CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine if their product utilizes an embedded validated cryptographic module. There is inevitably a larger number of security products or applications available which use embedded validated cryptographic modules, than the number of modules which are found in this list. In addition, it is possible that other vendors, who are not found in this list, might incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the product or application that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the product or application uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number from this listing.

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSEC. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the indicated vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1153	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Mike Soto TEL: 408-902-8125 FAX: 408-853-3122	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152	IBM Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 -Christine Knibloe TEL: 520-799-5719	IBM System Storage LTO Ultrium 4 Tape Drive (Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151	Rajant Corporation 400 E. King Street Malvern, PA 19355 USA -Marty Lamb TEL: 610-873-6788 x209	BreadCrumb® ME2 1S2F (Hardware Version: ME2 1S2F; Firmware Version: 10.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455); -Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping) Multi-chip standalone "The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/22/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1149	IronKey, Inc. 5150 El Camino Real, Suite C31 Los Altos, CA 94022 USA -Gil Spencer TEL: 650-492-4055 FAX: 650-967-4650	IronKey Secure Flash Drive (Hardware Versions: P/Ns IK040301, IK040302, IK040304, IK040308, IK040316 and IK040332; Firmware Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Clint Winebrenner TEL: 919-564-9143	Cisco Unified Wireless IP Phone 7921G and 7925G (Hardware Versions: 7921G and 7925G; Firmware Version: 1.3(2)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773) -Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/18/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1146	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 1  -Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7 -FIPS-approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christopher Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 128 v5.5 for DoD CAC (Hardware Version: B0; Firmware Versions: F310-067733 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377) -Other algorithms: RSA (key transport; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144	SCsquare Ltd. 2A Habarzel St. Ramat Hahayal Tel Aviv, 69710 Israel -Yossi Fixman TEL: +972-3-7657-331 FAX: +972-3-649-4975	Apollo OS V4.03 on SLE66CX680PE m1534-a13 (Firmware Version 4.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 3  -Tested: SLE66CX680PE m1534-a13 smart card controller IC -FIPS-approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464) -Other algorithms: ECDSA (non-compliant) Single-chip "Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6640 FAX: +81-467-41-6975 -Koichiro Sasaki TEL: +81-467-41-6670 FAX: +81-467-41-6975	Command Encryption Module (Firmware Version: 1.1) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Firmware	06/24/2009	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000 -FIPS-approved algorithms: Triple-DES (Cert. #759) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/03/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1141	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances (Hardware Versions: 5505, 5510, 5520, 5540 and 5550; Firmware Version: 8.0.4.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #564 and #966); HMAC (Certs. #125, #301 and #539); RNG (Certs. #144, #329 and #545); RSA (Certs. #106, #261 and #467); SHS (Certs. #196, #630 and #935); Triple-DES (Certs. #217, #559 and #760) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140	EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Johnson Encryption Machine 2 (JEM2) (Hardware Version: 023-3900-183; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/25/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526) -Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES Multi-chip standalone "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019 -Mike Soto TEL: 408-902-8125	Cisco 3271 High Performance Mobile Access Router Card (HMARC) (Hardware Version: A0; Firmware Version: 12.4(15)T7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749) -Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip embedded "The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM/Receiver Cryptographic Module (Hardware Version: NS-ESMRCV-2250-R; Software Version: 8.0.0.20080605) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	ProtectServer Gold (PSG) (Hardware Version: Revision B4; Firmware Version: 2.07.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #921); DSA (Cert. #329); ECDSA (Cert. #114); HMAC (Cert. #515); RNG (Cert. #529); RSA (Cert. #448); SHS (Cert. #908); Triple-DES (Cert. #741); Triple-DES MAC (Triple-DES Cert. #741, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #921; non-compliant); CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; SEED MAC Multi-chip standalone "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) HD (Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC (Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134	Mobile Armor, Inc. 400 South Woods Mill Road Suite 300 St. Louis, MO 63017 USA -Brian Wood TEL: 443-468-1238	Mobile Armor Cryptographic Module (Software Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode) -FIPS-approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472) -Other algorithms: N/A Multi-chip standalone "The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133	Stonewood Group Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 06/01/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Files and Folders (Software Version: 3.1.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RC5; AES (non-compliant) Multi-chip standalone "McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for PCs (Software Version: 5.1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130	CommVault Systems, Inc. 2 Crescent Place Oceanport, NJ 07757 USA -Zahid Ilkal, Product Manager TEL: 732-870-4812 FAX: 732-870-4525	CommVault Crypto Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/12/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482) -Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5 Multi-chip standalone "CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1128	NeoScale Systems, Inc. 1655 McCarthy Blvd Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape FC702R and FC704R (Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape SC702R (Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 Chassis with FortiGate-5001A-DW Blade (Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Bridge (Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/14/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Mobile (Software Version: 2.3.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/01/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123	Mobile Armor, Inc. 400 South Woods Mill Rd. Suite 300 Chesterfield, MO 63017 USA -Brian Wood TEL: 314-590-0900 FAX: 314-590-0995	Mobile Armor Cryptographic Module 3.5 (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/24/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455 -FIPS-approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740) -Other algorithms: DES Multi-chip standalone "The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	Kanguru Biolock (Software Version: 1.0.1.8) (This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/14/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 ) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contact (Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119	LiteScape Technologies, Inc. 1000 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA -Kayvan Alikhani	LiteScape SPAR (Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822) -Other algorithms: N/A Multi-chip standalone "SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contactless (Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1116	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01; Firmware Versions: Aruba OS 3.3.2-FIPS and ArubaOS 3.3.2.11-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009; 05/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115	Safend Ltd. 32 Habarzel Street Tel Aviv, 69710 Israel -Alon Barel TEL: +972-3-644-2662 x225 FAX: +972-3-648-6146	Safend Cryptographic Library (Software Version: 3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009; 05/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504) -Other algorithms: DES; SHA-256 (Cert. #870; non-compliant) Multi-chip standalone "The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-310B (Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112	Technical Communications Corporation 100 Domino Drive Concord, MA 01742-2892 USA -Fidel Camero TEL: 978- 287-6303 FAX: 978-371-1280	CipherTalk® 8000 Cryptographic Module (Software Version: 2.0) ((When operated in FIPS mode)) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -Steve Marquess TEL: 301-524-9915 FAX: 301-831-8447	OpenSSL FIPS Runtime Module (Software Version: 1.2) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398) -Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110	Gesellschaft für sichere Mobile Kommunikation mbH Marienstrasse 11 Berlin, 10117 Germany -Bjÿern Rupp TEL: +49 700 2797 8835 -Frank Rieger TEL: +49 700 2797 8835	CryptoPhone Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009	Overall Level: 1  -Operational Environment: Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba AP-120 Series Wireless Access Points (Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2-FIPS and ArubaOS 3.3.2.11-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 05/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 1100E (Hardware Version: 1100; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 4150E (Hardware Version: 4150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105	AJA Video Systems, Inc. 443 Crown Point Circle Grass Valley, CA 95945 USA -Fred Dominikus TEL: 530-274-2048 FAX: 530-274-9442	JPG2K (Hardware Version: 102387-00; Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #392) -Other algorithms: N/A Multi-chip embedded "The JPG2K is a PCIe card that provides a platform for secure media processing."
1104	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView Receiver Cryptographic Module (Hardware Version: NS-RCV-2250-R; Software Version: 8.0.0.20080605) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM Cryptographic Module (Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Version: 8.0.0.20080605) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Jane Blanchard TEL: 408-447-2168 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.12.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5; Linux, 32-bit: Fedora Core 6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #753, #754 and #755); AES (Certs. #951, #954 and #955); RSA (Certs. #459, #460 and #461); DSA (Certs. #334, #335 and #336); SHS (Certs. #925, #926 and #927); HMAC (Certs. #529, #531 and #532); RNG (Certs. #538, #539 and 540) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561	Check Point Crypto Core (Software Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 05/28/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099	Gemalto Austin Arboretum Plaza II 9442 Capital of Texas Hwy North Suite 4 Austin, TX 78759 USA -Pedro Martinez TEL: 512-257-3871 FAX: 512-257-3881	Gemalto .NET Smart Card (Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/10/2009; 03/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491) -Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4 (Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/10/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097	NitroSecurity Inc. 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroGuard IPS cryptographic module (Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Version: 8.0.0.20080605) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/03/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096		Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/24/2009; 04/03/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1095	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiWiFi-50B (Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094	ERUCES, Inc. 11142 Thompson Ave. Lenexa, KS 66219 USA -Dr. Bassam Khulusi TEL: 913-310-0888 FAX: 913-859-9797 -Oggy Vasic TEL: 913-310-0888 FAX: 913-859-9797	Tricryption Cryptographic Module (Software Version: 7.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093	Vertex Standard Co., Ltd. 4-8-8 Nakameguro Meguro-Ku, Tokyo 153-8644 Japan -Yukimasa Tomita TEL: 81-3-5725-6112 FAX: 81-3-5725-6201	Vertex Standard Cryptographic Module 001 (Hardware Version: P/N 013790D; Firmware Version: 71.72) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #813); SHS (Cert. #813) -Other algorithms: DES; LFSR Multi-chip embedded "The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009; 03/06/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode) -FIPS-approved algorithms: AES (Cert. #860); AES GCM (Cert. #860, vendor affirmed: SP 800-38D); DRBG (Cert. #4); DSA (Cert. #311); ECDSA (Certs. #98 and #100); HMAC (Cert. #477); RNG (Cert. #492); RSA (Cert. #412); SHS (Cert. #855); Triple-DES (Cert. #707) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Version: 1.0.4.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090	Proxim Wireless Corporation 1561 Buckeye Drive Milpitas, CA 95035 USA -Cor van de Water TEL: 408-383-7626 FAX: 408-383-7680 -Harley Frazee TEL: 408-383-7656	Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S (Hardware Version: 2.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/24/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	WS5100 Wireless Switch (Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	FIPS Key Generator (Software Version: 2.1) (When operated with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and Communication Server validated to FIPS 140-2 under Cert. #1086 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	Communication Server (Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3) (When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085	Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Vincent Prothon TEL: 512-257-3810 FAX: 512-257-3881 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101	SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B and A1011108 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/03/2009; 02/23/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road Suite 428 Stamford, CT 06905 USA -Neil Weicher TEL: 203-321-1278 x91	NetLib® Encryptionizer® for SQL Server (Software Version: 8.601.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/03/2009; 06/04/2009	Overall Level: 1  -EMI/EMC: Level 2 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode) -FIPS-approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	01/22/2009; 01/30/2009; 02/24/2009	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2] -FIPS-approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082	Teletec Corporation 5617-107 Departure Drive Raleigh, NC 27616 USA -Diane Hunter TEL: 919-954-7300 FAX: 919-954-7500 -Harry Taji TEL: +962 65824941 FAX: +962 65844950	"Guardian" Subscriber Encryption Module (Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/22/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476) -Other algorithms: N/A Multi-chip embedded ""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081	IBM Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009	IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy