Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1035	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus (Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #100, #265 and #795); HMAC (Certs. #38, #77 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #344, #401 and #794); Triple-DES (Certs. #213, #347 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1034	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100 and #795); HMAC (Certs. #38, #50 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #317, #401 and #794); Triple-DES (Certs. #210, #213 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1033	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus (Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100 and #795); HMAC (Certs. #38, #50 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #317, #401 and #794); Triple-DES (Certs. #210, #213 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus and AIM-VPN/HPII-Plus)."
1032	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 -Dragan Grebovich TEL: 978-288-8069 FAX: 978-670-8153	VPN Client Software (Software Version: 7_11.101) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #721); HMAC (Cert. #389); RNG (Cert. #421); SHS (Cert. #740); Triple-DES (Cert. #644) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; 40-bit DES; MD5; ECDH (non-compliant); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
1031	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers (Hardware Versions: 1841 and 2801, AIM-VPN/SSL-1 Version: 1.0, Board Version: 01, AIM-VPN/SSL-2 Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #181 and #795); HMAC (Certs. #27, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #267 and #794); Triple-DES (Certs. #275, #283 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-1 and AIM-VPN/SSL-2)."
1030	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2 (Hardware Version: 2811 and 2821, AIM Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #265 and #795); HMAC (Certs. #39, #77 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #344 and #794); Triple-DES (Certs. #275, #347 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1029	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3 (Hardware Versions: 3825 and 3845, AIM-VPN/SSL-3 Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173 and #795); HMAC (Certs. #50, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #317 and #794); Triple-DES (Certs. #210, #275 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-3)."
1028	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2 (Hardware Version: 2851, AIM Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173 and #795); HMAC (Certs. #50, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #317 and #794); Triple-DES (Certs. #210, #275 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1027	Attachmate Corporation 1500 Dexter Ave N Seattle, WA 98109 USA -Diane Agemura TEL: 206-217-7500 FAX: 206-272-1346 -Kjell Swedin TEL: 206-217-7332 FAX: 206-272-1345	Attachmate Cryptographic Module (Software Version: 2.0.40) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server SP2 (x86); Red Hat Enterprise Linux 4.0 (x86); Sun Solaris 10 (x86); Microsoft Windows 2003 Server SP2 (x64); SuSE Linux Enterprise Server 9.0 (x64); Solaris 10 (x64); Microsoft Windows 2003 Server SP2 (IA64); Red Hat Enterprise Linux 4.0 (IA64); HP-UX 11iv3 (IA64); Solaris 8 (UltraSPARC); HP-UX 11iv1 (PA-RISC); AIX 5.2 (Power5); SuSE Linux Enterprise Server 9.0 (s390); Red Hat Enterprise Linux 4.0 on Hercules 3.05 s390 Emulator on Red Hat Enterprise Linux 5.0 (s390x) (single user mode) -FIPS-approved algorithms: AES (Cert. #808); DSA (Cert. #299); HMAC (Cert. #447); RNG (Cert. #465); RSA (Cert. #389); SHS (Cert. #805); Triple-DES (Cert. #689) -Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; SHA-224 (non-compliant); SHA-384 (non-compliant); HMAC SHA-224 (non-compliant); HMAC SHA-384 (non-compliant); CBC-DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, secure communications and systems and security management."
1026	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 FAX: 858-926-9020 -Ling Qin TEL: 408-276-0097 FAX: 858-526-9020	Sun Crypto Accelerator 6000 (Hardware Version: 375-3424, Revisions -02 and -03; Firmware Version: Bootstrap versions 1.0.1 and 1.0.10, Operational firmware version 1.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/07/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #856); DSA (Cert. #309); HMAC (Cert. #473); RNG (Cert. #490); RSA (Certs. #409 and #410); SHS (Certs. #469 and #850); Triple-DES (Cert. #435) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
1025	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Dr. Pali Surhar, Certification Manager TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Linux Ubuntu 8.0.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #764 and #765); SHS (Certs. #771 and #772); RNG (Cert. #440); RSA (Cert. #363); HMAC (Certs. #418 and #419) -Other algorithms: N/A Multi-chip standalone "The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit operating environments."
1024	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Linux (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NetFilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
1023	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277	3e-525A-3, 3e-525A-3 BASIC, 3e-525A-3 BASIC with TEC, 3e-525A-3MP and 3e-525A-3MP with TEC AirGuard™ Wireless Access Points (Hardware Versions: [module name] 2.0(A); Firmware Version: 4.2.1.23) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #238); CCM (Cert. #1); HMAC (Cert. #13); RNG (Cert. #22); SHS (Cert. #278); Triple-DES (Cert. #292) -Other algorithms: AES CFB (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The AirGuard™ models 3e-525A-3 Basic, 3e-525A-3, and 3e-525A-3MP Wireless Access Points are packaged in rugged weatherproof enclosures and conform to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking applications. The AirGuard 3e-525A-3MP is engineered specifically for vehicle operation. In access point or gateway mode, these products can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps to 108 Mbps. They perform mesh networking, repeater, or bridging applications at link data rates up to 108 Mbps."
1022	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Outbacker MXP (Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB and 1.0 Outbacker MXP 320 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/10/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: N/A Multi-chip standalone "Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021	CoCo Communications Corporation 999 3rd Ave, Suite 3700 Seattle, WA 98104 USA -Jeff Meyer TEL: 206-284-9387 FAX: 206-770-6461 -Mikhail Voloshin TEL: 206-812-5735 FAX: 206-770-6461	The CoCo Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720) -Other algorithms: Diffie-Hellman; SSLeay RNG Multi-chip standalone "The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS and A5000_2.4.8.22-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A800_3.1.1.7-FIPS and A5000_3.1.1.7-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure Services Client FIPS Module (Software Version: 1.0.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410) -Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman Multi-chip standalone "The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015	Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000 FAX: 859-232-3120	Lexmark Encryption Plug-In (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S2500 (Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C [1]; Firmware Versions: XS-15.1.0.75 [1], XS-15.1.0.76 [1] and XS-15.2.0.20 [1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S6000 (Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2] and GS-15.2.0.20 [1, 2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.4313) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-669	Revenector2008 (Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: RSA (Cert. #365); SHS (Cert. #765) -Other algorithms: N/A Multi-chip embedded "Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Code Integrity (ci.dll) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Winload OS Loader (winload.exe) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Mark Otto TEL: 408-447-3422 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4; RC2 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E7500 (Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.1.2600.5512) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) -Other algorithms: DES; MD5; HMAC MD5 Multi-chip standalone "FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC (Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 1200 (Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 50 (Hardware Version: 50; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
992	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 4500, NSA 5000 and NSA E5500 (Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0; (PIV Card Application: Cert. #12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
990	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits); MD5; RC2; RC4 Multi-chip standalone "The Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, TDES, DSA) in a cryptographic module accessible via the Microsoft CryptoAPI."
989	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) -Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHS, DES, TDES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
988	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP Passport (Hardware Versions: 4.3 Stealth MXP Passport Versions MUS3083C-FIPS, MUS3083D-FIPS, MUS3083E-FIPS, MUS3083F-FIPS, MUS3083G-FIPS, MUS3083E-MLCFIPS, MUS3083F-MLC-FIPS, MUS3083G-MLC-FIPS and MUS3083H-MLC-FIPS and 4.4 Stealth MXP Passport Versions MUS3086C-FIPS, MUS3086D-FIPS, MUS3086E-FIPS, MUS3086F-FIPS, MUS3086G-FIPS, MUS3086E-MLC-FIPS, MUS3086F-MLC-FIPS, MUS3086G-MLC-FIPS and MUS3086H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services"
987	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP (Hardware Versions: 4.3 Stealth MXP Versions MUS3082C-FIPS, MUS3082D-FIPS, MUS3082E-FIPS, MUS3082F-FIPS, MUS3082G-FIPS, MUS3082E-MLCFIPS, MUS3082F-MLC-FIPS, MUS3082G-MLC-FIPS and MUS3082H-MLC-FIPS and 4.4 Stealth MXP Versions MUS3085C-FIPS, MUS3085D-FIPS, MUS3085E-FIPS, MUS3085F-FIPS, MUS3085G-FIPS, MUS3085E-MLCFIPS, MUS3085F-MLC-FIPS, MUS3085G-MLC-FIPS and MUS3085H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
986	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.32a) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	07/24/2008	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8300 with BlackBerry OS Version 4.5 -FIPS-approved algorithms: Triple-DES (Cert. #671); AES (Certs. #774 and #775); SHS (Cert. #777); HMAC (Cert. #423); RSA (Cert. #367); RNG (Cert. #444); ECDSA (Cert. #85) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
985	Route1® Inc. 155 University Avenue Suite 1920 Toronto, ON M5H 3B7 Canada -Jerry S. Iwanski TEL: 416-848-8391 -Jeff Denberg TEL: 416-848-8391	Route1® FIPS Cryptographic Module (Software Version: 2.1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/17/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 SP1 (32-bit x86 - VC8.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #673); DSA (Cert. #254); ECDSA (Cert. #74); HMAC (Cert. #357); RNG (Cert. #392); RSA (Cert. #314); SHS (Cert. #706); Triple-DES (Cert. #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG SP 800-90 (non-compliant) Multi-chip standalone "The Route1 FIPS Cryptographic Module lies at the core of Route1®'s MobiNET™ a communications and service delivery platform focused on identity management and entitlement-based access to systems and resources. MobiNET™services are delivered on a number of digital form factors, such as mobile phones, handheld devices and Route1 MobiKEY™ an ultra-portable, smart-card enabled USB device. The Route1 FIPS Cryptographic Module's functionality includes a wide range of data encryption and asymmetric algorithms including AES, the RSA Public Key Cryptosystem, DSA, and the SHA family of message digests."
984	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 3500 (Hardware Version: P/N 101-500073-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #633); AES (Cert. #702); DSA (Cert. #267); RNG (Cert. #413); RSA (Cert. #328); SHS (Cert. #730); HMAC (Cert. #380) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
983	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E6500 (Hardware Version: P/N 101-500164-50, Rev. C; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #635); AES (Cert. #704); DSA (Cert. #269); RNG (Cert. #415); RSA (Cert. #330); SHS (Cert. #732); HMAC (Cert. #382) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
982	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	TZ 180, TZ 180W, TZ 190 and TZ 190W (Hardware Versions: P/N 101-500161-50, Rev. A (TZ 180); P/N 101-500160-50, Rev. A (TZ 180W); P/N 101-500080-52, Rev. A (TZ 190); P/N 101-500101-52, Rev. A (TZ 190W); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #632); AES (Cert. #701); DSA (Cert. #266); RNG (Cert. #412); RSA (Cert. #327); SHS (Cert. #729); HMAC (Cert. #379) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "SonicWALLÆs TZ Series is a high performance security platform that combines a deep packet inspection firewall, anti-virus, anti-spyware, intrusion prevention, content filtering, optional modular modem backup, and optional 802.11 b/g WLAN. These solutions allow small, remote, and branch offices to implement protection from the wide spectrum of emerging network threats."
981	FRAMA AG Unterdorf Lauperswil, CH-3438 Switzerland -Beat C. Waelti TEL: +41 34 496 98 98 FAX: +41 34 496 98 00 -Markus Arn TEL: +41 34 496 98 98 FAX: +41 34 496 98 00	FRAMA PSD-I (Hardware Version: 2.4; Firmware Version: 1.0.6) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #450); RSA (Cert. #157); SHS (Cert. #489); RNG (Cert. #215) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); CRC32 Multi-chip embedded "The cryptographic module (called Postal Security Device, PSD) supports booking processes within postal meters as well as value loading processes in order to increase the postage credits. The postage credits are kept as CSPs within the PSD. In detail the use of cryptographic services, like the production of cryptographic keys, the encoding, decoding or signature and signature verification is part of PSD internal purposes to the booking processes mentioned above. The PSD uses the following algorithms in the approved mode of operation: Triple-DES; RSA; SHA-1; RNG acc. to FIPS 186-2."
980	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Code Integrity (ci.dll) (Software Versions: 6.0.6001.18000, 6.0.6001.18023 and 6.0.6001.22120) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
979	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Winload OS Loader (winload.exe) (Software Versions: 6.0.6001.18000, 6.0.6001.18027 and 6.0.6001.22125) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #978 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
978	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); HMAC (Cert.#415); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
977	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 4000, nShield F2 2000, nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
976	Ingrian Networks, Inc. 350 Convention Way Redwood City, CA 94063 USA -Eric Murray TEL: 650-261-2400 FAX: 650-261-2401	DataSecure Appliance i430, i426, and i116 (Hardware Versions: P/N DS-0116-0100-00 (i116); P/Ns DS-0430-0100-00 and DS-0430-01NP-00 (i430); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306); Diffie-Hellman (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; SEED; MD5; RC4 Multi-chip standalone "The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
975	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3201 Wireless Mobile Interface Card with thermal plates (Hardware Version: 800-25522-02; Firmware Version: S3201W7K9-12308JK) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370 and #799); CCM (Cert. #11); SHS (Cert. #797); HMAC (Cert. #439); RNG (Cert. #459) -Other algorithms: HMAC MD5; MD5; RC4; RSA (non-compliant) Multi-chip embedded "The C3201WMIC-TPAK9 provides wireless connectivity for the Cisco 3200 Series Mobile Access Router. The module can be configured as 802.11g Wireless Access Point, 802.11g Wireless Root Bridge or 802.11g Wireless Work Group Bridge and supports the 802.11b/g wi-fi standards for communications, and 802.11i for security."
974	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert 3.2 (Hardware Versions: P5CC073, P5CD080 and P5CD144; Firmware Versions: CPDHxJC_RSEFI-025CC073V202, CPDIxJC_RSEFI-025CD080V402 and CPDYxJC_RSEFI-025CD144V503) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #744, #745 and #746); DSA (Cert. #276, #277 and 278); RSA (Certs. #349, #350 and #351); RNG (Certs. #432, #433 and #434); SHS (Certs. #759, #760 and #761); Triple-DES (Certs. #661, #662 and #663); Triple-DES MAC (Triple-DES Certs. #661, #662 and #663, vendor affirmed) -Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits); RSA (encrypt/decrypt) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 3.2 is a Java Card 2.2.1 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), SEED(128 bit), AES(up to 256 bits), DSA(up to 1024 bits), OAEP Padding and Triple-DES. The Sm@rtCafé Expert 3.2 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
973	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
972	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Firmware Version: 2.33.60-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
971	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendfor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
970	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
969	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Richard Rose TEL: 408-525-7822	Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches (Hardware Versions: 9216i: 1, 9506: 1, 9509: 2, 9513: 1; Supervisor: 13, Supervisor 1: 16, Supervisor 2: 4; Firmware Version: 3.2 (2c)) (When operated in FIPS mode) Validated to FIPS 140-2 Securi