: FortiOS v4.0, build3830, 131223)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/06/2014
07/24/2014
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2607 and #2608); Triple-DES (Certs. #1425, #1572 and #1573); HMAC (Certs. #1396, #1615 and #1616); SHS (Certs. #1959, #2191 and #2192); RSA (Certs. #1169 and #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)
Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
2142RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.17)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/06/2014
02/12/2016
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Timesys Linux 2.6.28-rt16 running on a Konica Minolta A5C1H020 with PowerPC (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2248); DRBG (Cert. #272); DSA (Cert. #700); ECDSA (Certs. #356 and #358); HMAC (Cert. #1377); RNG (Cert. #1122); RSA (Cert. #1153); SHS (Cert. #1937); Triple-DES (Cert. #1407)

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES; ECIES; Entropy RNG; HMAC MD5; MD2; MD5; OTP RNG; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)
Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2139IBM® Corporation
1701 North Street, Building 256-3
Endicott, NY 13760
USA

Brian W. Hugenbruch
TEL: 607-429-3660
FAX: 607-429-5920

William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

CST Lab: NVLAP 200658-0
IBM® z/VM® Version 6 Release 3 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 5735FAL00: z/VM Version 6 Release 3 plus APAR PM95516)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid04/30/2014Overall Level: 1

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with z/VM Version 6 Release 3 running on IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976 and #2627); Triple-DES (Certs. #769 and #1577); DSA (Cert. #792); RSA (Cert. #1344); SHS (Certs. #946 and #2203); HMAC (Cert. #1624); RNG (Cert. #1241); CVL (Cert. #110)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5
Multi-chip standalone

"Module Description: z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
2137McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Chela Diaz de Villegas
TEL: 651-628-1642

CST Lab: NVLAP 200416-0
McAfee Vulnerability Manager Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/29/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 64-bit running an Intel Xeon on a McAfee® Firewall Enterprise Control Center (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2176); Triple-DES (Cert. #1378); HMAC (Cert. #1332); SHS (Cert. #1888); RSA (Cert. #1122); RNG (Cert. #1102)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (non-compliant)
Multi-chip standalone

"The McAfee Vulnerability Manager Cryptographic Module scans specified targets for vulnerabilities and misconfiguration. It provides a management interface to configure the system and generate reports regarding the results of the scans."
2135AFORE Solutions Inc.
2680 Queensview Drive
Suite 150
Ottawa, Ontario K2B 8J9
Canada

Tim Bramble
TEL: 613-224-5995 x232
FAX: 613-224-5410

CST Lab: NVLAP 200928-0
CloudLink Crypto Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/24/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 with PAA
Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2545); Triple-DES (Cert. #1540); SHS (Cert. #2146); HMAC (Cert. #1566); RNG (Cert. #1220); DRBG (Cert. #378); RSA (Cert. #1300); DSA (Cert. #778); CVL (Cert. #104)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECC CDH (non-compliant); ECDSA (non-compliant); Dual-EC DRBG (non-compliant)
Multi-chip standalone

"The CloudLink Crypto Module is a general purpose cryptographic library which provides cryptographic services for all CloudLink application modules."
2133SecureAgent® Software Inc.
2448 E. 81st Street
Tulsa, OK 74137
USA

Steve Soodsmas
TEL: 918-971-1600
FAX: 918-971-1623

CST Lab: NVLAP 200416-0
SecureAgent® Software Cryptographic Module
(Software Version: 2.2.006)
(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/25/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Sun Solaris 10 running on an IDG 9074 Secure Communications Controller (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2044); SHS (Cert. #1790); HMAC (Cert. #1243); RNG (Cert. #1067)

-Other algorithms: NDRNG; AES (non-compliant); RSA (non-compliant); DSA (non-compliant); SHA-1 (non-compliant); SHA-224 (non-compliant); SHA-256 (non-compliant); SHA-384 (non-compliant); SHA-512 (non-compliant); ANSI X9.31 RNG (non-compliant); PBKDF (non-compliant); TDES (non-compliant); ARCFOUR; BLOWFISH; CAMELLIA; CAST5; DES; RC2; SEED; SERPENT; TWOFISH; Elgamal; HAVAL; MD2; MD4; MD5; RMD160; TIGER; TIGER1; TIGER2; WHIRLPOOL; SIMPLE_S2K; SALTED_S2K; ITERSALTED_S2K
Multi-chip standalone

"The SecureAgent® Software Cryptographic Module provides the core cryptographic services for several secure communications and controller systems designed and manufactured by SecureAgent® Software."
2132McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 S
(Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/30/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: Diffie-Hellman (non-compliant); MD5; NDRNG
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2131McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 P
(Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/30/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: NDRNG; RSA (non-compliant); Diffie-Hellman (non-compliant); MD5
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2130Northrop Grumman M5 Network Security
Canberra, AustraliaLevel 1218 Northbourne AveBraddon, ACT 2612
Level 1 / 218 Northbourne Ave
Braddon, ACT 2612
Australia

Warwick Hoyle
TEL: +611300656019
FAX: +611300365893

Kristian Howard
TEL: +611300656019
FAX: +611300365893

CST Lab: NVLAP 200900-0
SCS Linux Kernel Cryptographic Services module
(Software Version: kernel-PAE-2.6.32.14-127.scs.fips.fc12.i686)
(When operated in FIPS mode with module OpenSSL FIPS Object Module V2 validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/06/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-100
Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-200 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2604); Triple-DES (Cert. #1569); RNG (Cert. #1232); SHS (Cert. #2188); HMAC (Certs. #1126 and #1612)

-Other algorithms: DES; Triple-DES CTR (non-compliant); AES GCM (non-compliant)
Multi-chip standalone

"A FIPS module that provides a C-language application program interface (API) for use by other processes that require cryptographic functionality within the SCS 100 and 200 hardware platforms."
2129Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0
RFS7000 SERIES Wireless Controller
(Hardware Versions: RFS-7010 and RFS-7010 GR; Firmware Version: 5.4.10.0-050GR)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/25/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762 and #2625); HMAC (Cert. #1623); CVL (Certs. #106, #107, #108 and #109); RNG (Cert. #1240); RSA (Cert. #1342); SHS (Certs. #769 and #2201); Triple DES (Certs. #667 and #1576)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5
Multi-chip standalone

"The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability."
2123McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.1)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/09/2014Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2122VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0
VMware Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/04/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server
VMware vCloud Networking and Security 5.5.0a vShield Manager OS (VMware vCloud Networking and Security 5.5.0a App Firewall OS) on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1620); AES (Cert. #2701); SHS (Cert. #2268); HMAC (Cert. #1682); RNG (Cert. #1255); DSA (Cert. #822); RSA (Cert. #1399)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The VMware Cryptographic Module is a software library providing FIPS 140-2 -approved cryptographic algorithms and services for protecting data-in-transit and data-at-rest on VMware products and platforms."
2120Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung OpenSSL Cryptographic Module
(Software Version: SecOpenSSL2.0.3)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/28/2014Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II
Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2351 and #2411); HMAC (Certs. #1458 and #1496); SHS (Certs. #2026 and #2069); Triple-DES (Certs. #1471 and #1501); RSA (Certs. #1212 and #1245); DSA (Certs. #735 and #753); ECDSA (Certs. #386 and #396); RNG (Certs. #1171 and #1190); DRBG (Certs. #299 and #321); CVL (Certs. #56 and #72)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Triple-DES-CTR (non-compliant); AES-CTR (non-compliant); MD4; MD5; MDC-2; RC2; RC4; RIPEMD-160; Diffie-Hellman; md_rand.c; DRBG (Certs. #299 and #321; DUAL-EC; non-compliant)
Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2117Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0
Juniper Networks EX3300, EX4200, EX4500 Ethernet Switches
(Hardware Versions: EX3300-24P, EX3300-24T, EX3300-24T-DC, EX3300-48T, EX3300-48T-BF, EX3300-48P, EX4200-24P, EX4200-24PX, EX4200-24T, EX4200-24F, EX4200-48P, EX4200-48PX, EX4200-48T, EX4500-40-FB and EX4500-40-BF with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)
(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/28/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG
Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2115Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0
FortiAnalyzer-4000B
(Hardware Version: 4000-B with SKU-FIPS-SEAL-RED; Firmware Versions: v4.0, build3059, 130918)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/26/2014Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5
Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securelyaggregate log data from Fortinet devices and other syslog-compatible devices.Using a comprehensive suite of customizable reports, users can filter and reviewrecords, including traffic, event, virus, attack, Web content, and email data."
2114Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

Jun Wang
TEL: 408-338-6680
FAX: 408-517-4710

CST Lab: NVLAP 200427-0
Proofpoint Security Library
(Software Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/26/2014Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Dell Latitude E6400 w/ Cent OS 5 running JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1814); ECDSA (Cert. #250); RNG (Cert. #956); RSA (Cert. #909); SHS (Cert. #1591)

-Other algorithms: AES RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); Extended Secure Remote Password; Secure Remote Password; RC2; Triple-DES (non-compliant)
Multi-chip standalone

"The module is a Java language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.6 or later."
2113Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0
FortiGate-VM Virtual Appliances
(Software Version: 4.0 MR3)
(When operated in FIPS mode and when installed, initialized and configured as specified in Section FIPS 140-2 Compliant Operation of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/25/2014Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with FortiOS 4.0 MR3 on VMWare ESXi 5.0.0 Update 1 running on a Dell PowerEdge R410

-FIPS Approved algorithms: Triple-DES (Certs. #1503 and #1504); AES (Certs. #2414 and #2415); SHS (Certs. #2071 and #2072); HMAC (Certs. #1500 and #1501); RSA (Cert. #1248); RNG (Cert. #1192)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 188 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)
Multi-chip standalone

"FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform."
2112AT&T Services, Inc.
530 McCullough, 2B60
San Antonio, TX 78215
USA

Jody Hagemann
TEL: 732-457-1891

CST Lab: NVLAP 200928-0
AT&T Toggle Cryptographic Security Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/25/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110
Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110
Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2
Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2
iOS v5 running on a iPad3
iOS v6 running on a iPhone5
Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)
Multi-chip standalone

"The AT&T Toggle Cryptographic Security Module (TCSM) 1.0 provides cryptographic services for the Toggle. The TCSM modules provide low level Encryption and MAC Hashing routines, for protecting and securing mobile devices. The TCSM provides a highly secure encrypted container for enterprise-managed mobile applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device. Toggle provides application level security, an automated application wrapping process and dynamic app-based security policy cont"
2111Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, Ontario N2G 4Y7
Canada

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01 [A] or 000-102675-02 [B]; Firmware Versions: 1.0.1-2641 [A], 1.0.3-3047 [A], 1.1.0-3271 [A], 1.2.0-3400 [A], 1.2.1-3546 [A], 1.3.0-3704 [A], 1.3.2-3709 [A], 1.5.0-3848 [A], 1.5.2-3897 [A], 1.6.0-3934 [B] or 1.7.0-4209 [B])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/21/2014
06/05/2014
10/16/2014
05/29/2015
06/27/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); CVL (Cert. #97)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box
Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
2109Pulse Secure, LLC.
2700 Zanker Road, Suite 200
San Jose, CA 95134
USA

Yvonne Sang
TEL: 408-372-9600

CST Lab: NVLAP 200697-0
Odyssey Security Component Kernel Mode
(Software Version: 2.50)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/21/2014
02/13/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows 7 SP1 64-bit on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1990); Triple-DES (Cert. #1291); SHS (Cert. #1745); HMAC (Cert. #1203); DSA (Cert. #636); RSA (Cert. #1032); RNG (Cert. #1045)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); AES (Cert. #1990, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; RSA (encrypt/decrypt)
Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC Kernel Mode is a kernel-mode binary module for the Windows operating system."
2108OpenPeak, Inc.
1750 Clint Moore Road
Boca Raton, FL 33487
USA

Eric Jen
TEL: 561-289-0214

Howard A. Kwon
TEL: 561-893-7930
FAX: 561-208-8026

CST Lab: NVLAP 200928-0
OpenPeak Cryptographic Security Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/19/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110
Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110
Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2
Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2
iOS v5 running on a iPad3
iOS v6 running on a iPhone5
Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)
Multi-chip standalone

"The OpenPeak Cryptographic Security Module (OCSM) 1.0 provides underlying cryptography primitives for OpenPeak’s ADAM platform, an advanced device and application management suite that provides comprehensive Mobile Enterprise Management as a cloud-hosted service. The OCSM provides a secure encrypted container for enterprise-managed applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device."
2105Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0
FortiAnalyzer 4.0 MR3
(Firmware Versions: v4.0, build3059, 130918)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware03/19/2014Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested: FortiAnalyzer 4000-B with FortiAnalyzer v4.0, build3059, 130918

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5
Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securelyaggregate log data from Fortinet devices and other syslog-compatible devices.Using a comprehensive suite of customizable reports, users can filter and reviewrecords, including traffic, event, virus, attack, Web content, and email data."
2104Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
NSA E7500
(Hardware Versions: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.9.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/18/2014
04/21/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"NSA E-Class: The Dell SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2103SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2L1A1
Canada

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0
ProtectServer Gold (PSG)
(Hardware Versions: B2, B3, B4 and PSG-01-0101; Firmware Version: 3.20.01)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/14/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2605); DSA (Cert. #790); ECDSA (Cert. #449); HMAC (Cert. #1613); RNG (Cert. #1233); RSA (Cert. #1332); SHS (Cert. #2189); Triple-DES (Cert. #1570); Triple-DES MAC (Triple-DES Cert. #1570, vendor affirmed)

-Other algorithms: AES (Cert. #2605, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #2605, non-compliant); ARIA; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); ECIES; IDEA 128; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength); SEED 128; SEED MAC; Triple-DES (Cert. #1570, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)
Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
2102Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0
Juniper Networks EX6200 and EX8200 Ethernet Switches Routing Engines
(Hardware Versions: EX6200-SRE64-4XS, EX8208-SRE320 and EX8216-RE320 with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)
(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/11/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514 ); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG
Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2096WatchDox, Inc.
299 S California Ave.
Palo Alto, CA 94306
USA

Adi Ruppin
TEL: 800-209-1688

CST Lab: NVLAP 200427-0
WatchDox® CryptoModule
(Software Version: 1.0)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/05/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6 running on a Dell Poweredge SC1420 without PAA (gcc Compiler Version 4.4.4)
Windows 7 32-bit running on an Intel Core (x64) with PAA running on an Intel Client Desktop (gcc Compiler Version 4.7.3)
Apple iOS 6.1 running on an ARMv7 with NEON on an iPhone 5 (gcc Compiler Version 4.2.1)
Android 4.1 running on an ARM Cortex A9 with NEON on a Samsung Galaxy S3 Mini (gcc Compiler Version 4.6.3) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2623); ECDSA (Cert. #451); HMAC (Cert. #1621); RNG (Cert. #1239); RSA (Cert. #1340); SHS (Cert. #2199)

-Other algorithms: CVL (non-compliant); DRBG (non-compliant); DSA (non-compliant); EC Diffie-Hellman; RSA (encrypt/decrypt); Triple-DES (non-compliant)
Multi-chip standalone

"The WatchDox Crypto Module provides the services necessary to support the cryptographic features and functions of the WatchDox Secure File Sharing services and products."
2094Securonix, Inc.
5777 W. Century Blvd.
Suite #838
Los Angeles, CA 90045
USA

Chris Bell
TEL: 415-380-0806

CST Lab: NVLAP 100432-0
Intelligence Platform Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/28/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Intelligence Platform Cryptographic Module provides cryptographic functions for the Intelligence Platform products from Securonix."
2092Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung FIPS BC for Mobile Phone and Tablet
(Software Versions: SBC1.45_2.0 and SBC1.45_2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/26/2014Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II
Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2353 and #2409); SHS (Certs. #2027 and #2067); RNG (Certs. #1172 and #1189); Triple-DES (Certs. #1472 and #1499); HMAC (Certs. #1459 and #1494); RSA (Certs. #1213 and #1243); DSA (Certs. #736 and #751)

-Other algorithms: Blowfish; Camellia; Camellia Light; CAST5; CAST6; DES; GOST28147-89; IDEA; IES; Rijndal; RC2; RC4; RC5; RC6; SEED; Serpent; TEA; Twofish; XTEA; Grain218; GrainV1; HC128; HC256; ISAAC; Salsa20; VMPC; Elgamal; Naccache-Stern; MD2; MD4; MD5; RIPEMD-128; RIPEMD-160; RIPEMD-256; RIPEMD-320; Tiger; Whirlpool; GOST3411; ISO9797; HMAC based on RFC 2104; VMPC-MAC; SRP6; ECMQV; Digest random generator; VMPC random number generator; Thread-based seed generator; Reverse window generator; AES light (non-compliant); ECDSA (non-compliant); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant); Skipjack (non-compliant); Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); RSA (non-compliant); DSA (non-compliant)
Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2090Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco ASR 1001 [1][K1], ASR 1002 [2][K2][E1 or E2], ASR1002-X [3][K2], ASR 1004 [4][K3][R1 or R2][E2, E3 or E4], ASR 1006 [5][K4][single or dual E2, E3, E4 or E5][dual R1 or R2] and ASR 1013 [6][K5][E4 or E5][R2]
(Hardware Versions: ASR1001 [1], ASR1002 [2], ASR1002-X [3], ASR1004 [4], ASR1006 [5] and ASR1013 [6]; FIPS KITs: ASR1001-FIPS-Kit [K1], ASR1002- FIPS-Kit [K2], ASR1004-FIPS-Kit [K3], ASR1006-FIPS-Kit [K4] and ASR1013-FIPS-Kit [K5]; Embedded Services Processors: ASR1000-ESP5 [E1], ASR1000-ESP10 [E2], ASR1000-ESP20 [E3], ASR1000-ESP40 [E4] and ASR1000-ESP100 [E5]; Route Processors: ASR-1000-RP1 [R1] and ASR-1000-RP2 [R2]; Firmware Version: 3.7.2tS)
(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/26/2014Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #333, #2346 and #2549); DRBG (Cert. #382); HMAC (Certs. #137, #1455 and #1570); RNG (Certs. #154 and #1170); RSA (Cert. #1304); SHS (Certs. #408, #2023 and #2150); Triple-DES (Certs. #397, #1469 and #1543)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IKE KDF; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF
Multi-chip standalone

"The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments."
2088McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0
McAfee Database Security Sensor Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 4)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/25/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 64-bit with VMWare ESXi 4.0 running on a HP Proliant DL185 GS
Windows Server 2008 64-bit with VMWare ESXi 5.0 running on a HP Proliant DL380 GS
AIX 5.3 on a IBM 9115-305
HP-UX 11.23 running on a HP RX2600 Server
Red Hat Enterprise Linux 5.9 with VMWare ESXi 5.0 running on a Dell PowerEdge R510
CentOS 5.5 with VMWare ESXi 5.0 running on a Dell PowerEdge R510
SUSE 11 patch 2 with VMWare ESXi 5.0 running on a Dell PowerEdge R510
Solaris 9 running on a Sun UltraSPARC C-III (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1557); AES (Cert. #2571); SHS (Cert. #2166); HMAC (Cert. #1587); RNG (Cert. #1223); DSA (Cert. #786); RSA (Cert. #1318)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The McAfee Database Security Sensor Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the McAfee Database Security Sensor."
2087Fixmo, Inc.
15 Toronto Street
Suite 1100
Toronto, Ontario M5C 2E3
Canada

Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0
Server Crypto Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/24/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Fixmo Server Crypto Module provides cryptographic functions for Fixmo products and solutions."
2085Curtiss-Wright
333 Palladium Drive
Kanata, Ontario K2V 1A6
Canada

Aaron Frank
TEL: 613-599-9199 ext 5242
FAX: 613-599-7777

Johan A Koppernaes
TEL: 613-599-9199 ext 5817
FAX: 613-599-7777

CST Lab: NVLAP 200996-0
VPX3-685 Secure Routers
(Hardware Versions: Air-Cooled Chassis: VPX3-685-A13014-FC and VPX3-685-A13020-FC; Conduction-Cooled Chassis: VPX3-685-C23014-FC and VPX3-685-C23020-FC; Firmware Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/2014
05/22/2014
12/22/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip embedded

"The VPX3-685 Secure Routers are used for strong security in the embedded defense and aerospace industries. They support industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption."
2084GOTrust Technology Inc.
10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist.
Taichung, Taiwan 408
Republic of China

Sean Huang
TEL: +886-4-23202525
FAX: +886-4-23202580

CST Lab: NVLAP 200824-0
GO-Trust SDencrypter
(Hardware Version: GT-3001 with GT-0330; Firmware Versions: 4.1.0.8 with 80023802-33860406 and 80023802-33860506)
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/22/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1664); HMAC (Cert. #1426); KDF (Cert. #7); RNG (Cert. #999); RSA (Cert. #976); SHS (Cert. #1672); Triple-DES (Cert. #1237)

-Other algorithms: AES (Cert. #1664, key wrapping; key establishment methodology provides 256 bits of encryption strength); AESKW (SP 800-38F, vendor affirmed);
Multi-chip embedded

"SDencrypter is a hardware security module embedded into one microSD. The entire encryption, decryption, key generation process is completed inside the module. Fast íºin-chipí¿ processing, using a high-performance smart card chip, supports streaming voice and media operations. High-assurance protection is provided to keys and sensitive data which are encrypted and stored inside the chip."
2083FiberLogic Communications, Inc.
5F-3, No.9 Prosperity Road One, Science-Park
Hsinchu, Taiwan 30078
Republic of China

Jun Tseng
TEL: +886-3-5638889
FAX: +886-3-5638899

CST Lab: NVLAP 200824-0
TS-250
(Hardware Version: 1.0; Firmware Version: 1.0.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1903); DSA (Cert. #601); HMAC (Cert. #1143); RNG (Certs. #997 and #1000); SHS (Cert. #1673)

-Other algorithms: AES (Cert. #1903, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HRNG
Multi-chip standalone

"The TS-250 can encrypt the high speed network traffic passed through. The module can be configured to encrypt different layer of network traffic, e.g., from Ethernet frame payload or from IP packet payload."
2078Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

Marvin Pribadi
TEL: 415-645-5185
FAX: 415-645-4000

CST Lab: NVLAP 100432-0
CAT904 Dolby® JPEG 2000/MPEG-2 Processor
(Hardware Versions: P/N CAT904Z Revisions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 1.3.4.21)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650); RSA (Cert. #233); SHS (Certs. #592 and #1086)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF
Multi-chip embedded

"The CAT904 Dolby® JPEG 2000/MPEG-2 Processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
2077Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
Oracle Solaris Userland Cryptographic Framework
(Software Versions: 1.0 and 1.1)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/06/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server
Oracle Solaris 11.1 running on a Sun Server X3-2 with PAA
Oracle Solaris 11.1 running on a Sun Server X3-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2308 and #2569); Triple-DES (Certs. #1455 and #1556); RSA (Certs. #1191 and #1317); DSA (Certs. #726 and #785); ECDSA (Certs. #373 and #443); SHS (Certs. #1992 and #2165); HMAC (Certs. #1422 and #1586); RNG (Certs. #1150 and #1221)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them."
2076Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/06/2014Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server
Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2310 and #2572); Triple-DES (Certs. #1457 and #1558); RSA (Certs. #1193 and #1319); DSA (Certs. #727 and #787); ECDSA (Certs. #375 and #444); SHS (Cert. #1994); HMAC (Certs. #1424 and #1594); RNG (Certs. #1153 and #1224)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography."
2075Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1 or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.240.0, 7.0.250.0 or 7.0.251.2)
(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/29/2014
02/20/2014
03/13/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Cert. #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1230 and #2014); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); FIPS 186-2 RNG (Cert. #741); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2071Fujitsu limited
4-1-1 Kamikodanaka
Nakahara-ku
Kawasaki, Kanagawa 211-8588
Japan

Eugene Owens
TEL: 408-746-6486
FAX: 408-746-8016

Hiroyuki Miura

CST Lab: NVLAP 200822-0
ETERNUS DX400/DX8000 Controller Module
(Firmware Version: V20L80-1000)
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware01/24/2014Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested: ETERNUS DX410 with VxWorks 6.3
ETERNUS DX8400 with VxWorks 6.3

-FIPS Approved algorithms: AES (Cert. #2542); RNG (Cert. #1207); SHS (Cert. #2142)

-Other algorithms: Fujitsu Original Encryption (Encryption/Decryption); AES (Cert. #2542, key wrapping)
Multi-chip embedded

"ETERNUS DX400/DX8000 Controller Module is a module which manages the whole disk storage system. In order to prevent a data leakage by removal of disks, the disk encryption mechanism encrypts data on the disks. This encryption function is valid if the Disk Encryption mechanism is activated through GUI."
2069Hewlett-Packard Company
8000 Foothills Blvd
Roseville, CA 95747
USA

Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0
HP Networking 3800 Switch Series
(Hardware Versions: Switches: (3800-24G-PoE+-2SFP+ Switch (J9573A) [1]; 3800-48G-PoE+-4SPF+ Switch (J9574A) [2]; 3800-24G-2SFP+ Switch (J9575A) [3]; 3800-48G-4SFP+ Switch (J9576A) [4]; 3800-24G-2XG Switch (J9585A) [5]; 3800-48G-4XG Switch (J9586A) [6]; 3800-24G-PoE+-2XG Switch (J9587A) [7]; 3800-48G-PoE+-4XG Switch (J9588A) [8] and 3800-24SFP-2SFP+ Switch (J9584A) [9]); Power Supplies: (J9580A [1,2,7,8] and J9581A [3,4,5,6,9]) with Tamper Evident Seal Kit: J9740A; Firmware Version: KA.15.10.0015)
(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2013Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2051); Triple-DES (Cert. #1322); HMAC (Cert. #1248); SHS (Certs. #1795 and 1796); RSA (Certs. #1067 and #1068); DSA (Cert. #649); RNG (Cert. #1071)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; MD5-96; SHA-1-96 (non-compliant); RNG (Cert. #544; non-compliant); NDRNG
Multi-chip standalone

"The HP Networking 3800 Switch Series cryptographic modules are a family of next-generation gigabit Layer 2/3 enterprise-class access layer switches. The 3800 Switch Series, which is designed with a custom HP ProVision ASIC, delivers unmatched performance and scalability to meet the needs of the most demanding enterprise networks. The HP Networking 3800 Switch Series modules integrate 10 Gb connectivity for high-performance links to the network aggregation and core; allowing for increased throughput and network link redundancy."
2068McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Andy Nissen

CST Lab: NVLAP 200556-0
McAfee SIEM Cryptographic Module
(Software Version: 1.0)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/24/2013Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with McAfee Nitro OS 9.1 running on McAfee SIEM Appliance (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2229 and #2230); CVL (Certs. #33 and #34); DSA (Certs. #690 and #691); ECDSA (Certs. #343 and #344); HMAC (Certs. #1357 and #1358); RNG (Certs. #1115 and #1116); RSA (Certs. #1141 and #1142); SHS (Certs. #1917 and #1918); Triple-DES (Certs. #1395 and #1396)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The McAfee SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM environments."
2067McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Andy Nissen

CST Lab: NVLAP 200556-0
McAfee Virtual SIEM Cryptographic Module
(Software Version: 1.0)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/24/2013Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with McAfee Nitro OS 9.1 on VMWare ESXi 5.0 running on a McAfee SIEM appliance

-FIPS Approved algorithms: AES (Certs. #2228 and #2231); CVL (Certs. #32 and #35); DSA (Certs. #689 and #692); ECDSA (Certs. #342 and #345); HMAC (Certs. #1356 and #1359); RNG (Certs. #1114 and #1117); RSA (Certs. #1140 and #1143); SHS (Certs. #1916 and #1919); Triple-DES (Certs. #1394 and #1397)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The McAfee Virtual SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM virtual environments."
2065Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.240.0, 7.0.250.0 or 7.0.251.2)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2013
02/20/2014
02/20/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #2014, #1228 and #1230); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2063Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux 92220
France

Nathalie TORTELLIER
TEL: 33 01 45 36 30 72
FAX: 33 01 45 36 30 10

CST Lab: NVLAP 200983-0
PSD MODEL 145, 146, 147, 148
(Hardware Version: 4150859LB; Firmware Versions: P/N A0015972B, Version 28.02)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/18/2013Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #260); AES (Cert. #563); HMAC (Cert. #300); SHS (Cert. #629); ECDSA (Cert. #385); RNG (Cert. #328); CVL (Cert. #96)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip embedded

"Neopost PSD (Postal Security Device) for low range Postage Evidencing Systems (PES)."
2061Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0
Oracle Solaris Kernel Cryptographic Framework
(Software Versions: 1.0 and 1.1)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/13/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server without PAA
Oracle Solaris 11.1 running on a Sun Server X3-2 with PAA
Oracle Solaris 11.1 running on a Sun Server X3-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2309 and #2573); Triple-DES (Certs. #1456 and #1559); RSA (Certs. #1192 and #1320); ECDSA (Certs. #374 and #445); SHS (Certs. #1993 and #2173); HMAC (Certs. #1423 and #1595); RNG (Certs. #1151 and #1225)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs."
2060Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid12/13/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server
Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2311 and #2574); Triple-DES (Certs. #1458 and #1560); RSA (Certs. #1194 and #1321); ECDSA (Certs. #376 and #446); SHS (Cert. #1994); HMAC (Certs. #1425 and #1596); RNG (Certs. #1152, #1154, #1222 and #1226)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs. The module includes the SPARC T4 processor special instruction sets for hardware-accelerated cryptography."
2059Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0
Gemini
(Hardware Version: 1.0.0; Firmware Versions: 2.0.0 and 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/13/2013
05/22/2014
10/31/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829 and #830); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5
Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2055ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 200427-0
ActivIdentity Digital Identity Applet v2 on Gemalto IDCore 3020 (v2)
(Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Digital Identity Applet Suite 2.7)
(When operated with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

PIV Certificate #34

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/05/2013
02/06/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A
Single-chip

"This module is based on a Java Card platform (IDCore 3020 v2) with 128K EEPROM memory and the ActivIdentity Digital Identity Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
2052Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200697-0
MX Series 3D Universal Edge Routers with the Multiservices DPC
(Hardware Versions: [(MX240 with one to two 750-024064), (MX480 and MX960 with one to four 750-024064)] with (750-021524 and RE-S-2000-4096-S) and JNPR-FIPS-TAMPER-LBL; Firmware Version: JUNOS-FIPS 10.4R11)
(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/05/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #762, #2218, #2221 and #2222); Triple-DES (Certs. #667, #1388, #1390 and #1391); SHS (Certs. #769, #1908, #1909, #1912 and #1913); HMAC (Certs. #417, #1348, #1349, #1351 and #1352); RNG (Cert. #1112); DSA (Cert. #688); RSA (Cert. #1137)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant); SSH KDF (non-compliant); IKEv1 KDF (non-compliant); NDRNG; ANSI X9.62 RNG (non-compliant)
Multi-chip standalone

"MX Series 3D Universal Edge Routers is a family of Ethernet routers designed to meet very large scale and medium-to-small size applications. It is capable of supporting business, mobile, and residential, services in even the fastest-growing networks and markets. With the Multiservices DPC (the MX Series) provides dedicated high-performance processing for flows and sessions, and integrates advanced security capabilities that protect the network infrastructure as well as user data."
2046WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0
XTM 515, XTM 525, XTM 535 and XTM 545
(Hardware Versions: NC2AE8 (XTM 515, XTM 525, XTM 535 and XTM 545) with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.5)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/18/2013Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #1079 and #1380); AES (Certs. #1659 and #2180); SHS (Certs. #1453 and #1890); HMAC (Certs. #974 and #1334); RSA (Cert. #1124); ECDSA (Cert. #339); RNG (Cert. #1103); DSA (Cert. #684)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; TKIP; AES-CCM (non-compliant); Password Based Key Derivation Function (for 128 bit AES key; non-compliant)
Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
2044Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Key Management Module
(Software Versions: KM1.1 and KM1.3)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/18/2013Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S2 and Galaxy S3
Android Jelly Bean 4.1 running on Galaxy Note II
Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143, #2257 and #2393); SHS (Certs. #1792, #1822, #1864, #1865, #1944 and #2055); RNG (Certs. #1069, #1080, #1097, #1098, #1127 and #1185); HMAC (Certs. #1245, #1273, #1309, #1310, #1384 and #1484); PBKDF (vendor affirmed)

-Other algorithms: N/A
Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
2040McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032) with FRU-686-0089-00; Firmware Version: 8.3.1)
(When installed, initialized and configured as indicated in the Security Policy in Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/15/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2037Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; 6520 FC Switch; and 7800 Extension Switch
(Hardware Versions: {[DCX Backbone P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01; DCX 8510-8 Backbone P/Ns 80-1004917-04 and 80-1007025-01; DCX-4S Backbone P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01; DCX 8510-4 Backbone P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01)] with Blade P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01 80-1000696-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1000233-10, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05; 6510 FC Switch P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03; 6520 FC Switch P/Ns 80-1007245-01, 80-1007246-01, 80-1007242-01, 80-1007244-01 and 80-1007257-01; 7800 Extension Switch P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.1.0 (P/N 63-1001187-01))
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/13/2013Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF; TLSv1.0 KDF
Multi-chip standalone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2034Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco FIPS Object Module
(Software Versions: 3.0 and 3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/13/2013Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on HP Pro 3130 Microtower with PAA
Mac OS X 10.7 running on Apple Mac Mini 5,2 with PAA
Free BSD 9.0 running Cisco UCS C200 M2 without PAA
Linux 2.6 running on Cisco UCS C210 M2 with PAA
Linux 2.6 running on Cavium CN5200-EVP-MB4-Y without PAA
Android 4.0 running on Samsung SGH-T989 without PAA
Linux 2.6 running on Cisco ASR1K without PAA
Apple iOS 5.1 running on Apple iPad (MC705LL) without PAA
Android 4.0 running on Samsung Galaxy S II without PAA
Linux 2.6 running on a Cisco ASR1K without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2255 and #2558); CVL (Certs. #40 and #95); DRBG (Certs. #275 and #385); DSA (Certs. #703 and #783); ECDSA (Certs. #362 and #440); HMAC (Certs. #1382 and #1578); RNG (Certs. #1125 and #1215); RSA (Certs. #1156 and #1310); SHS (Certs. #1942 and #2157); Triple-DES (Certs. #1410 and #1548)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2033RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200900-0
RSA BSAFE Crypto-J Software Module
(Software Version: 4.1)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1291)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/13/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Linux 2.6 with Sun JRE 5.0 running on Samsung MFP with PowerPC (32bit)
Linux 2.6 with Sun JRE 6.0 running on Samsung MFP with ARM9 (32bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1109 and #2602); DRBG (Certs. #15 and #396); DSA (Certs. #357 and #789); ECDSA (Certs. #130 and #447); HMAC (Certs. #621 and #1609); RNG (Certs. #616 and #1231); RSA (Certs. #522 and #1330); SHS (Certs. #1032 and #2186); Triple-DES (Certs. #806 and #1568)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random
Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2032Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
VDX 6710, VDX 6720, VDX 6730 and VDX 8770 with Network OS (NOS) v3.0.1 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-04), VDX6710-54-R (P/N 80-1004702-04), VDX6720-16-F (P/N 80-1004566-07, 80-1006701-02), VDX6720-16-R (P/N 80-1004567-07, 80-1006702-02), VDX6720-24-F (P/N 80-1004564-07, 80-1006699-02), VDX6720-24-R (P/N 80-1004564-07, 80-1006700-02), VDX6720-40-F (P/N 80-1004565-07, 80-1006305-02), VDX6720-40-R (P/N 80-1004571-07, 80-1006306-2), VDX6720-60-F (P/N 80-1004568-07, 80-1006303-02), VDX6720-60-R (P/N 80-1004569-07, 80-1006304-02), VDX6730-16-F (P/N 80-1005469-03, 80-1006709-02), VDX6730-16-R (P/N 80-1005651-03, 80-1006711-02), VDX6730-24-F (P/N 80-1005648-03, 80-1006708-02), VDX6730-24-R (P/N 80-1005650-03, 80-1006710-02), VDX6730-40-F (P/N 80-1005680-03, 80-1006719-02), VDX6730-40-R (P/N 80-1005681-03, 80-1006720-02), VDX6730-60-F (P/N 80-1005679-03, 80-1006718-02), VDX6740-60-R (P/N 80-1005678-03, 80-1006717-02), VDX8770-4 (P/N 80-1005850-02, 80-1006532-02) and VDX8770-8 (P/N 80-1005905-02, 80-1006533-02) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v3.0.1)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/13/2013Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1174 and #1175)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF (non-compliant); TLS KDF (non-compliant)
Multi-chip standalone
2030Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0
Aspen
(Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1 and 1.2.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/13/2013
11/22/2013
01/23/2014
08/29/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829, #830, #1279); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5;
Multi-chip embedded

"The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2026McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0
McAfee Database Security Server Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS140_MODE)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/12/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0
Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random
Multi-chip standalone

"McAfee Database Security Server Cryptographic Module provides FIPS 140-2 validated services to the server component of the McAfee Database Security product line."
2025Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: (845) 454-6397
FAX: (801) 999-2973

Tammy Green
TEL: (845) 454-6397

CST Lab: NVLAP 200928-0
Blue Coat Systems, Software Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/12/2013
05/20/2014
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Solera Operating Environment v6.5.0 running on a Dell Poweredge model R720
Solera Operating Environment v6.5.0 on Vmware ESXi v5.0 running on Dell Poweredge model R720
Solera Operating Environment v6.6.9 on Vmware ESX 5.5 running on Dell Poweredge model R720
Solera Operating Environment v6.6.9 running on Dell Poweredge model R720 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1364); AES (Cert. #2153); SHS (Cert. #1873); HMAC (Cert. #1318); RNG (Cert. #1101); DSA (Cert. #669); RSA (Cert. #1108)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; AES-CFB1 (non-compliant); ECDSA (non-compliant); EC Diffie-Hellman
Multi-chip standalone

"The Blue Coat Systems, Software Cryptographic Module is a software multi-chip standalone module, providing cryptographic services for Solera DeepSee Software. Solera DeepSee is a solution for security intelligence and analytics that creates a complete record of network traffic. The module is a shared library that links to Solera DeepSee components."
2023Nuvoton Technology Corporation
8 Hasadnaot Street
Herzlia 46130
Israel

Rachel Menda-Shabat
TEL: (972) 9-9702219

Oren Tanami
TEL: (972)9-9702219

CST Lab: NVLAP 200556-0
Nuvoton TPM 1.2
(Hardware Version: FD5C37; Firmware Version: 4.1.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/08/2013Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #2354); RSA (Cert. #1215); SHS (Cert. #2028); HMAC (Cert. #1460); RNG (Cert. #1174); CVL (Cert. #59)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Single-chip

"Nuvoton Trusted Platform Module is a hardware cryptographic module, a member of the Nuvoton SafeKepper family, which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification for PC-Client TPM."
2018Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey S250/D250
(Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Versions: 4.0.4 and 4.0.5)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2013
02/20/2014
03/08/2016
05/26/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip standalone

"The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
2017Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0
AP 71xx Series Wireless Access Points - AP 7131N, AP 7131N-GR, AP 7161, AP 7181
(Hardware Versions: AP7131N, AP7131N-GR, AP7161, AP7181; Firmware Version: 5.4.10.0-050GR)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2013
12/20/2013
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #861, #1114, #2377 and #2378); HMAC (Cert. #1478); KDF (Cert. #10); CVL (Certs. #66, #67, #68 and #69); RNG (Cert. #1180); RSA (Cert. #1231); SHS (Certs. #1037 and #2048); Triple-DES (Cert. #1487)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG; MD5
Multi-chip standalone

"The AP-71xx Series 802.11n Wireless Access Points deliver the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual and tri-radio options provide simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and wireless intrusion detection/prevention services."
2014Atmel Corporation
1150 E. Cheyenne Mountain Blvd.
Colorado Springs, CO 80906
USA

Jim Hallman
TEL: 919-846-3391

Todd Slack
TEL: (719) 540-3021

CST Lab: NVLAP 200002-0
Atmel Trusted Platform Module
(Hardware Versions: AT97SC3204-X4 [1], AT97SC3204-U4 [1], AT97SC3204-G4 [1], AT97SC3204-H4 [1], AT97SC3205-X3 [2], AT97SC3205-U3 [2], AT97SC3205-G3 [2], AT97SC3205-H3 [2], AT97SC3205T-X3 [3], AT97SC3205T-U3 [3], AT97SC3205T-G3 [3] and AT97SC3205T-H3 [3]; Firmware Versions: 1.2.29.01 [1], 1.2.42.05 [2] and 1.2.42.06 [3])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2013
04/11/2014
05/20/2014
Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #2333 and #2806); SHS (Certs. #2015 and #2354); HMAC (Certs. #1445 and #1757); RSA (Certs. #1203 and #1469); RNG (Certs. #1163 and #1273); CVL (Cert. #250)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MGF1; NDRNG
Single-chip

"The AT97SC3204 and AT97SC3205 are single chip cryptographic modules used for cryptographic key generation, key storage and key management as well as generation and secure storage for digital certificates."
2013Dispersive Technologies, Inc.
2555 Westside Parkway
Suite 500
Alpharetta, GA 30004
USA

Douglas Dimola
TEL: 844.403.5851

CST Lab: NVLAP 200556-0
DSI V2VNet Mobile Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/05/2013
09/18/2015
Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"V2VNet Mobile Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Mobile Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2011Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-200B [1], FortiGate-300C [2], FortiGate-310B [3], FortiGate-600C [4] and FortiGate-620B [5]
(Hardware Versions: C4CD24 [1], C4HY50 [2], C4ZF35 [3], C4HR40 [4] and C4AK26 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1, 3, 5] or FIPS-SEAL-RED [2,4]; Firmware Versions: FortiOS 4.0, build3830, 131223)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/05/2013
06/27/2014
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2279, #2607 and #2608); Triple-DES (Certs. #1424, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #1960, #2191 and #2194); HMAC (Certs. #1395, #1397, #1615 and #1616); RSA (Certs. #1168, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2010Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Versions: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build3830, 131223)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/05/2013
06/27/2014
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2276, #2277, #2278, #2607 and #2608); Triple-DES (Certs. #1423, #1424, #1425, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1957, #1958, #1959, #2191 and #2192); HMAC (Certs. #1394, #1395, #1396, #1615 and #1616); RSA (Certs. #1168, #1169 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2008Hewlett-Packard TippingPoint
7501N. Capital of Texas Highway
Austin, TX 78731
USA

Dinesh Vakharia
TEL: 512-681-8271

Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0
HP TippingPoint Intrusion Prevention System
(Hardware Versions: 5200NX and 7100NX; Firmware Version: 3.5)
(When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/25/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2183); HMAC (Cert. #1337); RNG (Cert. #1105); RSA (Cert. #1126); SHS (Cert. #1892); Triple-DES (Cert. #1383)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2007GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

Pranay Kumar
TEL: 852-2507 9565
FAX: (852) 2507 1131

Peter Lin
TEL: (852) 2507 9557
FAX: (852) 2507 1131

CST Lab: NVLAP 100432-0
Standalone IMB
(Hardware Versions: GDC-IMB-v2, R8 and R9; Firmware Version: 2.0 with Security Manager Firmware Version 1.3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/25/2013Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2148 and #2149); SHS (Certs. #1869 and #1870); RNG (Cert. #1100); RSA (Cert. #1105); HMAC (Certs. #1315 and #1316)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box; EC Diffie-Hellman
Multi-chip embedded

"A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, and logging."
2005UTC Fire & Security Americas Corporation, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

Michael O'Brien
TEL: 585-267-8345

CST Lab: NVLAP 100432-0
Lenel OnGuard Communication Server
(Software Versions: 6.5.624, 6.6.287, 7.0.932 or 7.1.481)
(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode) or (Windows 8 and Windows Server 2012 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1894 operating in FIPS mode)]))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/25/2013
11/07/2014
11/25/2014
08/14/2015
10/20/2015
Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Microsoft Windows 7 running on a Dell OptiPlex 755
Microsoft Windows Server 2008 running on a Dell OptiPlex 760
Microsoft Windows 8 running on Dell OptiPlex 7010
Microsoft Windows Server 2012 running on SuperMicro 827-14 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1650 and #3088); RNG (Certs. #882 and #1313)

-Other algorithms: RC2
Multi-Chip Stand Alone

"The Lenel OnGuard Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
2003Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0
IMS-SM
(Hardware Versions: (IMS-SM-C1 and IMS-SM-C2) [1] and (IMS-SM-E1 and IMS-SM-E2) [2]; Firmware Versions: (4.0.3-0, 4.0.0-3 and 6.0.3-0) [1] and (4.2.0-4, 4.2.0-3 and 6.0.12-0) [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/30/2013
01/03/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1252, #1383 and #2220); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman (non-compliant), TI S-box
Multi-chip embedded
2001SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0
SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)
(When operated in FIPS mode. For Windows 7: With module Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/17/2013Overall Level: 1

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP3 (X86 version) running on Dell E6400
Windows 7 Ultimate Edition SP1 (X86 version) running on Dell E6400
Windows 7 Ultimate Edition SP1 (X64 version) running on Dell E6400 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)
Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
2000SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0
SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/17/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 2 with Dell Optiplex GX620 3.0 GHz Intel Pentium D Processor 830 (1 CPU), running 32-bit WindowsXP version 5.1 SP2

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)
Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
1999Thales Communications, Inc.
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

Darlo Concepcion
TEL: 240-864-7866
FAX: 240-864-7698

Jim Kent
TEL: 240-864-7681
FAX: 240-864-7698

CST Lab: NVLAP 200427-0
Liberty™ Cryptographic Module
(Firmware Version: 01.00.05.0018)
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware09/17/2013Overall Level: 1


-Tested: Thales Liberty Radio PRC7332 with Green Hills INTEGRITY Version 5.0.10

-FIPS Approved algorithms: AES (Cert. #2185); HMAC (Cert. #1338); RNG (Cert. #1106); SHS (Certs. #1893 and #1894)

-Other algorithms: AES (Cert. #2185, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #2185, vendor affirmed; P25 AES OTAR); DES; DES MAC
Multi-chip standalone

"The Liberty™ Cryptographic Module is a firmware stand alone executable module which provides FIPS 140-2 Level 1 certified cryptographic functionality for devices that utilize the APCO project 25 standard. The Liberty™ Cryptographic Module uses Green Hills Integrity™ address space seperation to provide secure isolation of the cryptographic module without requiring a separate cryptographic hardware module."
1998Motorola Mobility LLC
600 North U.S. Highway 45
Libertyville, IL 60048
USA

Jose Afonso Pinto
TEL: +55 19-3847-6580
FAX: n/a

Wesley Ribeiro
TEL: +55 19-3847-6199
FAX: n/a

CST Lab: NVLAP 100432-0
Motorola Mobility Linux Kernel Software Cryptographic Module
(Software Version: 1.0)
(No assurance of the minimum strength of provided entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/17/2013
01/03/2014
04/17/2015
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Android 4.1.2 running on a Motorola Droid Razr HD/XT926
Android 4.2.2 running on a Motorola Droid Ultra (XT1080)
Android 4.3 running on a Motorola Moto G (XT1028)
Android 4.4 running on a Motorola Moto X (XT1060)
Android 5.0.2 running on a Motorola Droid Turbo (XT1254) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2287); HMAC (Cert. #1403); RNG (Cert. #1138); SHS (Cert. #1968); Triple-DES (Cert. #1435)

-Other algorithms: N/A
Multi-chip standalone

"Motorola Mobility Linux Kernel Software Cryptographic Module is a software only Linux kernel cryptographic module intended to operate on a multi-chip standalone personal mobile device running Android. It provides general-purpose cryptographic services to the remainder of the Linux kernel. It is designed to operate at FIPS 140-2 overall security level 1."
1996Fixmo, Inc.
15 Toronto Street
Suite 1100
Toronto, Ontario M5C 2E3
Canada

Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0
Fixmo Client Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Fixmo Client Crypto Module provides cryptographic functions for Fixmo client applications and solutions."
1995Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200427-0
Sun Crypto Accelerator 6000
(Hardware Versions: 375-3424, Revisions -02, -03, -04, -05 and -06; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware versions 1.1.7, 1.1.8 or 1.1.9)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/11/2013
12/17/2013
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #397 and #2312); DSA (Cert. #319); ECDSA (Cert. #377); HMAC (Certs. #1427 and #1428); RNG (Cert. #1155); RSA (Certs. #1195 and #1196); SHS (Certs. #1995 and #1996); Triple-DES (Cert. #435)

-Other algorithms: AES (Cert. #2312, key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2
Multi-chip embedded

"The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a low-profile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1990Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0
IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Version: Rev. 14; Firmware Version: 02272013)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/13/2013Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Certs. #798 and #1165); RSA (Cert. #712); CVL (Cert. #52)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman
Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1985Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung FIPS BC for Mobile Phone and Tablet
(Software Version: SBC1.45_1.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/23/2013Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2124); SHS (Cert. #1848); RNG (Cert. #1090); Triple-DES (Cert. #1350); HMAC (Cert. #1295); RSA (Cert. #1093); DSA (Cert. #665)

-Other algorithms: MD2; MD4; MD5; DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); IES; ISSAC; SKIPJACK (non-compliant); Blowfish; Twofish; RC2; RC4; RC5; RC6; SALSA20; HC128; HC256; VMPC; SERPENT; RIJNDAEL; CAST5; CAST6; GOST28147; GOST3411; TEA; XTEA; ELGAMAL; IDEA; Tiger; RIPEMD; WHIRPOOL; ISO9797AG3MAC; GOST28147MAC; GOST3410; VPMCMAC; ECGOST3410; Grain; Camelia; Noekeon; SEED; Direct random generator; Thread-based generator; Reverse window generator; ECDSA (non-compliant); RSA (encrypt/decrypt); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant)
Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1983A10 Networks, Inc.
3 West Plumeria Drive
San Jose, CA 95134
USA

John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200968-0
AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-11-GCF, AX5100, AX5200-11, AX1030, AX3030, AX3400, AX3200-12, AX3530 and AX5630, and Thunder Series Application Delivery Controller TH1030S, TH3030S, TH5430S, and TH6430S
(Hardware Versions: AX2500[1,2], AX2600-GCF[1,2], AX3000-11-GCF[1,2], AX5100[1,2], AX5200-11[1,2], AX1030[2], AX3030[2], AX3400[2], AX3200-12[2], AX3530[2], AX5630[2], TH1030S[3], TH3030S[3], TH5430S[3], and TH6430S[3]; Firmware Versions: R261-GR1-P7[1], R270-P2[2] and R271-P2[3])
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/23/2013
12/20/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128, #1129 and #1463); AES (Certs. #1693, #1739, #1740 and #2329); SHS (Certs. #1480, #1519, #1524, #1525 and #2013); HMAC (Certs. #985, #1011, #1016, #1017 and #1444); RSA (Certs. #829, #858, #862, #863 and #1202); RNG (Certs. #900 and #1088)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1982Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45V+E, WS-X4712-SFP+E, WS-X4640-CSFP-E, WS-X4748-NGPOE+E, and WS-X4748-RJ45-E)
(Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, A], Catalyst 4503-E [2, 5, 7, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, D], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C] and WS-C4510-FIPS-KIT= [D]) and Filler Plate (C4K-SLOT-CVR-E); Firmware Version: 3.3.1SG)
(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/17/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1977 and #2057); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1977, key wrapping; key establishment methodology provides 256 bits of encryption strength)
Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
1973McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Virtual Appliance for Crossbeam XOS
(Software Version: 8.2.1)
(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/10/2013Overall Level: 1

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with McAfee Secure OS v8.2 on Crossbeam XOS v9.6.0 running on a Crossbeam X-60
McAfee Secure OS v8.2 on Crossbeam XOS v9.9.0 running on a Crossbeam X-60 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1960McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Virtual Appliance for VMware ESXi 4.1
(Software Version: 8.2.1)
(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/12/2013Overall Level: 1

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with McAfee Secure OS v8.2 on VMware ESXi v4.1 running on a McAfee 7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1959Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0
Check Point CryptoCore
(Software Version: 2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/12/2013Overall Level: 1

-EMI/EMC: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without PAA (User Space)
Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without PAA (Kernel Space)
Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with PAA (User Space)
Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with PAA (Kernel Space)
Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without PAA (User Space)
Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without PAA (Kernel Space)
Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with PAA (User Space)
Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with PAA (Kernel Space)
Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without PAA (User Space)
Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without PAA (Kernel Space)
Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with PAA (User Space)
Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with PAA (Kernel Space)
Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without PAA (User Space)
Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without PAA (Kernel Space)
Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with PAA (User Space)
Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with PAA (Kernel Space)
UEFI Pre-boot (64-bit) running on a Apple MacBook Pro without PAA
UEFI Pre-boot (64-bit) running on a Apple MacBook Pro with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2182); DRBG (Cert. #255); HMAC (Cert. #1336); RNG (Cert. #1104); RSA (Cert. #1125); SHS (Cert. #1891); Triple-DES (Cert. #1382); Triple-DES MAC (Triple-DES Cert. #1382, vendor affirmed)

-Other algorithms: AES (Cert. #2182, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5; PKCS#5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant);
Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1954ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

Ben Davis
TEL: 760-476-2200
FAX: 760-929-3941

CST Lab: NVLAP 100432-0
Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; Firmware Version: 02.03.02)
(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/30/2013Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1203, #1204 and #2242); SHS (Certs. #1931 and #1932); HMAC (Cert. #1372); ECDSA (Cert. #351); RNG (Cert. #1121)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength)
Multi-chip standalone

"The Enhanced Bandwidth Efficient Modem (EBEM) is a high-performance multi-input/multi-output SCPC satellite modulator/demodulator that converts multiple baseband digital input signals into multiple waveform intermediate frequencies (IF) and vice-versa.The EBEM provides extensive backwards compatibility with fielded modem and crypto technology, while adding high-order terminal modulation and Turbo coding to further enhance bandwidth efficiency."
1953NXP Semiconductors
Mikronweg 1
Gratkorn 8101
Austria

Markus Moesenbacher
TEL: +43 3124 299 652
FAX: +43 3124 299 270

CST Lab: NVLAP 100432-0
NXP JCOP 2.4.2 R2
(Hardware Versions: P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R2 Mask ID 59 and patchID 3 with Demonstration Applet v1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/23/2013Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Certs. #1144 and #1145); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Certs. #2120, #2121, #2151 and #2152); SHS (Cert. #1553); RSA (Certs. #1090 and #1091); ECDSA (Cert. #317); CVL (Cert. #26)

-Other algorithms: HW RNG; RSA (non-compliant); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of security strength); AES (Certs. #2120 or #2151, key wrapping; key establishment methodology provides 128 bits of security strength)
Single-chip

"NXP J3D081, J2D081, J3D145, J2D145 Secure Smart Card Controller Revision 2"
1951Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-80C [1], FortiGate-110C [2], FortiGate-60C [3] and FortiWiFi-60C [4]
(Hardware Versions: C4BC61 [1], C4HA15 [2], C4DM93 [3] and C4DM95 [4] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1,2] or FIPS-SEAL-RED [3,4]; Firmware Versions: (FortiOS 4.0, build3830, 131223))
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/23/2013
11/08/2013
06/27/2014
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2607 and #2608); Triple-DES (Certs. #1424, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #2191 and #2192); HMAC (Certs. #1395, #1615 and #1616); RSA (Certs. #1168 and #1334)

-Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1950Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-1000C [1], FortiGate-1240B [2] and FortiGate-3140B [3]
(Hardware Versions: C4HR40 [1], C4CN43 [2] and C4XC55 [3] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3] or FIPS-SEAL-BLUE [2]; Firmware Versions: (FortiOS 4.0, build3767, 130923) [1] and (FortiOS 4.0, build3830, 131223) [2,3])
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/23/2013
11/08/2013
06/27/2014
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2279, #2607 and #2608); Triple-DES (Certs. #1425, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1959, #1960, #2191 and #2192); HMAC (Certs. #1396, #1397, #1615 and #1616); RSA (Certs. #1169, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1948Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Ross Choi
TEL: 972-761-7628

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0
Samsung OpenSSL Cryptographic Module
(Software Version: SFOpenSSL1.0.0e-1.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/16/2013Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2108); HMAC (Cert. #1282); SHS (Cert. #1831); Triple-DES (Cert. #1343); RSA (Cert. #1082); DSA (Cert. #658); RNG (Cert. #1083)

-Other algorithms: Blowfish; Triple-DES-CTR (non compliant); AES-CTR (non compliant); MD5; IDEA; RC2; RC4; Diffie-Hellman; md_rand.c
Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1943VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0
Evolution e8350™ - Satellite Router [1], iConnex e800™ - Satellite Router Board [2], iConnex e850MP™ Satellite Router Board [3], iConnex e850MP™ - IND Satellite Router Board [4], iConnex e850MP™ - IND with Heat Sink Satellite Router Board [5], Evolution eM1D1™ Line Card [6] and Evolution eM0DM™
(Hardware Version: Part #E0000051-0003 [1]; Part #E0001340-0002 [2]; Part #E0000731-0001 [3]; E0000731-0002 [4]; Part #E0000731-0003 [5]; Part #E0000080-0002 [6]; Part #E0000080-0005 [7]; Firmware Version: iDX version 2.3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/02/2013Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; PBKDF (non-compliant)
Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1942Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+
(Hardware Versions: Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+; FIPS kit packaging (CVPN4500FIPS/KIT=); Firmware Version: 3.3.1SG)
(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/02/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1977); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The fixed-aggregation Cisco Catalyst 4500-X Series Switches deliver best-in-class scalability, simplified network virtualization, and integrated network services for space-constrained environments in campus networks. The Catalyst 4500-X switches provide a secure and manageable platform that meets FIPS 140-2 Level 2 requirements."
1941IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0
Proventia GX Series Security Appliances
(Hardware Versions: GX7800 and GX7412; with FIPS-LABELS: FIPS 140 tamper evidence labels; Firmware Version: 4.3)
(When operated in FIPS mode when installed with Firmware v4.3 and with the tamper evidence seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/30/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #2006); HMAC (Cert. #1211); RNG (Cert. #1049); RSA (Cert. #1035); SHS (Cert. #1756)

-Other algorithms: RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1936Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, Taiwan 300
Republic of China

C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0
Mxtran Payeeton Solution
(Hardware Version: MX12E320128E; Firmware Version: Simker v3.20)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/24/2013Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1691); ECDSA (Cert. #340); HMAC (Cert. #1339); RNG (Cert. #1107); RSA (Cert. #1127); SHS (Cert. #1479); Triple-DES (Cert. #1091)

-Other algorithms: Triple-DES (Cert. #1091, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single-chip

"Mxtran Payeeton Solution of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via Short Message Service for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1934VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0
Evolution e8350™ - FIPSL2 Satellite Router [1], iConnex e800™ - FIPSL2 Satellite Router Board [2], iConnex e850MP™ - FIPSL2 Satellite Router Board [3], Evolution eM1D1™ - FIPSL2 Line Card [4] and Evolution eM0DM™ - FIPSL2 Line Card [5]
(Hardware Version: Part #E0000051-0005 [1]; Part #E0001340-0001 [2]; Part #E0000731-0004 [3]; Part #E0001306-0001 [4]; Part #E0001306-0002 [5]; Firmware Version: iDX version 2.3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/18/2013Overall Level: 1

-Physical Security: Level 2

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant)
Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1933Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode with Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758, Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module validated to FIPS 140-2 under Cert. #1901, Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module validated to FIPS 140-2 under Cert. #1757 and NSS Cryptographic Module validated to FIPS 140-2 under Cert. #1837, each module shall be obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policies specifies the precise RPM file containing each module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/15/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without PAA running on HP ProLiant DL585
Red Hat Enterprise Linux 6.2 with PAA running on IBM HS22
Red Hat Enterprise Linux 6.2 without PAA running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1657, #1658, #1659, #1660, #1661, #1662, #1663, #1664, #1725, #1726, #1741 and #1742); HMAC (Certs. #1128, #1129, #1130, #1131, #1132, #1133, #1134, #1135, #1199 and #1200); RNG (Certs. #988, #991, #992 and #993); DSA (Certs. #628, #629, #634 and #635); PBKDF (vendor affirmed)

-Other algorithms: DES; AES-CTR (non-compliant); AES-XTS (non-compliant); AES-CBC (non-compliant)
Multi-chip standalone

"Device-mapper is an infrastructure in the Linux kernel that provides a generic way to create virtual layers of block devices on top of real block devices. dm-crypt is a device-mapper target that provides transparent encryption of block devices using the Kernel Crypto API shipped with RHEL 6.2. The user can specify one of the symmetric ciphers, a key (of any allowed size), an IV generation mode which allows the user to create a new block device in /dev. Writes to this device will be encrypted and reads decrypted transparent to the user."
1932Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3] or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 8.4.4.1)
(Validated when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy and when operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2047, #2049 and #2050); HMAC (Certs. #125, #301, #1244, #1246 and #1247); RNG (Certs. #144, #329, #772, #1068 and #1070); RSA (Certs. #106, #261, #1064, #1065 and #1066); SHS (Certs. #196, #630, #1791, #1793 and #1794); Triple-DES (Certs. #217, #559, #960, #1320 and #1321)

-Other algorithms: DES; HMAC MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes"
1930SUSE Linux Products GmbH
Maxfeldstr. 5
Nuremberg 90409
Germany

Roman Drahtmüller
TEL: +49-911-74053127

CST Lab: NVLAP 200658-0
OpenSSL Module
(Software Version: 0.9.8j)
(The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in the security policy section 9.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/08/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 without PAA
SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 with PAA
SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 without PAA
SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2052, #2053, #2054 and #2055); Triple-DES (Certs. #1323 and #1324); DSA (Certs. #650 and #651); SHS (Certs. #1797 and #1798); RNG (Certs. #1073 and #1074); HMAC (Cert. #1249 and #1250); RSA (Certs. #1069 and #1070)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5
Multi-chip standalone

"The OpenSSL Module is a software library supporting FIPS 140-2 -approved cryptographic algorithms for the purposes of protecting data in transit and at rest on the SUSE Linux platforms."
1929Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SRA EX9000
(Hardware Version: P/N 101-500352-50 Rev A; Firmware Version: SRA 10.6.1)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2013
04/21/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4
Multi-chip standalone

"Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell SonicWALL Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices."
1928Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
CANADA

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Version: 1.0.1-2641 or 1.0.3-3047 or 1.1.0-3271 or 1.2.0-3400 or 1.2.1-3546)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2013
04/19/2013
07/05/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Cert. #1066); RSA (Cert. #1062)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box
Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
1925Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Ross Choi
TEL: 972-761-7628

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0
Samsung Key Management Module
(Software Version: KM1.1)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/04/2013Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 on Galaxy S2 and Galaxy S3
Android Jelly Bean 4.1 on Galaxy Note II (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143 and #2257); SHS (Certs. #1792, #1822, #1864, #1865 and #1944); RNG (Certs. #1069, #1080, #1097, #1098 and #1127); HMAC (Certs. #1245, #1273, #1309, #1310 and #1384); PBKDF (vendor affirmed)

-Other algorithms: N/A
Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1924 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP MSR30/50 Routers with Encryption Accelerator Modules
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-10 DC with JG585A and JG582A, HP MSR30-40 with JG585A and JG580A, HP MSR30-40 DC with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-60 DC with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR30-20 DC with JG585A and JG579A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A and HP MSR50-60 with JG586A and JG584A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/26/2013
10/25/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Certs. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1923Crossbeam Systems, Inc.
80 Central Street
Boxborough, MA 01719
USA

CST Lab: NVLAP 200556-0
X60 and X80-S Platforms
(Hardware Versions: (APM-9600, CPM-9600, NPM-9610 and NPM-9650) with XS-FIPS-LABEL-KIT; Firmware Version: XOS v9.9.0.0)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #1877 and #1878); Triple-DES (Certs. #1220 and #1221); RSA (Cert. #958); SHS (Certs. #1650 and #1651); RNG (Certs. #983); DSA (Cert. #587)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (Cert #961; non-compliant); PRNG (Cert #986; non-compliant); DSA (Cert #590; non-compliant); Blowfish; RC4; CAST128
Multi-chip standalone

"Crossbeam’s X-Series network security platform offers enterprises, service providers and governments an open, high-performance architecture that easily scales multiple security applications to meet changing security threats. Crossbeam intelligently manages risk and protects businesses from evolving threats."
1915Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Ross Choi
TEL: 972-761-7628

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Versions: SKC1.4.1, SKC 1.4.1.1 and SKC.1.4.1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/20/2013
05/23/2013
06/21/2013
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S3
Android Jelly Bean 4.1 running on Note II
Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2056, #2097, #2141, #2144, #2256 and #2392); SHS (Certs. #1799, #1821, #1863, #1866, #1943 and #2054); RNG (Certs. #1075, #1079, #1096, #1099, #1126 and #1184); Triple-DES (Certs. #1325, #1334, #1361, #1362, #1411 and #1491); HMAC (Certs. #1251, #1272, #1308, #1311, #1383 and #1483)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)
Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1914 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP MSR30/50 Routers
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-20 with JG585A and JG579A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR 30-40 PoE with JG585A and JG580A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A, HP MSR50-60 with JG586A and JG584A, HP MSR50-40 DC with JG586A and JG583A and HP MSR50-60 DC with JG586A and JG584A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1913 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP A-Series Routers
(Hardware Versions: HP 6602 with JG586A and JG575A, HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1912Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP Networking Switches
(Hardware Versions: HP 5120-24G EI with JG585A and JG557A, HP 5120-48G EI with JG585A and JG557A, HP 5120-24G-PoE+ EI with JG585A and JG559A, HP 5120-48G-PoE+ EI with JG585A and JG559A, HP 5500-24G EI with JG585A and JG557A, HP 5500-24G-PoE+ EI with JG585A and JG559A, HP 5500-24G-SFP EI with JG585A and JG558A, HP 5500-48G EI with JG585A and JG557A, HP 5500-48G-PoE+ EI with JG585A and JG559A, HP 5800-24G with JG585A and JG563A, HP 5800-24G-PoE+ with JG585A and JG560A, HP 5800-24G-SFP with JG585A and JG562A, HP 5800-48G with JG585A and JG563A, HP 5800-48G-PoE with JG585A and JG560A, HP 5800-48G-2slot with JG585A and JG561A, HP 5820-14XG-SFP with JG585A and JG561A, HP 5820-24XG-SFP with JG585A and JG564A, HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/20/2013
07/31/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter application and are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes fixed-port L2/L2+ managed Ethernet switch appliances, fixed-port L3 managed Ethernet switch appliances, and modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1911 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP A-Series Routers with VPN Firewall Module
(Hardware Versions: HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1910Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP Networking Switches with VPN Firewall
(Hardware Versions: HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Firmware Version: 5.2; Software Version: 5.2)
(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013
07/31/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter applicationan are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1909Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747
FAX: n/a

CST Lab: NVLAP 100432-0
Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K-K9 [B, C, D], WS-SVC-WISM2-K-K9= [B, C, D], WS-SVC-WISM2-K9= [A, B, C, D], WS-SVC-WISM2-5-K9= [A, B, C, D], WS-SVC-WISM2-3-K9= [A, B, C, D], WS-SVC-WISM2-1-K9= [A, B, C, D], WS-SVC-WISM2-5-K9 [A, B, C, D], WS-SVC-WISM2-3-K9 [A, B, C, D] or WS-SVC-WISM2-1-K9 [A, B, C, D]]; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1, or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.230.0 [A], 7.2.103.0 [B], 7.2.115.1 [C] or 7.2.115.2 [D])
(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013
05/16/2013
07/12/2013
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1908Panzura, Inc.
22 Great Oaks Blvd # 150
San Jose, CA 95119
USA

Randy Chou
TEL: 408-457-8504

CST Lab: NVLAP 100432-0
Panzura Cryptographic Module 4.2
(Software Version: 4.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/20/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Panzura Cloud Controller 8.0 running on Dell PowerEdge R410 with PAA
Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 with PAA
Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2269); DRBG (Cert. #278); DSA (Cert. #707); HMAC (Cert. #1389); RNG (Cert. #1130); RSA (Cert. #1162); SHS (Cert. #1951); Triple-DES (Cert. #1417); ECDSA (Cert. #366); CVL (Cert. #42)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)
Multi-chip standalone

"The Panzura Cryptographic Module provides validated cryptographic services for multiple Panzura products."
1907Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco Aironet® CAP3602E and CAP3602I Wireless LAN Access Points
(Hardware Versions: CAP3602E Revision B0 and CAP3602I Revision B0; FIPS Kit AIR-AP-FIPSKIT=, Version B0; Firmware Versions: 7.2.103.0, 7.2.115.1 or 7.2.115.2)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/14/2013
05/03/2013
05/16/2013
07/12/2013
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1991, #1992 and #1993); HMAC (Certs. #1204 and #1205); RNG (Cert. #1046); RSA (Cert. #1033); SHS (Certs. #1746 and #1747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5
Multi-chip standalone

"The Cisco Aironet® 3600 Series sustains reliable connections at higher speeds further from the access point than competing solutions, resulting in up to three times more availability of 450 Mbps rates, and optimizing the performance of more mobile devices. Cisco Aironet® 3600 Series is an innovative, modular platform that offers unparalleled investment protection with future module expansion to support incoming 802.11ac clients with 870 Mbps rates, or offer comprehensive security and spectrum monitoring and control."
1902Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey S250/D250
(Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.5.0)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/21/2013
03/08/2016
05/31/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip standalone

"The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1901Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/21/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without PAA running on HP ProLiant DL585
Red Hat Enterprise Linux 6.2 with PAA running on IBM HS22
Red Hat Enterprise Linux 6.2 without PAA running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs. #628, #629, #634 and #635)

-Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant)
Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1900Gemalto
Avenue du Pic de Bertagne - BP100
Gemenos 13881
France

Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 100432-0
MultiApp ID V2.1 Platform
(Hardware Versions: P5CC081 [1] and P5CC145 [2]; Firmware Versions: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/21/2013Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17)

-Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman
Single-chip

"MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment."
1891Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft Windows Storage Server 2012 Kernel Mode Cryptographic Primitives Library (CNG.SYS)
(Software Version: 6.2.9200)
(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
Multi-chip standalone

"Kernel Mode Cryptographic Primitives Library (CNG.SYS) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet).This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1890IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0
SiteProtector Cryptographic Module
(Software Version: 1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/19/2013Overall Level: 2

-Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS Approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1888Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco Aironet 1552E Outdoor Access Point
(Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1, 7.2.115.2 or 7.0.251.2)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/11/2013
03/28/2013
05/03/2013
05/16/2013
07/12/2013
02/20/2014
02/20/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5
Multi-chip standalone

"The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera."
1886Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200427-0
DMD2050E TRANSEC Module
(Hardware Versions: PL-0000192-1, Revision A; Firmware Version: 1.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/08/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5
Multi-chip embedded

"The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic."
1882Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

Entrust Sales

CST Lab: NVLAP 100432-0
Entrust IdentityGuard PIV Credential
(Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799)
(When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9)

PIV Certificate #33

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/08/2013
02/06/2014
05/28/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5); CVL (Certs. #219 and #223)

-Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single-chip

"The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model."
1879TechGuard Security
28 Hawk Ridge Circle
Suite 107
Lake St. Louis, MO 63367
USA

David Maestas
TEL: 636-489-2230

CST Lab: NVLAP 200002-0
PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance
(Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/04/2013Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries."
1877Palo Alto Networks
3300 Olcott Street
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

CST Lab: NVLAP 100432-0
PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls
(Hardware Versions: HW P/Ns 910‐000006‐00O Rev. O with FIPS Kit P/N 920‐000005‐00A Rev. A (PA‐500), 910‐000094‐00O Rev. O with FIPS Kit P/N 920‐000005‐00A (PA‐500‐2GB), 910‐000004‐00Z Rev. Z with FIPS Kit P/N 920‐000004‐00A Rev. A (PA‐2020), 910‐000003‐00Z Rev. Z with FIPS Kit P/N 920‐000004‐00A Rev. A (PA‐2050), 910‐000002‐00AB Rev. AB with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4020), HW P/N 910‐000001‐00AB Rev. AB with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4050), 910‐000005‐00S Rev. S with FIPS Kit P/N 920‐000003‐00A Rev. A (PA‐4060), 910‐000010‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5020), 910‐000009‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5050) and 910‐000008‐00F Rev. F w/ FIPS Kit P/N 920‐000037‐00A Rev. A (PA‐5060); Firmware Version: 4.0.10 or 4.0.12‐h2)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/30/2013
08/16/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES
Multi-chip standalone

"The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications."
1875Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0, 7.0.240.0, 7.0.250.0 or 7.0.251.2)
(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/2013
02/20/2014
02/20/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1874Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0
IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/18/2013Overall Level: 2

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI
Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1872McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 4150F
(Hardware Versions: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/08/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1871McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 2150F
(Hardware Versions: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/08/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1870McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100F
(Hardware Versions: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/08/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1869WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0
XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23]
(Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/21/2012Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5
Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1868Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

Main Office
TEL: 601-519-0123
FAX: 601-510-9080

Stella Kwon
TEL: 703-736-8363
FAX: 601-510-9080

CST Lab: NVLAP 200002-0
B200™, B300™ and B400™ Remote Support Appliances
(Hardware Versions: B200 [1], B300r1 [2], B300r2 [4] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3,4]; Front Bezels: (FB000300 [2,4] and FB000400 [3]); Firmware Versions: 3.3.2FIPS [1,2,3], 3.4.0FIPS [1,2], 3.4.1FIPS [1,2] and 3.5.1FIPS [1,2,4]; Software Versions: 12.1.6FIPS [1,2,3], 13.1.3FIPS [1,2] and 14.3.3FIPS [1,2,4])
(When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/15/2013
04/08/2014
10/31/2014
07/06/2015
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #2219, #2543, #3033 and #3340); Triple-DES (Certs. #1389, #1538, #1774 and #1909); RSA (Certs. #1136, #1297, #1575 and #1715); SHS (Certs. #1910, #2143, #2531 and #2774); HMAC (Certs. #1350, #1564, #1915 and #2130); RNG (Certs. #1113, #1208, #1311 and #1372)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5
Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1866Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0
FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/19/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES
Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2] or ArubaOS_MMC_6.1.4.5-FIPS [1] and Dell_PCW_MMC_6.1.4.5-FIPS [2] or ArubaOS_MMC_6.1.4.7-FIPS [1] and Dell_PCW_MMC_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/18/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1861RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200900-0
RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks)
(Software Version: 3.0.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/10/2012
02/12/2016
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with VxWorks (single user mode)

-FIPS Approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman
Multi-chip standalone

"A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1857SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0
Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)
(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)
Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0
Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)
(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/29/2012
12/03/2012
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)
Multi-chip embedded

"Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1855Nexus Wireless
Artists Court
15 Manette Street
London W1D 4AP
United Kingdom

Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0
Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/18/2013Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)
Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment.The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification.The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1853Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.230.0, 7.0.240.0, 7.0.250.0 or 7.0.251.2)
(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
02/20/2014
02/20/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0
FortiWiFi-60C
(Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Control Center
(Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
12/12/2012
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 3.0.0.16 [1], 3.0.0.20 [2] and 3.0.0.25 [3])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/29/2012
01/24/2013
06/24/2013
07/23/2015
02/12/2016
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) [1]
Wind River VxWorks General Purpose Platform 6.8 running on a Fuji Xerox 960K 61580 [2]
Wind River VxWorks General Purpose Platform 6.8.2 running on an Arm11 MPCore [3] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2018 [1], #2485 [2], and #3429 [3]); DRBG (Certs. #192 [1], #343 [2], and #830 [3]); DSA (Certs. #643 [1], #765 [2], and #966 [3]); ECDSA (Certs. #293 [1], #294 [1], #414 [2], #416 [2], #688[3] and #691 [3]); HMAC (Certs. #1222 [1], #1527 [2], and #2181 [3]); RNG (Certs. #1058 [1], #1203 [2], and #1373 [3]); RSA (Certs. #1047 [1], #1274 [2], and #1755 [3]); SHS (Certs. #1768 [1], #2103 [2] and #2829 [3]); Triple-DES (Certs. #1303 [1], #1523 [2], and #1934 [3])

-Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)
Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/06/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 4150E
(Hardware Versions: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/19/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 2150E
(Hardware Versions: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/19/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100E
(Hardware Versions: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/19/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)
(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0
Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)
(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

PIV Certificate #30

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A
Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
04/21/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4
Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the Dell SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841InZero Systems
13755 Sunrise Valley Drive
Suite 750
Herndon, VA 20171
USA

FIPS Product Team
TEL: 703-636-2048
FAX: 703-793-1805

CST Lab: NVLAP 200002-0
InZero Gateway
(Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1840Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS or ArubaOS_MMC_6.1.4.1-FIPS or ArubaOS_MMC_6.1.4.5-FIPS or ArubaOS_MMC_6.1.4.7-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/11/2013
03/08/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1838Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points
(Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/08/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1836RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200900-0
RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS)
(Software Versions: 3.0.0.1 and 3.0.0.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/08/2012
02/12/2016
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with pSOS (single user mode)

-FIPS Approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman
Multi-chip standalone

"A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1834Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0
FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3]
(Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/08/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1833Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200968-0
Fusion 802.1x Authentication Supplicant
(Software Version: H_3.40.0.0.19)
(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/07/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002
Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. #1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4
Multi-chip standalone

"Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government"
1832Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0
FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1830Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0
FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Versions: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0
Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.230.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012
05/16/2013
07/12/2013
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points
(Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0
Symantec Scanner Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/05/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with CentOS 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1825TIBCO LogLogic®, Inc.
110 Rose Orchard Way
Suite 200
San Jose, CA 95134
USA

Thor Taylor
TEL: 408-215-5941

Phuong Hoang
TEL: (408) 731-7022

CST Lab: NVLAP 200928-0
LogLogic Communications Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/25/2013Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data."
1822Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0
iButton Postal Security Device
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/01/2012Overall Level: 3

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526)

-Other algorithms: N/A
Multi-chip standalone

"The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

Samik Halai
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0
Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2]
(Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/01/2012Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666)

-Other algorithms: NDRNG
Multi-chip standalone

"The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/05/2012
01/24/2013
11/14/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0
Symantec Control Center Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/12/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5
Multi-chip standalone
1816Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey S250/D250
(Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64 and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.0.1 or 4.0.2)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2012
01/04/2013
03/08/2016
05/26/2016
05/26/2016
05/26/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points
(Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2012
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814Websense, Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0
Crypto Module C
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/11/2012
01/22/2013
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2
32-bit Red Hat Enterprise Linux 6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant)
Multi-chip standalone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

Guillaume Gavillet
FAX: 408-936-1801

Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0
Junos-FIPS 10.4 L2 OS Cryptographic Module
(Firmware Version: 10.4R5)
(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware10/11/2012Overall Level: 2

-Design Assurance: Level 3
-Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]
Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6])
Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5])
Blanking Plate (540-015089 Rev02 [5])
Control Boards: (750-009188 [2] and 750-024570 [6])
with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6])

-FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Control Center Virtual Appliance
(Software Versions: 5.2.0 and 5.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/11/2012
10/31/2012
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with CGLinux (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1810Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0
FortiGate-1240B [1] and FortiGate-3140B [2]
(Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Versions: FortiOS 4.0, build8892, 111128)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1803Websense, Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0
Crypto Module Java
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/25/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5
Multi-chip standalone

"The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01))
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/07/2012Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96
Multi-chip standalone

"The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1799Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0
CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/04/2012
03/08/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0
CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/06/2012
03/08/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps."
1797Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0
CEP10G VSE
(Hardware Versions: [CEP10G VSE, A]; Firmware Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/04/2012
03/08/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps."
1796Brocade Communications Systems, Inc.
130 Holger W
San Jose, CA 95134
USA

Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch
(Hardware Versions: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B])
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/31/2012Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96
Multi-chip standalone

"The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
1795Giesecke+Devrient Mobile Security America Inc.
45925 Horseshoe Drive
Dulles, VA 20166
USA

Jatin Deshpande
TEL: 669-999-6323
FAX: 650-312-8129

Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0
Sm@rtCafé Expert 6.0 FIPS
(Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/2012
07/14/2017
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength)
Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1793HID Global
15370 Barranca Pkwy
Irvine, CA 92618
USA

Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 100432-0
HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2
(Hardware Version: P/N P5CD145; Firmware Versions: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1)

PIV Certificate #29

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2012
02/06/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885); CVL (Cert. #219)

-Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
1792Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/24/2012
10/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1791Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/24/2012
10/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1790ARX (Algorithmic Research)
10 Nevatim Street
Petah-Tikva 49561
Israel

Ezer Farhi
TEL: +972-39279529
FAX: +972-39230864

CST Lab: NVLAP 200002-0
PrivateServer
(Hardware Version: 4.7; Firmware Version: 4.8.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196)

-Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; DES MAC
Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1789McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Versions: 7.0.1.03 and 8.2.0)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1788Q1 Labs
890 Winter Street
Suite 230
Waltham, MA 02451
USA

Ellen Knickle
TEL: 506-444-6870
FAX: 506-459-7016

Peter Clark
TEL: 506-635-4900
FAX: 506-459-7016

CST Lab: NVLAP 200427-0
Cryptographic Security Kernel
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/22/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7
CentOS 5.7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5, RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
1787GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

Pranay Kumar
TEL: 877-743-2872
FAX: (877) 643-2872

CST Lab: NVLAP 100432-0
IMB
(Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2012Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box
Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
1784Hewlett-Packard Company
8000 Foothills Blvd
Rosevillle, CA 95747
USA

Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0
HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series
(Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B] [C]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B] [C]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B] [C]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B] [C]); Fabric Module: (two J9093A [3,4] [A] [B] [C]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A], K.15.07.0012 [B] and K.15.09.0004 [C])
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/15/2012
12/13/2012
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership."
1782SafeNet, Inc.
20 Colonnade Drive
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200427-0
ProtectServer Internal Express (PSI-e)
(Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00, 3.20.01, 3.20.05, 3.20.09 and 3.20.10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012
11/05/2012
10/16/2014
01/27/2016
07/07/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)
Multi-chip embedded

"The SafeNet PSI-e is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), anextensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for keystorage, a hardware random number generator, and an RTC."
1781Valid S/A
Av. Paulista, 1000, terreo
Sao Paulo 01310-100
Brazil

Carlos Okada
TEL: +55 11 2575-6800
FAX: +55 11 2575-6500

CST Lab: NVLAP 100432-0
IDflex V
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)
Single-chip

"IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1777Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Nathan Turajski
TEL: 954-888-6201

CST Lab: NVLAP 200427-0
Thales e-Security keyAuthority®
(Hardware Version: 1.0; Firmware Version: 3.0.3)
(This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/07/2012Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices."
1776SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0
Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/01/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1775SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0
Luna® PCM Key Export (KE) Cryptographic Module
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/01/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1774SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0
Luna® PCM
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/01/2012Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1772Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

Guillaume Gavillet
FAX: 408-936-1801

Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0
Junos-FIPS 10.4 L1 OS Cryptographic Module
(Firmware Version: 10.4R5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/31/2012Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i]

-FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip embedded

"Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1771Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Version: 5.5 or 5.5.7.2)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/31/2012
08/07/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1769Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, Québec H4S 0A4
Canada

Gilbert Moineau
TEL: 514-920-4250

CST Lab: NVLAP 200002-0
HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller
(Hardware Versions: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Versions: 5.6.0 [A] and K.15.07.0003 [B])
(When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921)

-Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions."
1768Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3]
(Hardware Versions: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Version: 5.5 or 5.5.7.2)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/2012
08/07/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1765Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0
BlackBerry Cryptographic Java Module
(Software Versions: 2.8 and 2.8.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/31/2012
10/10/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit
Solaris 10, 64-bit
Red Hat Linux AS 5.5, 32-bit
Red Hat Linux AS 5.5, 64-bit
Windows Vista, 32-bit
Windows Vista, 64-bit
Windows 2008 Server, 64-bit] (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products."
1763Motorola Solutions, Inc.
Unit A1, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

Richard Carter
TEL: +44 1364 655504
FAX: +44 1364 654625

CST Lab: NVLAP 100432-0
Motorola PTP 800 Series CMU Cryptographic Module
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG
Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1761Motorola Solutions, Inc.
1303 E. Algonquin Rd
Schaumburg, IL 60196
USA

Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0
Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RADIUS
Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1760Catbird Networks, Inc.
1800 Green Hills Road
Suite 113
Scotts Valley, CA 95066
USA

Michael Berman
TEL: 800-673-6775

CST Lab: NVLAP 100432-0
Catbird vSecurity Crypto Module v1.0
(Software Version: v1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/2012Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)
Multi-chip standalone

"Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track."
1759Cummings Engineering Consultants, Inc.
145 S. 79th St.
Suite 26
Chandler, AZ 85226
USA

Darren Cummings
TEL: 480-809-6024

CST Lab: NVLAP 100432-0
Cummings Engineering's Secure Mobility Suite B Crypto Module
(Software Version: v1.0 or v1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/2012
04/19/2013
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Tested Configuration(s): Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON
Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON
Ubuntu 10.04 running on Intel Pentium
Fedora 14 running on Intel Core i5 with PAA
Windows 7 running on Intel Core i5 with PAA
Windows 7 running on Intel Celeron
Android 2.2 running on Intel Pentium
Android 2.2 running on Intel Core i5 with PAA: Apple OS X 10.7 running on Intel Core i7-3615QM
Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1916 and #2373); DRBG (Certs. #161 and #309); DSA (Certs. #607 and #744); HMAC (Certs. #1151 and #1475); RNG (Certs. #1007 and #1178); RSA (Certs. #984 and #1228); SHS (Certs. #1681 and #2045); Triple-DES (Certs. #1246 and #1484); ECDSA (Certs. #272 and #391); CVL (Certs. #13 and #64)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)
Multi-chip standalone

"Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens."
1758Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/2012
10/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs. #1129, #1130, #1134 and #1135)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2."
1757Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001


TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/2012
10/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2."
1756Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2]
(Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters."
1755Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
NetScreen-5200 [1] and Netscreen-5400 [2]
(Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/27/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1754Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0
FortiOS™
(Firmware Version: 4.0 MR3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware07/17/2012Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested: FortiGate 3950B

-FIPS Approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1753Utimaco® Safeware AG
Hohemarkstrasse 22
Oberursel, Hessen D-61440
Germany

Dr. Gesa Ott
TEL: +49 241-1696-200
FAX: +49 241-1696-199

CST Lab: NVLAP 100432-0
SafeGuard® CryptoServer Se
(Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/24/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant)
Multi-chip embedded

"SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1752Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Ken Fuchs
TEL: 847-387-2670

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2012
07/18/2012
12/12/2012
01/10/2014
01/30/2017
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR
Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1751Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Ken Fuchs
TEL: 847-387-2670

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2012
07/18/2012
12/12/2012
01/10/2014
01/30/2017
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR
Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1748Vocality International Ltd
Lydling Barn, Puttenham Lane
Shackleford, Surrey GU8 6AP
United Kingdom

Martin Saunders
TEL: +44 1483 813130
FAX: +44 1483 813121

CST Lab: NVLAP 100432-0
BASICS IP PC104
(Hardware Version: 68551-01-1/68551C6; Firmware Version: 08_42.05)
(When configured in FIPS mode as specified in Section 8 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2012Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip embedded

"The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones."
1745Vormetric, Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0
Vormetric Data Security Server Module
(Hardware Version: 1.0; Firmware Version: 4.4.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/25/2012Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
1735IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0
IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid06/25/2012Overall Level: 1

-Cryptographic Module Specification: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2
Multi-chip standalone

"z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
1734Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
IronKey S250/D250
(Hardware Versions: P/Ns D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, IKS250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB], D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32, D2-D250-B64, and IKD250 Series [1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB]; Firmware Version: 4.0.0)
(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/2012
03/08/2016
05/26/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The IronKey S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1732Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Gorczyca

CST Lab: NVLAP 200556-0
Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0.0.2)
(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/20/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES
Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1731Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
SSG 320M and SSG 350M
(Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/12/2012
07/24/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters."
1730Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks SSG 520M and SSG 550M
(Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/12/2012
07/24/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters."
1728Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 100432-0
Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0)
(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/01/2012
06/21/2012
03/13/2015
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM
Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1727Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2] or ArubaOS_6xx_6.1.4.5-FIPS [1] and Dell_PCW_6xx_6.1.4.5-FIPS [2] or ArubaOS_6xx_6.1.4.7-FIPS [1] and Dell_PCW_6xx_6.1.4.7-FIPS [2])
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/24/2012
01/24/2013
07/26/2013
01/23/2014
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform."
1726Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0
Voltage IBE Cryptographic Module for z/OS
(Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Firmware Version: 4764-001(2096a16d); Software Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid05/31/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108

-FIPS Approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139)

-Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES
Multi-chip standalone

"The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic."
1724Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

Tim Young
TEL: 301-428-1632

CST Lab: NVLAP 200427-0
Hughes SPACEWAY Crypto Kernel
(Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware05/23/2012Overall Level: 1


-Tested: ST HN9500 with VxWorks 5.4
AGW2 with VxWorks 5.4
AGW5 with VxWorks 5.4

-FIPS Approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone

"The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1723Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
SSG 140
(Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/23/2012
07/24/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters."
1721Vormetric, Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0
Vormetric Encryption Expert Cryptographic Module
(Software Version: 4.4.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/23/2012
06/05/2012
Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows 2003 32-bit
Windows 2008 64-bit
Solaris 10 64-bit
Redhat Linux 5.7 64-bit
HPUX 11i v3 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
mRevenector 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/23/2012Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346)

-Other algorithms: NDRNG
Multi-chip embedded

"mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1719Green Hills Software
30 W Sola Street
Santa Barbara, CA 93101
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-3915

CST Lab: NVLAP 200427-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 1.0.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/22/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with RHEL 5
Green Hills Software INTEGRITY OS v5.0.11 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546)

-Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (non-compliant)
Multi-chip standalone

"Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems."
1718Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks LN1000 Mobile Secure Router
(Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/07/2012
12/11/2013
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1716

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/02/2012Overall Level: 2

Multi-chip standalone
1715Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, Québec H4S 0A4
Canada

Gilbert Moineau
TEL: 514-920-4250

CST Lab: NVLAP 200002-0
HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9]
(Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/03/2012Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916)

-Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength)
Multi-chip standalone

"The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn."
1714Honeywell Scanning and Mobility (HSM) - USA
700 Visions Dr, PO Box 208
Building A
Skaneateles Falls, NY 13153-0208
USA

Mike Robinson
TEL: 315-554-6387
FAX: 856-232-2932

Tom Amundsen
TEL: 856-374-5589
FAX: 856-232-2932

CST Lab: NVLAP 200928-0
Scanning and Mobility FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/11/2012
07/12/2012
Overall Level: 1


-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025
ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1713Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0
BlackBerry Cryptographic Library
(Software Versions: 2.0.0.10 and 2.0.0.11)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/03/2012
01/24/2013
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)
Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products."
1710Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0
NSS Freebl Cryptographic Module
(Software Version: 3.12.9.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/30/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #602); SHS (Cert. #1675)

-Other algorithms: MD2; MD5
Multi-chip standalone

"The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1709Hewlett-Packard TippingPoint
14231 Tandem Blvd
Austin, TX 78728
USA

Dinesh Vakharia
TEL: 512-432-2628

Freddie Jimenez Jr.
TEL: 512-432-2907

CST Lab: NVLAP 200427-0
HP TippingPoint Intrusion Prevention System
(Hardware Version: S6100N; Firmware Version: 3.2.1.1639)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/27/2012Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).
Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1707Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0
FortiMail-3000C
(Hardware Version: C4GY52; Firmware Versions: FortiMail 4.0, build0369, 110615)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/12/2012Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1706Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0
FortiMail™ OS
(Firmware Versions: FortiMail 4.0, build0369, 110615)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware04/12/2012Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested: FortiMail-3000C

-FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1704Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks SRX650 Services Gateways
(Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/05/2012
12/11/2013
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1703S&C Electric Company
6601 Northridge Boulevard
Chicago, IL 60626-3997
USA

Prakash Ramadass
TEL: 510-749-5648
FAX: 510-864-6860

CST Lab: NVLAP 100432-0
IntelliCom WAN 1720
(Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/03/2012Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"IntelliCom™ WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node."
1701Apple Inc.
11921 Freedom Drive
Reston, VA 20190
USA

Shawn Geddis
TEL: 703-264-5103

CST Lab: NVLAP 200002-0
Apple FIPS Cryptographic Module
(Software Version: 1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/30/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216)

-Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant key generation)
Multi-chip standalone

"Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications."
1700Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs)
(Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Versions: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/28/2012
04/02/2012
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength)
Multi-chip standalone

"The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients."
1699McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369

CST Lab: NVLAP 200556-0
McAfee EMM Cryptographic Module
(Software Version: 1.0)
(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/28/2012Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081)

-Other algorithms: N/A
Multi-chip standalone

"The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for Pre-boot
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0017

Security Policy
Software03/28/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044)

-Other algorithms: N/A
Multi-chip standalone

"HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for Kernel-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0016

Security Policy
Software03/28/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional
Windows Vista Ultimate
Windows 7 Ultimate
Windows 7 Ultimate 64bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052)

-Other algorithms: N/A
Multi-chip standalone

"HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode.Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for User-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0015

Security Policy
Software03/28/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional
Windows Vista Ultimate
Windows 7 Ultimate
Windows 7 Ultimate 64bit
Linux Kernel 2.6 (Fedora 12) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125)

-Other algorithms: N/A
Multi-chip standalone

"HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode.Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695NEC Corporation
1753
Shimonumabe
Nakahara-ku
Kawasaki, Kanagawa 211-8666
Japan

NEC Corporation
TEL: +81-44-455-8326

CST Lab: NVLAP 200835-0
iPASOLINK MODEM AES Card
(Hardware Version: 5.00; Firmware Version: NWA-055300-004)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/18/2012Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #1834)

-Other algorithms: N/A
Multi-chip embedded

"iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1692IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Firmware Version: 4765-001 (e1ced7a0); Software Versions: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid03/12/2012Overall Level: 1

-Cryptographic Module Specification: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C))
Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant)
Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1691

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012Overall Level: 3

Multi-chip standalone
1690Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0
Protiva PIV v1.55 on TOP DL v2
(Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55)
(When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

PIV Certificate #27

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A
Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1689Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G
(Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2 or 9.4(2))
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012
12/31/2014
Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1688Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 200427-0
Momentus® FDE Attached Storage Drives FIPS 140 Module
(Hardware Version: ST9500326AS; Firmware Version: 566)
(When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697)

-Other algorithms: DES
Multi-chip embedded

"The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1687Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

Shinichi Shimazaki
TEL: +81-29-856-0154
FAX: +81-29-859-0320

Ikuo Shionoya
TEL: +81-29-856-0154
FAX: +81-29-859-0320

CST Lab: NVLAP 200928-0
Command Encryption Module
(Firmware Version: 2.0)
(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware03/30/2012Overall Level: 2

-EMI/EMC: Level 3
-Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000

-FIPS Approved algorithms: Triple-DES (Cert. #1119)

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2]
(Software Version: 6.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/09/2012Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA
Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with PAA
Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with PAA) [1]
(McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without PAA
McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with PAA) [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Certs. #1124 and #1125); SHS (Certs. #1653 and #1654);

-Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength)
Multi-chip standalone
1685ZyFLEX Technologies Incorporation
4F, No.5-2, Industry E. 9th Rd.
Science Park Hsinchu
Hsin-Chu, Taiwan 30075
Republic of China

Nick Tseng
TEL: +886-3-5679168
FAX: +886-3-5679188

CST Lab: NVLAP 200824-0
ZyFLEX Crypto Module ZCM-100
(Hardware Version: AAM; Firmware Version: 1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip embedded

"ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio."
1684Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Vinnie Moscaritolo
TEL: 650-527-9000

CST Lab: NVLAP 200802-0
PGP Cryptographic Engine
(Software Version: 4.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/24/2012Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.7
IOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043)

-Other algorithms: AES (EME2 mode; non-compliant)
Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1683UTC Fire & Security Americas Corporation, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

Michael O’Brien
TEL: 585-267-8345
FAX: 585-248-9185

CST Lab: NVLAP 100432-0
Lenel OnGuard Communication Server
(Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500)
(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/15/2012
08/14/2015
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7
Microsoft Windows Server 2008 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1650); RNG (Cert. #882)

-Other algorithms: RC2
Multi-chip standalone

"The Lenel OnGuard Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1682Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0
Voltage IBE Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/14/2012
02/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit
Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115)

-Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 112 bits encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman; DES
Multi-chip standalone

"Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES"
1681Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

Vinnie Moscaritolo
TEL: 650-527-8000

CST Lab: NVLAP 200802-0
PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 4.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/28/2012Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP Professional SP3
Mac OS X 10.7
Linux, 32-bit: CentOS 5.5
iOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing
Multi-chip standalone

"The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1680Absolute Software Corporation
Suite 1600, Four Bentall Centre
1055 Dunsmuir Street
PO Box 49211
Vancouver, BC V7X 1K8
Canada

Tim Parker
TEL: 604-730-9851 ext. 194
FAX: 604-730-2621

CST Lab: NVLAP 200556-0
Absolute Encryption Engine
(Software Version: 1.2.0.46)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/14/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit
Windows 7 32-bit
Windows XP 32-bit
Windows Vista 32-bit
Windows Vista 64-bit
Red Hat Enterprise Linux (RHEL) 6 32-bit
Mac OS X v10.6.7 32-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1610); RNG (Cert. #864)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)
Multi-chip standalone

"Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product."
1679Senetas Corporation Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

Horst Marcinsky
TEL: +61 (3) 9868 45555
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200426-0
CN1000 Fibre Channel Encryptor
(Hardware Version: A5175B; Firmware Version: 1.9.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/14/2012Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
1678Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0
StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0
(Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/09/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength)
Multi-chip standalone

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0
(Software Version: 6.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/09/2012Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA
Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with PAA
Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654)

-Other algorithms: RC5; AES (non-compliant)
Multi-chip standalone
1676Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0
Symantec Java Cryptographic Module Version 1.1
(Software Version: 1.1)
(When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/09/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0
Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant)
Multi-chip standalone

"The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1675Uplogix, Inc.
7600B N. Capital of Texas Highway
Austin, TX 78731
USA

Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0
Uplogix 430 [1] and 3200 [2]
(Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2012Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)
Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally.Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
1673Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0
Secure Router 2330
(Hardware Versions: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100)
(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2012Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert. #942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80)

-Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant)
Multi-chip standalone

"The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module
(Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Firmware Versions: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0); Software Versions: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid02/06/2012Overall Level: 1

-Cryptographic Module Specification: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool
Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1671Sensage, Inc.
1400 Bridge Parkway
Suite 202
Redwood City, CA 94065
USA

Brad Kekst
TEL: 415-215-3567
FAX: 650-631-2810

Rao Yendluri
TEL: 650-830-0484
FAX: 650-631-2810

CST Lab: NVLAP 200002-0
CryptoCore Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/06/2012Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1
Redhat Enterprise Linux Version 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product."
1670Dolby Laboratories, Inc.
100 Potrero Avenue
San Francisco, CA 94103
USA

Dean Bullock
TEL: 415-645-5336
FAX: 415-645-4000

CST Lab: NVLAP 100432-0
CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC
(Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/2012
02/09/2012
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Multi-chip embedded

"The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1668Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Common Cryptographic Module (C3M)
(Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid01/19/2012
02/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with PAA
Red Hat Enterprise Linux v5 running on Intel Xeon with PAA or Intel Core i7 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1667Qube Cinema, Inc.
601 S. Glenoaks Blvd.
Ste. 102
Burbank, CA 91502
USA

Rajesh Ramachandran
TEL: 818-392-8155
FAX: 818-301-0401

CST Lab: NVLAP 100432-0
Secure Media Block
(Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/2012
06/21/2012
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5
Multi-chip embedded

"The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium."
1666Motorola Mobility, Inc.
600 North US Highway 45
Libertyville, IL 60048
USA

Ed Simon
TEL: 800-617-2403

CST Lab: NVLAP 100432-0
Motorola Mobility Cryptographic Suite B Module
(Software Version: 5.4fm)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/25/2012
03/07/2012
03/14/2012
05/29/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Android 2.3
Android 4.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)
Multi-chip standalone

"The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home."
1665McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 S
(Hardware Versions: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/10/2012Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1664Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, Ontario L4W 0B5
Canada

Certicom Sales
TEL: 905-507-4220
FAX: 905-507-4230

Kris Orr
TEL: 289-261-4104
FAX: 905-507-4230

CST Lab: NVLAP 200928-0
Security Builder® FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware01/10/2012
03/30/2012
Overall Level: 1


-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025
ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1663

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2012Overall Level: 2

Multi-chip standalone
1662McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 4150F
(Hardware Versions: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/29/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1661McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 2150F
(Hardware Versions: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/29/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications"
1660McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100F
(Hardware Versions: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/29/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1659A10 Networks, Inc.
2309 Bering Drive
San Jose, CA 95131
USA

John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200648-0
AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11
(Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/29/2011
06/14/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1658Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: +82-31-208-3870
FAX: +82-10-3204-4201

CST Lab: NVLAP 200648-0
Samsung SSD PM810 SED FIPS 140 Module
(Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/29/2011Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878)

-Other algorithms: N/A
Multi-chip standalone

"SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
1657Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 3560-X and 3750-X Switches
(Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/22/2011
02/23/2012
05/29/2012
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength)
Multi-chip standalone

"Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules.The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev"
1656SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0
Luna® PCI Cryptographic Module for Luna® IS and RSS
(Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/22/2011
01/11/2012
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed)

-Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip embedded

"The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1655Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0
Concepteers Teleconsole TCS6U4W
(Hardware Version: A2; Firmware Version: 2.0)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/15/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (2) (non-compliant); RC4;
Multi-chip standalone

"The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1654Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Michael Hong
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200648-0
Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW
(Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2011Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (non-compliant); SHS (non-compliant)
Multi-chip standalone

"Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS"
1653McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2011Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1652Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
SSG 5 and SSG 20
(Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)
(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/15/2011
07/24/2012
12/11/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5
Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essentialnetworking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networksintegrated security devices address the needs of small to medium sized locations, largedistributed enterprises, and service providers as well as large and co-located datacenters."
1651Nexgrid, LLC
4444 Germanna Hwy
Locust Grove, VA 22508
USA

Thomas McLure
TEL: 888-556-0911 ext 1010
FAX: 703-562-8385

Haim Shaul
TEL: 888-556-0911 ext 1003
FAX: 703-562-8385

CST Lab: NVLAP 200427-0
ecoNet smart grid gateways: ecoNet SL and ecoNet MSA
(Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2012Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 224 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring."
1650Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Unified IP Phone 6921, 6941, 6945 and 6961
(Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1 or 9.4(1)SR1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/14/2011
02/23/2012
12/31/2014
Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1649AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0
SpectraGuard® Enterprise Server
(Firmware Version: 6.5.35)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware12/14/2011
01/31/2012
Overall Level: 1


-Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2

-FIPS Approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 178 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160
Multi-chip standalone

"The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks"
1648Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Ross Choi
TEL: 972-761-7628

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0
Samsung Kernel Crypto API Cryptographic Module
(Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2)
(When operated in FIPS mode and only on the specific platforms specified on the reverse)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/14/2011Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1)
Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)
Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1647Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Unified IP Phone 6901 and 6911
(Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1 or 9.3.1 SR1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/22/2011
02/23/2012
12/31/2014
Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1646McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 P
(Hardware Versions: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/06/2011Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5
Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1645McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Web Gateway WG5000 and WG5500 Appliances
(Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2011
01/17/2012
08/24/2012
08/24/2012
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875)

-Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)
Multi-chip standalone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
1644VMware, Inc.
3401 Hillview Avenue
Palo Alto, CA 94304
USA

Pam Takahama
TEL: 650-427-2063

CST Lab: NVLAP 200556-0
PCoIP Cryptographic Module for VMware View
(Software Version: 3.5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/06/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Tested Configuration(s): Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850
Microsoft Windows XP running on a Dell Optiplex GX260
Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850

-FIPS Approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964)

-Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications."
1643Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Common Cryptographic Module (C3M)
(Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/29/2011
02/23/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit)
Red Hat Enterprise Linux v5 (32-bit and 64-bit)
Linux Kernel 2.6.27.7
Yellow Dog Linux 6.2
Windows 7 SP1 (32-bit and 64-bit)
Mac OS X 10.6 (32-bit and 64-bit)
Openwall Linux 3.0 (32-bit)
Android 2.3.3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1642U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0
PKI BLADE Cosmo
(Hardware Version: P/N B0; Firmware Versions: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2)
(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6)

PIV Certificate #25

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/21/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3)

-Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)
Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics."
1641Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Version: 5.4fm)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/17/2011
05/29/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Android 2.3
Android 4.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)
Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1640Watchdata Technologies Pte Ltd
No.2 Yandong Business Park
Wanhong West Street
Capital Airport Road
Beijing, Chaoyang District 100015
People's Republic of China

Bai Jing

CST Lab: NVLAP 200658-0
WatchKey USB Token
(Hardware Versions: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/17/2011Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425)

-Other algorithms: SHA-1 (non-compliant)
Multi-chip standalone

"The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users."
1638Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiKey - Flash and HiKey PKI Token
(Hardware Versions: 2.0 and 2.1; Firmware Version: 2.0; Software Version: Card OS version 3.2 with PKI Applet: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/16/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839)

-Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant)
Multi-chip standalone

"The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1637Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0
Security Builder® FIPS Java Module
(Software Versions: 2.8 and 2.8.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/16/2011
08/24/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit
Solaris 10, 64-bit
Red Hat Linux AS 5.5, 32-bit
Red Hat Linux AS 5.5, 64-bit
Windows Vista, 32-bit
Windows Vista, 64-bit
Windows 2008 Server, 64-bit (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1634Pierson Capital Technology LLC
129 North La Salle Street
Suite 3800
Chicago, IL 60602
USA

Frank Psaila
TEL: +86 13501108625
FAX: +86 1085183930

Likely Lee
TEL: +86 13810220119
FAX: +86 1085183930

CST Lab: NVLAP 200658-0
MIIKOO
(Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/10/2011Overall Level: 3

-FIPS Approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)
Multi-chip standalone

"MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network."
1633Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0
Dolphin DCI 1.2
(Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/10/2011
06/07/2013
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5
Multi-chip embedded

"The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1632Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

Ross Choi
TEL: 972-761-7628

Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0
Samsung Key Management Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/10/2011Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2)
Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed)

-Other algorithms: N/A
Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1631

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/24/2012
05/03/2012
Overall Level: 2

Multi-chip standalone
1630Advantor Systems, LLC
12612 Challenge Parkway
Suite 300
Orlando, FL 32826
USA

Chuck Perkinson
TEL: 407-926-6960
FAX: 407-857-1635

CST Lab: NVLAP 200427-0
Infraguard Processor Module
(Hardware Version: 5.1; Firmware Version: 1.01)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/10/2011Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip embedded

"The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product."
1629Protected Mobility LLC
6259 Executive Blvd
Rockville, MD 20852
USA

Paul Benware
TEL: 585-582-5601
FAX: 585-582-3297

Donald Paris
TEL: 301-770-4556
FAX: 240-238-6637

CST Lab: NVLAP 200697-0
PMCryptolib
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/16/2011Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with iOS 4.2
iOS 4.3
Android 2.2
Android 2.3
Android 3.0
(single-user mode)

-FIPS Approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222)

Multi-chip standalone

"PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)."
1628NAL Research Corporation
9300 West Courthouse Rd.
Suite 102
Manassas, VA 20110
USA

Peter Kormendi
TEL: 703-392-1136

CST Lab: NVLAP 200697-0
XM Crypto Module
(Firmware Version: 1.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware11/07/2011Overall Level: 1


-Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0

-FIPS Approved algorithms: AES (Cert. #1698)

-Other algorithms: N/A
Multi-chip standalone

"A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port."
1626ViaSat UK Ltd.
Sanford Lane
Wareham, Dorset BH20 4DY
United Kingdom

Tim D. Stone
TEL: +44 1929 55 44 00
FAX: +44 1929 55 25 25

CST Lab: NVLAP 200556-0
FlagStone Core
(Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/31/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531)

-Other algorithms: N/A
Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano."
1625Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Version: 5.3.1v)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/30/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with ThreadX v5.3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910)

-Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant)
Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1624

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/24/2011
12/21/2011
Overall Level: 4

Multi-chip embedded
1623

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/24/2011
12/21/2011
Overall Level: 4

Multi-chip embedded
1622Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0
CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/24/2011Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 to 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1620Klas Ltd
1101 30th Street NW
Suite 500
Washington, DC 20007
USA

Frank Murray
TEL: 866-263-5467
FAX: (866)-532-3091

CST Lab: NVLAP 100432-0
KlasRouter
(Hardware Versions: KlasRouter, Versions 3.02 and 3.03; Firmware Versions: KlasOS3, Version 3.1.0 rc0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/19/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant)
Multi-chip standalone

"KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment."
1619Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089-1206
USA

Seyed Safakish
TEL: 408-745-2000
FAX: 408-745-2100

Bishakha Banerjee
TEL: 408-745-2000
FAX: 408-745-2100

CST Lab: NVLAP 100432-0
FIPS Multi Service PIC
(Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/19/2011Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES
Multi-chip embedded

"The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future."
1618

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/18/2011Overall Level: 2

Multi-chip standalone
1617Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

CST Lab: NVLAP 200697-0
Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways
(Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/06/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS."
1616Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0
Concepteers Teleconsole E
(Hardware Version: rev A1; Firmware Version: 2.0)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/05/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1615Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
USA

John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0
Symantec Java Cryptographic Module
(Software Version: 1.0)
(This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/30/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5
Multi-chip standalone

"The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1613Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways
(Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/06/2011
11/08/2011
12/11/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1612Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.4f)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/29/2011
10/26/2011
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Android 2.2
WindRiver 4.0 using Linux 2.6.34 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819)

-Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)
Multi-chip standalone

"The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1611Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks SRX3400 and SRX3600 Services Gateways
(Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/06/2011
11/08/2011
12/11/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1610EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

Dan Reddy
TEL: 508-249-2733

Kerry Mahoney
TEL: 508-249-4940
FAX: 508-249-3172

CST Lab: NVLAP 200427-0
4 Gb/s FC I/O Module with Encryption
(Hardware Version: 303-176-100B B04)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/2011Overall Level: 1

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1638)

-Other algorithms: AES (Cert. #1638, key wrapping)
Multi-chip embedded

"Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once.EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported."
1609AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0
SpectraGuard® Enterprise Sensor
(Hardware Versions: SS-300-AT-C-10 [1] and SS-300-AT-C-60 [2] with SS-FIPS-TPL; Firmware Versions: 6.2.39p1 [1] and 6.7.U4.48FIPS [2])
(When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/2011
09/16/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1310 and #2609); SHS (Certs. #1199 and #2193); RNG (Certs. #732 and #1235); RSA (Certs. #628 and #1335); HMAC (Certs. #763 and #1617)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5
Multi-chip standalone

"The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
1608Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304
USA

Gloria English
TEL: 408-447-3979

Mihai Damian
TEL: 408-447-3977

CST Lab: NVLAP 200002-0
NonStop Volume Level Encryption (NSVLE)
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/26/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0
Debian Linux HPTE Ver. 4.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert. #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5
Multi-chip standalone
1607Verdasys, Inc.
404 Wyman St.
Suite 320
Waltham, MA 02451
USA

Harvey Morrison
TEL: 781-788-8180

CST Lab: NVLAP 200002-0
Verdasys Secure Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/26/2011
08/24/2012
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit
Windows XP 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (non-compliant)
Multi-chip standalone

"The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
1606Fortress™ Technologies, Inc.
2 Technology Park Dr
Suite 2200
Oldsmar, FL 34677
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0
Fortress Mesh Points
(Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1)
(When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/2011
05/17/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits security strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5
Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1605Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0
CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/26/2011Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-complaint); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1604Centrify Corporation
785 N. Mary Avenue
Suite 200
Sunnyvale, CA 94085
USA

Kitty Shih
TEL: 408-542-7500
FAX: 408-542-7575

CST Lab: NVLAP 200648-0
Centrify Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/20/2011
12/01/2011
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Mac OS X 10.6.5
Mac OS X 10.7
RedHat Enterprise Linux ES v5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
1603Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

Mark Kettle
TEL: 613-763-2422
FAX: 613-763-7191

Bao-Chau Nguyen
TEL: 613-763-1671
FAX: 613-763-7191

CST Lab: NVLAP 200556-0
Optical Metro 5130
(Hardware Versions: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/20/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler
Multi-chip standalone

"The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day."
1602Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0
Juniper Networks SRX5600 and SRX5800 Services Gateways
(Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)
(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/20/2011
11/08/2011
12/11/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)
Multi-chip standalone

"Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1601McAfee, Inc.
27201 Puerta Real, Suite 400
Mission Viejo, CA 92691
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
McAfee Endpoint Encryption for PCs
(Software Version: 5.2.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/08/2011
10/04/2011
Overall Level: 1

-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP 32-bit
Windows Vista 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments."
1600IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Firmware Version: 4765-001 (e1ced7a0); Software Versions: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid09/08/2011Overall Level: 1

-Cryptographic Module Specification: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C))
Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant)
Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1599STMicroelectronics, Inc.
750 Canton Drive
Suite 300
Coppell, TX 75019
USA

Gianfranco Scherini
TEL: 408-919-8426
FAX: 408-919-0250

CST Lab: NVLAP 200802-0
HardCache™-SL3/PC v2.1
(Hardware Version: STM7007)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/20/2011Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Single-chip

"The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security."
1598Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0
Symantec Cross-Platform Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/02/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows 2003 Server (32-bit)
RHEL 5 (32-bit)
Solaris 10 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83)

-Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1597Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

Main Office
TEL: 601-519-0123
FAX: 601-510-9080

Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0
B200™ and B300™ Remote Support Appliances
(Hardware Versions: B200, B300 or B300r1; Firmware Version: 3.2.2 FIPS; Software Version: 10.6.2 FIPS)
(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/2011
10/26/2011
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5
Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1596Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

Main Office
TEL: 601-519-0123
FAX: 601-510-9080

Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0
B400™ Remote Support Appliance
(Hardware Version: B400 or B400r1; Firmware Version: 3.2.2 FIPS; Software Version: 10.6.2 FIPS)
(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/2011
10/26/2011
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5
Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1595Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Gorczyca

CST Lab: NVLAP 200556-0
Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/31/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003
Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA (KeyGen, non-compliant); ANSI X9.31 RSA (SigVer, non-compliant); RC2; RC4; MD5; MD2; MD4; DES
Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1594SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0
SafeNet Ethernet Encryptor, Branch Office
(Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2])
(When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/27/2011Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Camellia; SEED
Multi-chip standalone

"The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1593Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, Taiwan 300
Republic of China

C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0
Mxtran Payeeton Solution
(Hardware Version: MX11E25644E; Firmware Version: Simker v2.30)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2011Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820)

-Other algorithms: N/A
Single-chip

"Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1591Symantec Corporation
20330 Stevens Creek Blvd
Cupertino, CA 95014
USA

John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0
Symantec Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/12/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit)
Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943)

-Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (Cert. #789, key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1590BAE Systems
2525 Network Place
Herndon, VA 22171
USA

John Ata
TEL: 703-736-4384
FAX: 703-736-4348

CST Lab: NVLAP 200427-0
STOP OS 7 Kernel Cryptographic Module
(Software Version: 1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/10/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048)

-Other algorithms: DES
Multi-chip standalone

"The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules."
1589ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0
UEP Cryptographic Module
(Software Version: 4.11.10)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/10/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74)

-Other algorithms: N/A
Multi-chip standalone

"UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest."
1588McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
Agent Cryptographic Module
(Software Version: 1.0 or 1.1)
(When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/05/2011
04/26/2013
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199);

-Other algorithms: NDRNG
Multi-chip standalone

"McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products."
1587McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
ePO Cryptographic Module
(Software Versions: 1.0, 1.1, 1.2, 1.3, or 1.4)
(When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/05/2011
11/17/2011
04/02/2012
08/16/2012
01/04/2013
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707);

-Other algorithms: NDRNG
Multi-chip standalone

"McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products."
1586ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0
Unified Platform Cryptographic Library
(Software Version: 1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/09/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish
Multi-chip standalone

"Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest."
1585Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0
FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Versions: FortiOS 4.0, build6359, 100712)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2011Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1584Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0
FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4]
(Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Versions: FortiOS 4.0, build6341, 100617)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2011Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1583Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0
FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7]
(Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Versions: FortiOS 4.0, build6359, 100712)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2011Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)
Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1582Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
IPCryptR2
(Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2011Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3
-Tested Configuration(s): Level 3

-FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG
Multi-chip standalone

"The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
1581Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Ambrose
TEL: 703-628-2935

Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0
Check Point IP Appliance
(Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30)
(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2011Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418)

-Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (K3 mode; non-compliant)
Multi-chip standalone

"The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1580Hewlett-Packard TippingPoint
7501 N. Capital of Texas Highway
Austin, TX 78737
USA

Dinesh Vakharia
TEL: 512-681-8271

Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0
HP TippingPoint Security Management System
(Firmware Version: 3.2.0.8312.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/10/2011Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server

-FIPS Approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068)

-Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED
Multi-chip standalone

"The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments."
1576Teledyne Webb Research
82 Technology Park Drive
East Falmouth, MA 02536
USA

David Pingal
TEL: 508-548-2077 x 146

CST Lab: NVLAP 200002-0
MiniCrypt
(Software Version: 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/21/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26

-FIPS Approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738)

-Other algorithms: N/A
Multi-chip standalone

"MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions."
1575Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200556-0
BlackBerry Smartcard Reader
(Hardware Version: 2.0; Firmware Version: 3.8.5.51)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/15/2011Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140)

-Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)
Multi-chip standalone

"The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers."
1574McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
Endpoint Encryption Manager
(Software Version: 5.2.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/15/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit)
Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1573U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0
PKI BLADE Applet and Protiva PIV DL Card
(Hardware Version: P/N P5CD144 Version A1047808; Firmware Versions: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2)
(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12)

PIV Certificate #22

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/2011
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450); CVL (Cert. #214)

-Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength)
Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics."
1572Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

Hang Liu
TEL: 434-455-9610

Dennis Boyer
TEL: 919-609-0608

CST Lab: NVLAP 200426-0
Harris AES Software Load Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/13/2011Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1482)

-Other algorithms: N/A
Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1571Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200002-0
nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3]
(Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30)
(When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/13/2011Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Triple-DES Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681)

-Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures."
1570SanDisk Corporation
Atir Yeda 7
Kfar-Saba
Israel

Boris Dolgunov
TEL: +972-9-7645000
FAX: +972-3-5488666

CST Lab: NVLAP 100432-0
Cruzer Enterprise FIPS Edition
(Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/12/2011Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779)

-Other algorithms: RSA (encrypt/decrypt)
Multi-chip embedded

"The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises."
1569Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0
IMB
(Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2011
08/16/2012
06/07/2013
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box
Multi-chip embedded

"The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault™, allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB."
1568McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
Endpoint Encryption Manager
(Software Version: 5.2.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/30/2011Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2003 (32-bit)
Windows Server 2008 (64 bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG
Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1567Lumension Security, Inc.
15880 Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260
USA

Chris Chevalier
TEL: 480-970-1025
FAX: 480-970-6323

Ron Smith
TEL: 480-663-8763
FAX: 480-970-6323

CST Lab: NVLAP 200002-0
Lumension Cryptographic Kernel
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/27/2011Overall Level: 2

-Tested Configuration(s): Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version)
Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version)
Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version)
Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version)

-FIPS Approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; ECIES
Multi-chip standalone

"The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media."
1566RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0
RSA BSAFE® CNG Cryptographic Primitives Library
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/27/2011
01/24/2013
Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit)
Microsoft Windows 7 (x86_64 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed."
1565Xceedium, Inc.
30 Montgomery Street
Suite 1020
Jersey City, NJ 07302
USA

Trevor Brown
TEL: 613 801 0466

CST Lab: NVLAP 200556-0
Xceedium Xsuite
(Hardware Versions: 5, 5a and 5b; Firmware Version: 1.0.0)
(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/23/2011
12/03/2012
10/23/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (Cert. #483; non compliant)
Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1564Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163
USA

Joe Casebolt
TEL: 509-332-1890
FAX: 509-332-7990

CST Lab: NVLAP 100432-0
SEL-3044
(Hardware Version: 1.0; Firmware Version: R101 or R103)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/23/2011
02/15/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412)

-Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)
Multi-chip standalone

"The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio."
15633e Technologies International, Inc.
Suite 500, 9715 Key West Avenue
Rockville, MD 20850
USA

Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200002-0
3e-030-2 Security Server Cryptographic Core
(Software Version: 4.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software06/20/2011Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5
Multi-chip standalone

"The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5"
1562Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren

CST Lab: NVLAP 200416-0
Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2]
(Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 4.5)
(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/20/2011
02/13/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG
Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1561Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

David Hostetter
TEL: 303-272-7126
FAX: 303-272-6555

CST Lab: NVLAP 100432-0
StorageTek™ T10000C Tape Drive
(Hardware Version: P/N 316052503; Firmware Version: 1.51.318)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/17/2011Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763)

-Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5
Multi-chip standalone

"The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution."
1560Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs)
(Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/2011
02/23/2012
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Multi-chip standalone

"The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1559Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0
Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 610113-002 Rev. C; Firmware Versions: Loader Version 0.66, PSMCU Version 0.98)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/2011
09/19/2011
01/25/2016
02/09/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194)

-Other algorithms: N/A
Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1558Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 200802-0
Gemini
(Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/2011
07/19/2011
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367)

-Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG
Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1557McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 2150E
(Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1556McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 1100E
(Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES
Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1555BlockMaster AB
Kyrkogatan 17
Lund S-222 22
Sweden

Johan Söderström
TEL: +46 (0) 46-2765100

Anders Pettersson
TEL: +46 (0) 46-2765100

CST Lab: NVLAP 200002-0
BM-C1000
(Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/07/2011Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3

-FIPS Approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683); RSA (Cert. #617)

-Other algorithms: NDRNG; RSA-512 (non-compliant)
Multi-chip embedded

"The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)."
1554McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise 4150E
(Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/07/2011Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryp