Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
884	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks SSG 520M and SSG 550M (Hardware Versions: P/N SSG 520M and SSG 550M; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/14/2007; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #218); SHS (Cert. #601); Triple-DES (Cert. #535); AES (Cert. #529); HMAC (Cert. #278); RSA (Cert. #239); RNG (Cert. #304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks Secure Services Gateway 500 Series (SSG) represents a new class of purpose-built security appliance that delivers a perfect mix of performance, security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
883	TriCipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	TriCipher Common Core Cryptographic Module (Software Version: 3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun JDS Linux 2.4.19 and Microsoft Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #571); RSA (Cert. #273); HMAC (Cert. #310); SHS (Cert. #649); RNG (Cert. #341) -Other algorithms: DES; MD5; RSA (PKCS #5); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The CCCM provides all cryptographic functionality used by TriCipher's ID Tool, APIs and other client-side products."
882	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Yellow Dog Linux 2.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #545); AES (Cert. #549); SHS (Cert.#614); HMAC (Cert. #290); RNG (Cert. #317); DSA (Cert. #223); ECDSA (Cert. #57); RSA (Cert. #246) -Other algorithms: DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; ECNR; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); ECIES Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
881	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment provides 56 bits of encryption strength); DES; MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
880	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite V2 for PIV (Hardware Version: HW P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.2 and 2.6.2.A3; PKI/GC applet package v2.6.2.3 and 2.6.2.A1; ASC library package v2.6.2.2 and 2.6.2.A1; PIV End-Point packages v2.6.2.6, v2.6.2.A1 and v2.6.2.A2) (PIV Card Application: Cert. #7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007; 01/25/2008; 04/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES; DES MAC Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
879	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 515 and PIX 515E (Hardware Versions: 515 and 515E; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
878	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -William McIntosh TEL: 813-288-7388 x117	Fortress Secure Client (Software Versions: 3.1 and 3.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 04/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2; Windows 2000 Professional with SP4; Windows 2003 Server with SP2; Windows CE 3.0; Windows CE 4.0; Windows CE 5.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #607); HMAC (Cert. #313); RNG (Cert. #346); SHS (Cert. #656); Triple-DES (Cert. #579) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
877	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA (Hardware Versions: 7206VXR Version: 2.9, NPE-G1 Version: 2.1, NPE-G2 Version: 1.0, VAM2+ Version: 1.0, VSA Version: 1.0, C7200-JC-PA Version: 1.0, 7301 Version: 2.0; Firmware Version: 12.4(11)T1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #91 and #173); HMAC (Certs. #39 and #203); RNG (Certs. #83, #266 and #267); SHS (Certs. #258, #500, #556 and #557); Triple-DES (Certs. #204 and #275) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
876	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version: P/N CLN7493D Version 8; Firmware Version: R3.52.42) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
875	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RC2; RC4 Multi-chip standalone "The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, DSA and Diffie-Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
874	3e Technologies International, Inc. 9715 Key West Avenue 5th Floor Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989 -Chris Guo TEL: 301-944-1294 FAX: 301-670-6989	3e Cryptographic Kernel Library (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593) -Other algorithms: Multi-chip standalone "The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873	Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA -Jack Edington TEL: 319-295-5997 -Robert Shreve TEL: 319-295-2611	Common Crypto Circuit Card Assembly (Hardware Version: 944-2541-004; Software Version: 091-3186-006) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Physical Security: Level 2 -EMI/EMC: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #169) -Other algorithms: Serpent; Twofish; Triple-DES (non-compliant) Multi-chip embedded "The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
872	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 525 and PIX 535 (Hardware Versions: 525 and 535; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
871	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200 and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Nitrox XL NFB FIPS Cryptographic Module is a cryptographic module integrated into a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
870	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200, and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Cavium Nitrox NFB Cryptographic Modules are a cryptographic component of the Nitrox PCI acceleration board that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
869	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/27/2007; 12/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64, and IA64) (single user mode) -FIPS-approved algorithms: HMAC (Cert. #287); RNG(Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) -Other algorithms: DES; HMAC-MD5 Multi-chip standalone "Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
868	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
867	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HICOS PKI Smart Card Chip (Hardware Version: HD65257C1; Software Versions: GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2, and GSM Applet 1.0; Firmware Versions: HardMask: 2.0 and SoftMask: 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/19/2007	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #234); Triple-DES (Cert. #530); SHS (Cert. #594); RNG (Cert. #298); AES (Cert. #522); HMAC (Cert. #272); Triple-DES MAC (Triple-DES Cert. #530, vendor affirmed) -Other algorithms: COMP-128; AES-MAC (AES Cert. #522; non-compliant) Single-chip "The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
866	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-527A3 AirGuard™ Wireless Access Point, 3e-527A3 AirGuard™ Wireless Access Point with Outdoor Option and 3e-527A3MP AirGuard™ Wireless Access Point with Mobile Power (Hardware Versions: 1.1, 1.1 and 1.1; Firmware Version: 4.0.10.23) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #627); HMAC (Cert. #325); RNG (Cert. #359); SHS (Cert. #669); Triple-DES (Cert. #589) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-527A3 is a device that consists of electronic hardware, firmware, and a strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-527A3 operates as either a gateway connecting a local area network to wide area network (WAN) or as an access point within a local area network."
865	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Versions: 2.1.0.2 [1] and 2.1.0.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/20/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with [1]: AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 Phone Edition; Windows Mobile 5.0; Windows Mobile 5.0 Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2). Tested as meeting Level 1 with [1] and [2]: Windows 2003 SP1 (32-bit x86 - VS6.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Certs. #644 and #673); DSA (Certs. #242 and #254); ECDSA (Certs. #68 and #74); HMAC (Certs. #333 and #357); RNG (Certs. #367, #392 and vendor affirmed: SP 800-90); RSA (Certs. #295 and 314); SHS (Certs. #679 and #706); Triple-DES (Certs. #596 and #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
864	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Key Management Facility Crypto Card (KMF CC) (Hardware Version: P/N T6722A Version CLN7612B; Firmware Version: R01.09) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/13/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DES MAC; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); HCA; LFSR; NDRNG Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
863		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/16/2007; 12/07/2007; 03/07/2008	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
862		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/07/2007	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
861	Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA -Shaun Lee TEL: +44 1189 243860	Oracle Cryptographic Libraries for SSL (Software Version: 10g (10.1.0.5)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/18/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server -FIPS-approved algorithms: Triple-DES (Cert. #573); AES (Cert. #608); SHS (Cert. #657); HMAC (Cert. #314); RSA (Cert. #281); RNG (Cert. #347) -Other algorithms: RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
860	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Digital Interface Unit Crypto Module (DIU CM) (Hardware Version: T6721A, Version CLN7611C; Firmware Versions: R82.01.02, R82.01.03 and R82.01.05) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82; vendor affirmed); AES (Cert. #2); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; HCA; ADP; LFSR; NDRNG; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola's Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola's APCO-25 compliant family of console and base station radio infrastructure equipment."
859	VMware, Inc. 3145 Porter Drive Palo Alto, CA 94304 USA -Eric Masyk TEL: 650-798-5820 FAX: 650-475-5001	ACE Encryption Engine (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/06/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP2; Microsoft Windows Vista Ultimate (single-user mode) -FIPS-approved algorithms: AES (Certs. #533 and #534); DSA (Cert. #220); HMAC (Certs. #280 and #281); RNG (Certs. #306 and #307); RSA (Cert. #241); SHS (Certs. #603 and #604); Triple-DES (Cert. #536) -Other algorithms: Diffie-Hellman (key agreement; not allowed in FIPS mode); DSA signature generation (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (sign/verify 512 bits; non-compliant) Multi-chip standalone "The ACE Encryption Engine allows virtual machines to be encapsulated into files which can be saved, copied, and provisioned. VMware Software Cryptographic Implementation is the kernel implementation that enables the VMware ACE application to perform its cryptographic functions such as hashing, encryption, digital signing, etc."
858	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Radio Network Controller Encryption Module Controller (RNC EMC) (Hardware Version: T7289A; Firmware Version: R03.04.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #530) -Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR Multi-chip standalone "The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
857	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Stefan Kotes TEL: 650-216-2082 FAX: 650-216-2565	Tumbleweed Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server SP2; SuSE Linux 9 Enterprise Server SP3; Windows XP SP2; SunOS 5.10; IBM AIX 5.2.0.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #524 and #543); Triple-DES (Certs. #531 and #540); RSA (Certs. #237 and #244); ECDSA (Certs. #54 and #56); SHS (Certs. #597 and #608); RNG (Certs. #300 and #311); HMAC (Certs. #275 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Tumbleweed Security Kernel is a software module implemented as two dynamic libraries that provide all security functionalities for several products of Tumbleweed Communications Corp., including Validation Authority, SecureTransport, and MailGate."
856	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD2; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
855	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Version: 5.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #511); Triple-DES (Certs. #520 and #521); DSA (Cert. #211); RSA (Cert. #224); ECDSA (Cert. #52); SHS (Cert. #581); HMAC (Cert. #263); Triple-DES MAC (Triple-DES Certs. #520 and #521, vendor affirmed); RNG (Cert. 288) -Other algorithms: AES MAC (AES Certs. #510 and #511; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna ® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
854	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; MD2-MAC; MD5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
853	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972.(0)3.978.1342 FAX: +972.(0)3.978.1010	eToken PRO HD (Hardware Version: (32K and 64K) 4.28; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
852	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972-(0)3-978-1342 FAX: +972-(0)3-978-1010	eToken PRO, eToken NG-OTP and eToken NG-FLASH (128 MB, 512 MB and 1 GB) (Hardware Versions: PRO (32K and 64K) 4.28, NG-OTP (32K and 64K) 2.25, NG-FLASH (32K) 4.27; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
851	QUALCOMM Inc. 5775 Morehouse Drive San Diego, CA 92121 USA -QGOV Sales & Marketing TEL: 877-461-4411	Cryptographic Extension for BREW® Cryptographic Engine (Software Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/24/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with LG Firmware OS T98VZV05 with BREW 3.1 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #488); AES (Cert. #473); SHS (Cert.#541); HMAC (Cert. #230); RNG (Cert. #256); DSA (Cert. #194); ECDSA (Cert. #42); RSA (Cert. #194) -Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "QUALCOMMs Binary Runtime Environment for Wireless (BREW®) provides an integrated platform for developing, selling, and distributing wireless applications. The Cryptographic Extension for BREW® is a general-purpose, software-based cryptographic module packaged as a BREW® extension that can be invoked by BREW® applications to permit FIPS 140-2 Level 1 validated general-purpose cryptography."
850	Doremi Cinema LLC 1020 Chestnut Street Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109	Dolphin Board (Hardware Version: P/N Version DOLPHIN-DCI-F; Firmware Versions: 22.00-0 and 22.00-1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #521 and #532); HMAC (Cert. #271); SHS (Cert. #593); RNG (Certs. #297 and #326) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of strength) Multi-chip standalone "The Dolphin Board is a PCI-card that provides a standard definition/high definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin Board utilizes a dual-link encrypted serial digital interface for output of DCI-compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e., trailers, advertisements, etc.)."
849	Comtech Mobile Datacom Corporation 20430 Century Blvd. Gaithersburg, MD 20874 USA -John Fossaceca TEL: 240-686-2146 FAX: 240-686-3301 -Bill Vaughan TEL: 240-686-3300 FAX: 240-686-3301	MTM-203 Satellite Mobile Transceiver (Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: C.3.6.T) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502) -Other algorithms: DES Multi-chip standalone "CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
848	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SCSI SEP v1.0 (Hardware Version: P/N 60-000343/A; Software Version: 27.8; Firmware Version: dccp_2_2_8_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
847	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort LKM SEP v1.0 (Hardware Version: P/N 60-000388/A; Software Versions: 40.3 and 40.4; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 12/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #523); ECDSA (Cert. #53); HMAC (Certs. #273, #274 and #212); RNG (Cert. #299); SHS (Certs. #595, #596 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
846	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort NAS SEP v1.0 (Hardware Version: P/N 60-000340/A; Software Version: 26.10; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
845	Utimaco® Safeware AG Hohemarkstrasse 22 Oberursel, Hessen D-61440 Germany -US Corporate Headquarters TEL: 508-543-1008 FAX: 508-543-1009 -Dr. Christian Tobias TEL: +49-6171-88-1711 FAX: +49-6171-88-1933	SafeGuard Cryptographic Engine (Software Version: 5.00) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows Server 2003 SP1; Free-BSD Version 5.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #512 and #513); Triple-DES (Cert. #522); HMAC (Cert. #264); SHS (Certs. #582, #583 and #584); RNG (Cert. #289) -Other algorithms: N/A Multi-chip standalone "SafeGuard Cryptographic Engine (SGCE) is a high-performance cryptographic library. It provides cryptographic services to the following products from the SafeGuard solutions: SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto."
844	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 571-236-6942	Sm@rtCafé Expert Embedded Security (Hardware Version: HD65246C1A05BQBC; Firmware Versions: CH463JC_ITIGERRSA_V101 and CH463JC_ITIGERRSA_V102) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Certs. #216 and #536); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed); RNG (Cert. #253) -Other algorithms: DES; DES MAC Single-chip "Sm@rtCafé Expert Embedded Security was developed by G&D and constitutes a complete operating system for smart cards. Providing a complete set of International Organization for Standardization (ISO), Europay, MasterCard and Visa (EMV) and proprietary enhanced commands, the Sm@rtCafé Expert Embedded Security incorporates standards-based functionality along with its own optimized command set."
843	iDirect Technologies, Inc. 13865 Sunrise Valley Drive Herndon, VA 20171 USA -Michael Cohen TEL: 703-463-2262 FAX: 703-648-8015	7350 iNFINITI Satellite Router [1], iConnex-700 [2], iConnex-100 [3], M1D1-T Universal Line Card [4] and 8350 iNFINITI Satellite Router [5] (Hardware Versions: 9130-0062-0002 [1], 9101-2040-0201 [2], 9101-2040-0202 [3], 9101-0040-0008 [4] and 9000-0040-0013 [5]; Software Versions: iDS version 7.1.2 [1, 2, 3 and 4] and iDS version 7.1.3 [5]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 02/06/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #527 and #528); Triple-DES (Cert. # 534); SHS (Cert. #600); RNG (Cert. # 303); RSA (Cert. #238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "An iDirect Time Division Multiple Access (TDMA) network is composed of a single outroute Single Channel Per Carrier (SCPC) and multiple inroute TDMA carriers. The iDirect TDMA network is optimized for satellite transmissions, squeezing the maximum performance out of the bandwidth provided by satellite links. The system is fully integrated with iDirectÆs Network Management System that provides configuration and monitoring functions. The iDirect network components consist of the Protocol Processor, Hub Line Card (also known as Universal Line Card), and the Ethernet switch with remote modem."
842	Dolby Laboratories, Inc. 100 Potrero Ave. San Francisco, CA 94103 USA -Matthew Robinson TEL: 415-558-0200 FAX: 415-645-4000	CAT904 Dolby® JPEG2000/MPEG2 Processor (Hardware Version: P/N CAT904Z Versions FIPS_1.0, FIPS_1.0.1 and FIPS_1.1; Firmware Version: 3.1.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 03/19/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #519 and #520); SHS (Cert. #592); RNG (Cert. #296); HMAC (Cert. #270); RSA (Cert. #233) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT904 Dolby® JPEG2000/MPEG2 processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
841	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
840	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "P7130IP Select, P7150IP Scan Portable and M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130IP, P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
839	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB6 - 6.00.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
838	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6717 FAX: +81-467-41-6975 -Daizoh Funamoto TEL: +81-467-41-6116 FAX: +81-467-41-6951	Command Encryption Module (Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	09/11/2007	Overall Level: 2  -EMI/EMC: Level 3 -Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1 -FIPS-approved algorithms: Triple-DES (Cert. #504) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
837	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-4000T and LX-8000S Series Console Servers (Hardware Versions: 600-R3248 RevB, 600-R3249 RevB, 600-R3250 RevB, 600-R3251 RevB, 600-R3252 RevC, 600-R3253 RevC, 600-R3254 RevB, 600-R3255 RevB, 600-R3256 RevB, 600-R3257 RevB, 600-R3258 RevC, 600-R3259 RevC, and 600-R3265 RevA through 600-R3288 RevA (inclusive); Firmware Version: linuxito Version: 4.1.4 and ppciboot Version: 4.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/11/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #226); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 178 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 112 bits of encryption strength) Multi-chip standalone "The LX-4000T and LX-8000S Series Console Servers are a key component of MRV¦s Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization¦s networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV¦s Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
836	Thales e-Security Meadow View House Crendon Industrial Estate Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.4 (Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/11/2007; 09/25/2007	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: N/A Multi-chip standalone "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
835	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCM (Hardware Versions: LTK-02-0301 and LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert #579); DSA (Cert #210); RSA (Cert #223); ECDSA (Cert #51); HMAC (Cert #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
834	Nokia Enterprise Mobility Systems Nokia Enterprise Mobility Systems 313 Fairchild Drive Mt View, CA 94043 USA -Jeff Ward TEL: 339-927-6383	Nokia VPN Appliance (Hardware Versions: IP260, IP265, IP1220, and IP1260; Firmware Versions: IPSO v3.9 and Check Point VPN-1 NGX (R60) [HFA-03] and IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007; 09/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #442, #226 and #91); Triple-DES (Certs. #465, #466, #317 and #204); HMAC (Certs. #207, #208, #19 and #203); SHS (Certs. #508, #509, #291 and #500); DSA (Certs. #181 and #204); RSA (Certs. #166, #167 and #215); RNG (Certs. #229 and #201) -Other algorithms: Cast; DES (Certs. #314 and #297); Triple-DES (K3 mode, non-compliant); MD5HMAC; MD5; Arcfour; Blowfish; Twofish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
833	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SAN SEP v2.0 (Hardware Versions: P/Ns 60-000191/A, 60-000337/A; Software Version: 27.8; Firmware Version: dcch2_4_2_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
832	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert. #579); DSA (Cert. #210); RSA (Cert. #223); ECDSA (Cert. #51); HMAC (Cert. #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert. #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
831	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, Microsoft Windows 2000 (single user mode) -FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498, #505 and #573); RNG (Certs. #221 and #227); HMAC (Certs. #201, #205 and #256) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. A plug-and-play solution, the Client encrypts and decrypts communication across the network and protects the device against attacks without user intervention."
830	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2000 FAX: 571-434-2001	CA100 (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/05/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #340); SHS (Cert. #334); HMAC (Cert. #69); RNG (Cert. #92) -Other algorithms: DES; DES MAC; MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CA100 is a centrally managed software IPSec client with VPN and firewall functionality. Unlike traditional IPSec software clients that have both the software client and associated policy locally stored on the client's system, the Cryptek CA100 user policies are stored and dynamically downloaded from our manager, the Cryptek CC200."
829	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Module for Palm OS 5 (Software Version: 2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm OS 5 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #509); AES (Cert. #496); SHS (Cert. #566); HMAC (Cert. #250); RNG (Cert. #276); DSA (Cert. #203); RSA (Cert. #212) -Other algorithms: DES; DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ARC4; MD5; HMAC-MD5 Multi-chip standalone "The Security Builder+ FIPS Module is a standards-based cryptographic toolkit that provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
828	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 SE; Windows Mobile 5.0 PocketPC; Windows Mobile 5.0 PocketPC Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 SP1 (32-bit x86 - VS6.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #490); DSA (Cert. #199); ECDSA (Cert. #47); HMAC (Cert. #244); RNG (Cert. #270); RSA (Cert. #203); SHS (Cert. #560); Triple-DES (Cert. #501) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
827	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.4.34 and 3.8.4.47) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	08/27/2007	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8700c with BlackBerry OS Version 4.2 -FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
826	Giritech Herstedøstervej 27-29 C2 2620 Albertslund, Denmark -Lars S. Christensen TEL: +45 30 763 652 FAX: +45 43 47 54 87	Cryptographic Support Library CryptFacility (Software Version: 1.0.485) (When operated in FIPS mode. This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #562 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional (in single-user mode) -FIPS-approved algorithms: AES (Cert. #216); Triple-DES (Cert. #309); Skipjack (Cert. #14); ECDSA (Cert. #5); DSA (Cert. #79); SHS (Cert. #134); HMAC (Cert. #26); RNG (Cert. #61) -Other algorithms: N/A Multi-chip standalone "The Girtech Cryptographic Support Library CryptFacility is a library implemented in the Giritech G/ON product line that performs all of its cryptographic functionality using a FIPS 140-2 validated library called Crypto++ (Cert #562)."
825	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Klorida Miraj TEL: 425-421-5229 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.00.1937) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 11/26/2007; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows CE 6.0 and Microsoft Windows CE 6.0 R2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #516); HMAC (Cert. #267); RNG (Cert. #292); RSA (Cert. #230); SHS (Cert. #589); Triple-DES (Cert. #526) -Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography."
824	Hummingbird Connectivity, a Division of Open Text Corporation 38 Leek Crescent Richmond Hill, Ontario L4B 4N8 Canada -Xavier Chaillot TEL: 514-281-5551 x261 FAX: 514-281-9958	Hummingbird Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro with SP2 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #206); DSA (Cert. #201); Triple-DES (Cert. #505); AES (Cert. #492); HMAC (Cert. #247); SHS (Cert. #563); RNG (Cert. #273) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD Multi-chip standalone "The Hummingbird Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Hummingbird Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol. The Hummingbird Cryptographic Module is available from Hummingbird Connectivity, a division of Open Text Corporation."
823	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-223-3139 -Wayne Whitlock TEL: 443-327-1489	Model 400 Smart Card (Hardware Version: P5CT072EV7/TOPBC150 Version 1.0; Firmware Version: 3.0, EXFs: PIV application executable Version 19) (PIV Card Application: Cert. #6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	8/22/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #455); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant) Single-chip "SCCOS is a state-of-the-art operating system that offers wide range of authentication services together with the highest levels of security. It offers powerful implementaions for public and secret key encryption supporting RSA, DSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
822	VIACK Corporation 16701 NE 80th St. Suite 100 Redmond, WA 98052 USA -Peter Eng TEL: 425-605-7400 FAX: 425-605-7405	VIA3 VkCrypt Cryptographic Module (Software Versions: 4.2 and 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/17/2007; 03/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #478); RNG (Cert. #258); RSA (Cert. #195); SHS (Cert. #546); HMAC (Cert. #235) -Other algorithms: RC2; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing. VIA3 is a secure online collaboration solution integrating real-time audio and video, instant messaging, application sharing, and access to workspaces."
821	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5510, ASA 5520 and ASA 5540 (Hardware Versions: 5510, 5520, and 5540; Firmware Versions: 7.2.2.18 and 7.2.2.27) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/17/2007; 06/23/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #536 and #789); HMAC (Certs. #125, #283 and 432; RNG (Certs. #144, #309 and #454); RSA (Certs. #106, #242, and #376); SHS (Certs. #196, #606 and #790); Triple-DES (Certs. #217, #538 and #682) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80-bits or 112-bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
820	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 3.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/13/2007; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #489); DSA (Cert. #198); HMAC (Cert. #243); RNG (Cert. #269); RSA (Cert. #202); SHS (Cert. #559); Triple-DES (Cert. #500) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
819	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677 -Donna Shaw TEL: 978-720-2351	Crypto++™ Library (Software Version: 5.3.0 [32-bit and 64-bit]) Validated to FIPS 140-2 Security Policy Certificate	Software	08/13/2007; 08/17/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #17 ); Triple-DES (Cert. #512 ); AES (Cert. #499 ); SHS (C