CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine if their product utilizes an embedded validated cryptographic module. There is inevitably a larger number of security products or applications available which use embedded validated cryptographic modules, than the number of modules which are found in this list. In addition, it is possible that other vendors, who are not found in this list, might incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the product or application that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the product or application uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number from this listing.

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSEC. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the indicated vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1079	Secuware Torre Picasso Plaza Pablo Ruiz Picasso, s/n. Madrid, 28020 Spain -Jorge López Hernández-Ardieta TEL: +34 915-649-149 FAX: +34 915-629-697 TEL: +34 608-271-936	Secuware Security Framework - Crypt4000 Module (Software Version: 4.0) (When obtained, built, installed, protected and initialized as specified in Section 8.2 of the provided Security Policy. Section 8.2 of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be obtained via secure FTP. Any deviation from the specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single user mode) -FIPS-approved algorithms: AES (Cert. #792); SHS (Cert. #905); HMAC (Cert. #513) -Other algorithms: N/A Multi-chip standalone "The SCM is a function library implementing crypto services which is delivered to the final user as a SW cryptographic object module, running on Windows operating system in a General Purpose Computer. The logical cryptographic boundary for the SCM is the discrete block of object code containing the machine instructions and data generated from the SCM FIPS source, which will be allocated continuously in a main memory address space, as used by the calling application."
1078	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka TEL: 978-952-5742 -Tim Bergeron TEL: 978-952-5647	LX-4000T Series Console Servers (Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive); Firmware Versions: linuxito Version: 5.3.1 and ppciboot Version: 5.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #854 and #855); DSA (Cert. #308); RNG (Cert. #489); RSA (Cert. #408); SHS (Certs. #848 and #849); Triple-DES (Certs. #704 and #705); HMAC (Certs. #471 and #472) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RNG (non-compliant) Multi-chip standalone "The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
1077	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000/SCII Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000 with 6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, and one or two SC-48-C1-1, SC-128-C1-1, SC-256-C2-1; Firmware Versions: 200: A200_3.3.2.0-FIPS; 800: A800_3.3.2.0-FIPS; 6000: A5000_3.3.2.0-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Cert. #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1076	Kenwood Corporation 1-16-2, Hakusan, Midori-ku Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 01/26/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827) -Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing Kenwood radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1075	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, and one or two M3mk1-G10X-10G2X; Firmware Versions: A3000_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.0-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #762 and #823); HMAC (Certs. #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #769 and #823); TDES (Certs. #667 and #694) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1074	Nokia Enterprise Mobility Systems Nokia Enterprise Mobility Systems 5 Wayside Rd Burlington, MA 01803 USA -Jeff Ward TEL: 339-927-6383	Nokia VPN Appliance (Hardware Versions: IP390 and IP560; Firmware Versions: IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435 and #406); HMAC (Certs. #248, #251, #207, #208, #176 and #146); SHS (Certs. #564, #567, #508, #509, #469 and #417); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230) -Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES (K3 mode, non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1073	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security Accelerator (Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011085; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #102, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #143, #738 and #739); Triple-DES (Certs. #158, #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1072	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Holthaus TEL: 402-896-6406 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Versions: P/N 7011-30967-000, Versions 100808 and 100908; Firmware Versions: 0722-05072-001 and 0722-05073-002) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1071	CipherMax, Inc. 1975 Concourse Drive San Jose, CA 95131 USA -Chung Dai TEL: 408-382-6500 FAX: 408-382-6599	CM140T (Hardware Version: P/N 81-00048-01 Version ELC 9.2; Firmware Version: 5.4.0.36) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #633); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326) -Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CM140T provides a scalable, easy-to-manage storage security solution for tape backup in a compact 1U chassis. With support for 16 FC-port, any-to-any connectivity, storage access control, line-speed data compression, data integrity authentication, and automated key management, the CM140T delivers a complete solution for all tape-based applications."
1070	CipherMax, Inc. 1975 Concourse Drive San Jose, CA 95131 USA -Chung Dai TEL: 408-382-6500 FAX: 408-382-6599	CM180D (Hardware Version: P/N 81-00038-01 Version ILC 6.11; Firmware Version: 5.4.0.36) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #629); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326) -Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CM180D delivers a complete solution for all primary and secondary disk-based storage application, with in-line encryption processing, discrete security administration controls, and a comprehensive, automated key management system. The integration of powerful encryption processing and high port count, any-to-any connectivity allows for CM180D to deliver an enormous amount of functionality with far less consumption space, power, and cooling than first generation in-line encryption appliances."
1069		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/09/2008	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1068	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	VPN Router 1750, 2700, 2750 and 5000 with Hardware Accelerator (Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011052; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #101, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #51, #738 and #739);Triple-DES (Certs. #29, #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1067	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragan Gribovich TEL: 978-288-8069 FAX: 978-288-4004	Nortel VPN Router 1010, 1050 and 1100 (Hardware Versions: 1010, 1050 and 1100; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 1 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1066	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	Nortel VPN Router 600, 1750, 2700, 2750 and 5000 (Hardware Versions: 600, 1750, 2700, 2750 and 5000; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1065	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 6000e, nShield F2 1500e, nShiled F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.33.82cam3-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1064	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShiled F3 500e and nShield F3 10e (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500 and nC4033E-030, Build Standard N; Firmware Version: 2.33.82cam3-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1063	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShield F3 500e and nShield F3 10e (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500 and nC4033E-030, Build Standard N; Firmware Version: 2.33.82cam3-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1062	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Pali Surdhar TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt DISK Protect (Software Version: 4.2.10.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode) -FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386) -Other algorithms: N/A Multi-chip standalone "BeCrypt DISK Protect is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1061	Sybase iAnywhere, A subsidiary of Sybase One Sybase Drive Dublin, CA 94568 USA -Pali Surdhar TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	DISK Protect for Afaria Security Manager (Software Version: 4.2.10.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode) -FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386) -Other algorithms: N/A Multi-chip standalone "DISK Protect for Afaria Security Manager is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1060	Secured User Inc. 11490 Commerce Park Drive Suite 240 Reston, VA 20191 USA -Ken Hetzer TEL: 703-964-3164 FAX: 703-783-0446 -Bruce Mitchell TEL: 703-964-3167; 647-477-7892 FAX: 647-477-5052	SUSK Security Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server Service Pack 1; SuSe 10; Fedora 6; Red Hat 2.6; HP-UX B.11.11 and Windows Server 2003 X64 with SP1 (single user mode) -FIPS-approved algorithms: AES (Certs. #474 and #770); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SUSK Security Module is a software-based cryptographic module. Secured UserÆs product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
1059	Stonewood Electronics Ltd. Sandford Lane Wareham, BH20 4DY United Kingdom -Flavio da Silva TEL: +44 1929 554400 FAX: +44 1929 552525	PICOfreedom (Hardware Versions: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip standalone "The PICOfreedom provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The PICOfreedom employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
1058	RSA Security Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/01/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with AIX 5L v5.3 (PowerPC 32-bit); AIX 5L v5.3 (PowerPC 64-bit); HP-UX 11.11 (PA-RISC 2.0 32-bit); HP-UX 11.23 (PA-RISC 2.0W 64-bit); HP-UX 11.31 (Itanium2 32-bit); HP-UX 11.31 (Itanium2 64-bit); Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Red Hat Enterprise Linux AS 5.0 (x86_64 64-bit) with LSB 3.0.3; Solaris 10 (SPARC v8 32-bit); Solaris 10 (SPARC v8+ 32-bit); Solaris 10 (SPARC v9 64-bit); Solaris 10 (x86_64 64-bit); VxWorks 5.5 (PowerPC 603 32-bit); VxWorks 5.5 (PowerPC 604 32-bit); VxWorks General Purpose Platform 6.0 (PowerPC 604); Windows Mobile 2003/Pocket PC (ARM 32-bit); Windows Mobile 5.0 (ARM 32-bit); Windows Mobile 6.0 Professional (ARM 32-bit); Windows 2003 Server SP2 (x86_64 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MD option; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows Vista Ultimate (x86_64 64-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode) -FIPS-approved algorithms: AES (Cert. #810); AES GCM (Cert. #810, vendor affirmed: SP 800-38D); DRBG (Cert. #2); DSA (Cert. #300); ECDSA (Certs. #92 and #93); HMAC (Cert. #449); RNG (Cert. #466); RSA (Cert. #390); SHS (Cert. #807); Triple-DES (Cert. #690) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1057	Vormetric Inc. 3131 Jay Street Santa Clara, CA 95054 USA -Phil Scott TEL: 408-961-2509 FAX: 408-844-8638 -Frank Teruel TEL: 408-961-6132 FAX: 408-844-8638	NetBackup Media Server Encryption Option (MSEO) Driver (Software Version: 6.1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Advanced Server SP4; Windows 2003 Server Enterprise SP2 32-bit; Windows 2003 Server Enterprise SP2 64-bit; Windows 2003 Server Enterprise SP2 X64 Edition; Solaris 8 64-bit; Solaris 9 64-bit; Solaris 10 64-bit; Red Hat Linux Enterprise 4 Update 4 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #809); SHS (Cert. #806); HMAC (Cert. #448); -Other algorithms: N/A Multi-chip standalone "The "Powered by Vormetric", NetBackup Media Server Encryption Option (MSEO) product from Symantec, provides a cost-effective, easy to manage data encryption solution for securing enterprise backup tapes. It is based on robust encryption methods and provides a centralized approach for the encryption process and key management."
1056	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Java Module (Software Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.0, 32-bit; Red Hat Linux AS 5.0, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #686); AES (Cert. #804); SHS (Cert. #802); HMAC (Cert. #444); RNG (Cert. #462); DSA (Cert. #296); ECDSA (Cert. #91); RSA (Cert. #386); DRBG (Cert. #1) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1055	Keycorp Limited Level 5, Keycorp Tower 799 Pacific Highway Chatswood NSW Sydney, MD 2067 Australia -Graeme Bradford TEL: 703-635-7723 FAX: 301-948-1233	Keycorp MULTOS I4F 80K with MULTOS PIV Card Application (Hardware Version: SLE66CLX800PEM; Firmware Version: 1.0) (PIV Card Application: Cert. #5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/25/2008	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #605); RSA (Cert. #303); RNG (Cert. #376) -Other algorithms: RSA-AHASH; DES; Hardware RNG Multi-chip standalone "The Keycorp MULTOS I4F 80K Smart Card with MULTOS PIV Card Application can be employed in a wide range of solutions. The smart card provides a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Combined with the PIV Card Application it provides enhanced I&A functionality."
1054	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tony Ureche TEL: 1-800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1007 and Cert. #1008 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 (x86 version); Windows Server 2008 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1053	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 -Tony Ureche TEL: 1-800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1000 and Cert. #1001 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition SP1 (x86 Version); Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1052	Gemalto 1140 Welsh Road Suite 200 North Wales, PA 19454 USA -Nick Hislop TEL: 215-390-2805 FAX: 215-390-2825	TOP IM CY2 with ACS PKI applet (formerly Cyberflex Access 64K V2 with PKI applets) (Hardware Version: P/N A1002631; Firmware Versions: Hardmask 1V3, PKI Applet 1.11, PIN Manager Applet 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/17/2008; 11/21/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64); Triple-DES (Cert. #312); Triple-DES MAC (Triple-DES Cert. #312, vendor affirmed) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Cyberflex Access 64K V2 with PKI applets provides secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure device for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple-DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card fits well into physical and logical access, e-transactions and other applications."
1051	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Software Version: 1.2) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 2.3 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/17/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with OpenSuSE Linux 32-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); OpenSuSE Linux 64-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); Windows XP Pro SP2 32 bit (Microsoft Visual C++ version 8); Windows XP Pro SP2 64 bit (Microsoft Visual C++ version 8) (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #627); AES (Cert. #695); DSA (Cert. #264); SHS (Cert. #723); HMAC (Cert. #373); RSA (Cert. #323); RNG (Cert. #407) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from www.openssl.org/source/"
1050	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 FAX: 858-926-9020 -Ling Qin TEL: 408-276-0097 FAX: 858-526-9020	Sun Crypto Accelerator 6000 (Hardware Versions: 375-3424, Revisions -02, -03 and -04; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware version 1.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/04/2008; 12/17/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #862); DSA (Cert. #319); ECDSA (Cert. #99); HMAC (Certs. #475 and #479); RNG (Cert. #493); RSA (Certs. #411 and #414); SHS (Certs. #853 and #857); Triple-DES (Cert. #435) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a lowprofile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1049	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.10.3 and 3.11.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2008; 12/03/2008	Overall Level: 1  Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); RSA (Cert. #172); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RNG (Cert. #238) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1048	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781 FAX: 650-295-7700	RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/27/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES; EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1047	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781 FAX: 650-295-7700	RSA BSAFE® Crypto-J Software Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/27/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #670); DSA (Cert. #252); ECDSA (Cert. #73); HMAC (Cert. #354); RNG (Cert. #390 and vendor affirmed: SP 800-90); RSA (Cert. #312); SHS (Cert. #703); Triple-DES (Cert. #615) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES; EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA-1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA-1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1046	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Wireless Access Bridge (SWAB) ES520 (Hardware Versions: ES520V1 and ES520V2; Firmware Version: 2.6.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/08/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #686); SHS (Cert. #714); HMAC (Cert. #365); RNG (Cert. #400) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (non-compliant); MD5; Hardware RNG Multi-chip standalone "The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1045	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yu-Ling Cheng TEL: 886 3 424-5883 FAX: 886 3 424-4167	HiPKI SafGuard 1000 HSM (Hardware Version: HSM-HW-10; Firmware Version: HSM-SW-T8051.10) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/16/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #668); AES (Cert. #763); SHS (Cert. #770); RSA (Cert. #362); RNG (Cert. #439); Triple-DES MAC (Triple-DES Cert. #668, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Hi PKI SafGuard 1000 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-2048 bit public key signatures, and hashing). The HiPKI SafGuard 1000 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1044	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North, Suite 400 Austin, TX 78759 USA -Vincent Prothon TEL: 512-257-3810 FAX: 512-257-3881	SafesITe PIV TPC DL FIPS GX4 with SafesITe FIPS 201 Applet v1.20 (Hardware Version: A1005291 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Version: SafesITe FIPS 201 Applet v1.20) (PIV Card Application: Cert. #13) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/15/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. #450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); -Other algorithms: N/A Single-chip "This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255."
1043	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Entelligence™ Kernel-Mode Cryptomodule (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2; Microsoft Windows Vista Enterprise, 32-bit edition; Microsoft Windows Vista Ultimate SP1; 64-bit edition (single-user mode) -FIPS-approved algorithms: AES (Cert. #738); Triple-DES (Cert. #655); Triple-DES MAC (Triple-DES Cert. #655, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Entrust Entelligence Kernel-Mode Cryptomodule is a software module that implements AES encryption and decryption functions suitable for use in kernel-mode drivers on Windows platforms."
1042	SafeNet, Inc. 4690 Millennium Drive Suite 400 Belcamp, MD 21017 USA -Davin Baker TEL: 443-327-1488	SafeNet HighAssurance 4000 Gateway (Hardware Version: A; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit IPSec encryption. Housed in a tamper evident chassis, have two gigabit ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1041	Optica Technologies Incorporated 2051 Dogwood Street Suite 210 Louisville, CO 80027 USA -William Colvin TEL: 905-876-3147 FAX: 905-876-3479 -Gil Fisher TEL: 720-214-2800 x12 FAX: 720-214-2805	Optica Technologies Eclipz ESCON Tape Encryptor (Hardware Version: 44200-04; Firmware Version: 1.3.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/15/2008	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #670); AES (Certs. #771 and #266); SHS (Certs. #776 and #345); HMAC (Certs. #422 and #78); RSA (Cert. #366); DSA (Cert. #289); RNG (Cert. #442); ECDSA (Cert. #84) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength) Multi-chip standalone "The Optica Technologies Eclipz ESCON Tape Encryptor is an inline encryption appliance that directly integrates hardware accelerated encryption into native ESCON channels. It provides fully transparent, high performance data encryption for legacy ESCON tape systems. Eclipz preserves legacy ESCON tape device investments and interoperates with leading appliance-based key management solutions. . It supports 4 ESCON channels within a single appliance. The encryptor provides encryption for tape backup and recovery operations, and tape-based information sharing with business partners."
1040	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Routers (Hardware Versions: 3825 and 3845; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96 and #795); HMAC (Certs. #50 and #436); RNG (Cert. #456); RSA (Cert. #379); SHS (Certs. #317 and #794); Triple-DES (Certs. #210 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard."
1039	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router (Hardware Version: 2851; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96 and #795); HMAC (Certs. #50 and #436); RNG (Cert. #456); RSA (Cert. #379); SHS (Certs. #317 and #794); Triple-DES (Certs. #210 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1038	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers (Hardware Versions: 2811and 2821; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #265 and #795); HMAC (Certs. #77 and #436); RNG (Cert. #456); RSA (Cert. #379); SHS (Certs. #344 and #794); Triple-DES (Certs. #347 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1037	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 and Cisco 2801 Integrated Services Routers (Hardware Versions: 1841 and 2801; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #181 and #795); HMAC (Certs. #27 and #436); RNG (Cert. #456); RSA (Cert. #379); SHS (Certs. #267 and #794); Triple-DES (Certs. #283 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
1036	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 Integrated Services Routers with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Routers with AIM-VPN/EPII-Plus (Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #100, #181 and #795); HMAC (Certs. #27, #38 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #267, #401 and #794); Triple-DES (Certs. #213, #283 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/BPII-Plus and AIM-VPN/EPII-Plus)."
1035	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus (Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #100, #265 and #795); HMAC (Certs. #38, #77 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #344, #401 and #794); Triple-DES (Certs. #213, #347 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1034	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100 and #795); HMAC (Certs. #38, #50 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #317, #401 and #794); Triple-DES (Certs. #210, #213 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1033	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus (Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100 and #795); HMAC (Certs. #38, #50 and #436); RNG (Certs. #80 and #456); RSA (Certs. #379 and #383); SHS (Certs. #317, #401 and #794); Triple-DES (Certs. #210, #213 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus and AIM-VPN/HPII-Plus)."
1032	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 -Dragan Grebovich TEL: 978-288-8069 FAX: 978-670-8153	VPN Client Software (Software Version: 7_11.101) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #721); HMAC (Cert. #389); RNG (Cert. #421); SHS (Cert. #740); Triple-DES (Cert. #644) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; 40-bit DES; MD5; ECDH (non-compliant); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
1031	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers (Hardware Versions: 1841 and 2801, AIM-VPN/SSL-1 Version: 1.0, Board Version: 01, AIM-VPN/SSL-2 Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #181 and #795); HMAC (Certs. #27, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #267 and #794); Triple-DES (Certs. #275, #283 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-1 and AIM-VPN/SSL-2)."
1030	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2 (Hardware Versions: 2811 and 2821, AIM Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #265 and #795); HMAC (Certs. #39, #77 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #344 and #794); Triple-DES (Certs. #275, #347 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1029	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3 (Hardware Versions: 3825 and 3845, AIM-VPN/SSL-3 Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173 and #795); HMAC (Certs. #50, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #317 and #794); Triple-DES (Certs. #210, #275 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-3)."
1028	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2 (Hardware Version: 2851, AIM Version: 1.0, Board Version: 01; Firmware Version: 12.4(15)T3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173 and #795); HMAC (Certs. #50, #39 and #436); RNG (Certs. #83 and #456); RSA (Certs. #379 and #382); SHS (Certs. #258, #317 and #794); Triple-DES (Certs. #210, #275 and #683) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1027	Attachmate Corporation 1500 Dexter Ave N Seattle, WA 98109 USA -Diane Agemura TEL: 206-217-7500 FAX: 206-272-1346 -Kjell Swedin TEL: 206-217-7332 FAX: 206-272-1345	Attachmate Cryptographic Module (Software Version: 2.0.40) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server SP2 (x86); Red Hat Enterprise Linux 4.0 (x86); Sun Solaris 10 (x86); Microsoft Windows 2003 Server SP2 (x64); SuSE Linux Enterprise Server 9.0 (x64); Solaris 10 (x64); Microsoft Windows 2003 Server SP2 (IA64); Red Hat Enterprise Linux 4.0 (IA64); HP-UX 11iv3 (IA64); Solaris 8 (UltraSPARC); HP-UX 11iv1 (PA-RISC); AIX 5.2 (Power5); SuSE Linux Enterprise Server 9.0 (s390); Red Hat Enterprise Linux 4.0 on Hercules 3.05 s390 Emulator on Red Hat Enterprise Linux 5.0 (s390x) (single user mode) -FIPS-approved algorithms: AES (Cert. #808); DSA (Cert. #299); HMAC (Cert. #447); RNG (Cert. #465); RSA (Cert. #389); SHS (Cert. #805); Triple-DES (Cert. #689) -Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; SHA-224 (non-compliant); SHA-384 (non-compliant); HMAC SHA-224 (non-compliant); HMAC SHA-384 (non-compliant); CBC-DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, secure communications and systems and security management."
1026	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 FAX: 858-926-9020 -Ling Qin TEL: 408-276-0097 FAX: 858-526-9020	Sun Crypto Accelerator 6000 (Hardware Version: 375-3424, Revisions -02, -03 and -04; Firmware Version: Bootstrap versions 1.0.1 and 1.0.10, Operational firmware version 1.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/07/2008; 12/17/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #856); DSA (Cert. #309); HMAC (Cert. #473); RNG (Cert. #490); RSA (Certs. #409 and #410); SHS (Certs. #469 and #850); Triple-DES (Cert. #435) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
1025	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Dr. Pali Surdhar, Certification Manager TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Linux Ubuntu 8.0.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #764 and #765); SHS (Certs. #771 and #772); RNG (Cert. #440); RSA (Cert. #363); HMAC (Certs. #418 and #419) -Other algorithms: N/A Multi-chip standalone "The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit operating environments."
1024	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Linux (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NetFilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
1023	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277	3e-525A-3[2], 3e-525A-3 BASIC[2], 3e-525A-3 BASIC with TEC[2], 3e-525A-3MP[2], 3e-525A-3MP with TEC[2], 3e-525V-3[2], 3e-525Ve-3[2] and 3e-525Ve-4[1] AirGuard™ Wireless Access Points (Hardware Versions: [module name] 2.0(A); Firmware Versions: 4.3.2[1] and 4.3.3[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/24/2008; 12/09/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #238); CCM (Cert. #1); HMAC (Cert. #13); RNG (Cert. #22); SHS (Cert. #278); Triple-DES (Cert. #292) -Other algorithms: AES CFB (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1022	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Outbacker MXP (Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB and 1.0 Outbacker MXP 320 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/10/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: N/A Multi-chip standalone "Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021	CoCo Communications Corporation 999 3rd Ave, Suite 3700 Seattle, WA 98104 USA -Jeff Meyer TEL: 206-284-9387 FAX: 206-770-6461 -Mikhail Voloshin TEL: 206-812-5735 FAX: 206-770-6461	The CoCo Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720) -Other algorithms: Diffie-Hellman; SSLeay RNG Multi-chip standalone "The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS, A5000_2.4.8.22-FIPS, A200_2.4.8.23-FIPS, A800_2.4.8.23-FIPS and A5000_2.4.8.23-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008; 10/16/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A200_3.1.1.29-FIPS, A800_3.1.1.7-FIPS, A800_3.1.1.29-FIPS, A5000_3.1.1.7-FIPS and A5000_3.1.1.29-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008; 12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.2 5/30/2008) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.2 5/30/2008) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure Services Client FIPS Module (Software Version: 1.0.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410) -Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman Multi-chip standalone "The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015	Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000 FAX: 859-232-3120	Lexmark Encryption Plug-In (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S2500 (Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C; Firmware Versions: XS-15.1.0.75, XS-15.1.0.76, XS-15.2.0.20 and XS-15.4.0.60) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008; 01/26/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S6000 (Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2], GS-15.2.0.20 [1, 2], PS-15.4.0.60 [1, 2] and GS-15.4.0.60 [1, 2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008; 01/26/2009	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.4313) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-669	Revenector2008 (Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: RSA (Cert. #365); SHS (Cert. #765) -Other algorithms: N/A Multi-chip embedded "Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Code Integrity (ci.dll) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Winload OS Loader (winload.exe) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Mark Otto TEL: 408-447-3422 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4; RC2 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E7500 (Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.1.2600.5512) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) -Other algorithms: DES; MD5; HMAC MD5 Multi-chip standalone "FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC (Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 1200 (Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 50 (Hardware Version: 50; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
993	Sun Microsystems, Inc. One Storagetek Drive MS 4338 Louisville, CO 80028 USA -Alexander Stewart TEL: 303-661-2775 FAX: 303-661-5743	Key Token (Hardware Version: P/N 314478004 Version G; Firmware Version: 1.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #636) -Other algorithms: N/A Multi-chip standalone "The Key Token is a part of the larger Sun Microsystems' Encrypted Data-At-Rest Solution (EDRS). The primary purpose for this device is to provide secure key storage and key transport between the two other EDRS components. The additional two components that the EDRS includes are the Key Management Station (KMS) and the Encrypting Tape Drive (ETD). For more information on these components please contact Sun Microsystems."
992	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 4500, NSA 5000 and NSA E5500 (Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0; (PIV Card Application: Cert. #12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
990	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits); MD5; RC2; RC4 Multi-chip standalone "The Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, TDES, DSA) in a cryptographic module accessible via the Microsoft CryptoAPI."
989	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) -Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHS, DES, TDES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
988	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP Passport (Hardware Versions: 4.3 Stealth MXP Passport Versions MUS3083C-FIPS, MUS3083D-FIPS, MUS3083E-FIPS, MUS3083F-FIPS, MUS3083G-FIPS, MUS3083E-MLCFIPS, MUS3083F-MLC-FIPS, MUS3083G-MLC-FIPS and MUS3083H-MLC-FIPS and 4.4 Stealth MXP Passport Versions MUS3086C-FIPS, MUS3086D-FIPS, MUS3086E-FIPS, MUS3086F-FIPS, MUS3086G-FIPS, MUS3086E-MLC-FIPS, MUS3086F-MLC-FIPS, MUS3086G-MLC-FIPS and MUS3086H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services"
987	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP (Hardware Versions: 4.3 Stealth MXP Versions MUS3082C-FIPS, MUS3082D-FIPS, MUS3082E-FIPS, MUS3082F-FIPS, MUS3082G-FIPS, MUS3082E-MLCFIPS, MUS3082F-MLC-FIPS, MUS3082G-MLC-FIPS and MUS3082H-MLC-FIPS and 4.4 Stealth MXP Versions MUS3085C-FIPS, MUS3085D-FIPS, MUS3085E-FIPS, MUS3085F-FIPS, MUS3085G-FIPS, MUS3085E-MLCFIPS, MUS3085F-MLC-FIPS, MUS3085G-MLC-FIPS and MUS3085H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
986	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.32a) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	07/24/2008	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8300 with BlackBerry OS Version 4.5 -FIPS-approved algorithms: Triple-DES (Cert. #671); AES (Certs. #774 and #775); SHS (Cert. #777); HMAC (Cert. #423); RSA (Cert. #367); RNG (Cert. #444); ECDSA (Cert. #85) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
985	Route1® Inc. 155 University Avenue Suite 1920 Toronto, ON M5H 3B7 Canada -Jerry S. Iwanski TEL: 416-848-8391 -Jeff Denberg TEL: 416-848-8391	Route1® FIPS Cryptographic Module (Software Version: 2.1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/17/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 SP1 (32-bit x86 - VC8.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #673); DSA (Cert. #254); ECDSA (Cert. #74); HMAC (Cert. #357); RNG (Cert. #392); RSA (Cert. #314); SHS (Cert. #706); Triple-DES (Cert. #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG SP 800-90 (non-compliant) Multi-chip standalone "The Route1 FIPS Cryptographic Module lies at the core of Route1®'s MobiNET™ a communications and service delivery platform focused on identity management and entitlement-based access to systems and resources. MobiNET™services are delivered on a number of digital form factors, such as mobile phones, handheld devices and Route1 MobiKEY™ an ultra-portable, smart-card enabled USB device. The Route1 FIPS Cryptographic Module's functionality includes a wide range of data encryption and asymmetric algorithms including AES, the RSA Public Key Cryptosystem, DSA, and the SHA family of message digests."
984	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 3500 (Hardware Version: P/N 101-500073-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #633); AES (Cert. #702); DSA (Cert. #267); RNG (Cert. #413); RSA (Cert. #328); SHS (Cert. #730); HMAC (Cert. #380) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
983	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E6500 (Hardware Version: P/N 101-500164-50, Rev. C; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #635); AES (Cert. #704); DSA (Cert. #269); RNG (Cert. #415); RSA (Cert. #330); SHS (Cert. #732); HMAC (Cert. #382) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
982	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	TZ 180, TZ 180W, TZ 190 and TZ 190W (Hardware Versions: P/N 101-500161-50, Rev. A (TZ 180); P/N 101-500160-50, Rev. A (TZ 180W); P/N 101-500080-52, Rev. A (TZ 190); P/N 101-500101-52, Rev. A (TZ 190W); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #632); AES (Cert. #701); DSA (Cert. #266); RNG (Cert. #412); RSA (Cert. #327); SHS (Cert. #729); HMAC (Cert. #379) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "SonicWALLÆs TZ Series is a high performance security platform that combines a deep packet inspection firewall, anti-virus, anti-spyware, intrusion prevention, content filtering, optional modular modem backup, and optional 802.11 b/g WLAN. These solutions allow small, remote, and branch offices to implement protection from the wide spectrum of emerging network threats."
981	FRAMA AG Unterdorf Lauperswil, CH-3438 Switzerland -Beat C. Waelti TEL: +41 34 496 98 98 FAX: +41 34 496 98 00 -Markus Arn TEL: +41 34 496 98 98 FAX: +41 34 496 98 00	FRAMA PSD-I (Hardware Version: 2.4; Firmware Version: 1.0.6) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #450); RSA (Cert. #157); SHS (Cert. #489); RNG (Cert. #215) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); CRC32 Multi-chip embedded "The cryptographic module (called Postal Security Device, PSD) supports booking processes within postal meters as well as value loading processes in order to increase the postage credits. The postage credits are kept as CSPs within the PSD. In detail the use of cryptographic services, like the production of cryptographic keys, the encoding, decoding or signature and signature verification is part of PSD internal purposes to the booking processes mentioned above. The PSD uses the following algorithms in the approved mode of operation: Triple-DES; RSA; SHA-1; RNG acc. to FIPS 186-2."
980	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Code Integrity (ci.dll) (Software Versions: 6.0.6001.18000, 6.0.6001.18023 and 6.0.6001.22120) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
979	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Winload OS Loader (winload.exe) (Software Versions: 6.0.6001.18000, 6.0.6001.18027 and 6.0.6001.22125) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #978 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
978	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); HMAC (Cert.#415); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
977	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 4000, nShield F2 2000, nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
976	SafeNet Inc. 350 Convention Way Redwood City, CA 94063 USA -Eric Murray TEL: 650-261-2400 FAX: 650-261-2401	DataSecure Appliance i430, i426, and i116 (Hardware Versions: P/N DS-0116-0100-00 (i116); P/Ns DS-0430-0100-00 and DS-0430-01NP-00 (i430); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008; 11/06/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306); Diffie-Hellman (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; SEED; MD5; RC4 Multi-chip standalone "The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
975	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3201 Wireless Mobile Interface Card with thermal plates (Hardware Version: 800-25522-02; Firmware Version: S3201W7K9-12308JK) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370 and #799); CCM (Cert. #11); SHS (Cert. #797); HMAC (Cert. #439); RNG (Cert. #459) -Other algorithms: HMAC MD5; MD5; RC4; RSA (non-compliant) Multi-chip embedded "The C3201WMIC-TPAK9 provides wireless connectivity for the Cisco 3200 Series Mobile Access Router. The module can be configured as 802.11g Wireless Access Point, 802.11g Wireless Root Bridge or 802.11g Wireless Work Group Bridge and supports the 802.11b/g wi-fi standards for communications, and 802.11i for security."
974	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert 3.2 (Hardware Versions: P5CC073, P5CD080 and P5CD144; Firmware Versions: CPDHxJC_RSEFI-025CC073V202, CPDIxJC_RSEFI-025CD080V402 and CPDYxJC_RSEFI-025CD144V503) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #744, #745 and #746); DSA (Cert. #276, #277 and 278); RSA (Certs. #349, #350 and #351); RNG (Certs. #432, #433 and #434); SHS (Certs. #759, #760 and #761); Triple-DES (Certs. #661, #662 and #663); Triple-DES MAC (Triple-DES Certs. #661, #662 and #663, vendor affirmed) -Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits); RSA (encrypt/decrypt) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 3.2 is a Java Card 2.2.1 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), SEED(128 bit), AES(up to 256 bits), DSA(up to 1024 bits), OAEP Padding and Triple-DES. The Sm@rtCafé Expert 3.2 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
973	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
972	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Firmware Version: 2.33.60-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
971	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendfor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
970	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
969	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Richard Rose TEL: 408-525-7822	Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches (Hardware Versions: 9216i: 1, 9506: 1, 9509: 2, 9513: 1; Supervisor: 13, Supervisor 1: 16, Supervisor 2: 4; Firmware Version: 3.2 (2c)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #662 and #663); DSA (Certs. #245 and #246); HMAC (Certs. #344 and #345); RNG (Certs. #382 and #383); RSA (Certs. #306 and #307); SHS (Certs. #695 and #696); Triple-DES (Certs. #609 and #610) -Other algorithms: DES; RC4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco MDS 9506, 9509, 9513, and 9216i deliver intelligent network services such as virtual storage-area networks (VSANs), comprehensive security, advanced traffic management, sophisticated diagnostics, and unified SAN management. In addition, these modules provide multiprotocol and multitransport integration and an open platform for embedding intelligent storage services such as network-based virtualization; as well as a multilayer approach to network and storage intelligence."
968	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500 and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
967	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.33.60) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #599); Triple-DES (Cert. #570); DSA (Cert. #233); SHS (Cert. #648); HMAC (Cert. #309); RNG (Cert. #340) -Other algorithms: N/A Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
966	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10, Build Standard N; Firmware Version: 2.33.60-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
965	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500, and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
964	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Motorola Gold Elite Gateway Secure Card Crypto Engine (MGEG SCCE) (Hardware Version: R01.00.00; Firmware Versions: R01.07.05 and R01.07.06) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); DES; ADP; LFSR Multi-chip embedded "The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
963	Gemalto and ActivIdentity, Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Francisco Alcalde TEL: 512-257-3846 -Stephane Ardiley TEL: 510-745-6288	SafesITe TOP FIPS DM GX4 with ActivIdentity Digital Identity Applet Suite v2 for PIV (Hardware Versions: GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GCX4-FIPS EI08, Applet Versions: ACA v2.6.2.2, PKI/GC v2.6.2.3, ASC library package v2.6.2.2, PIV EP packages v2.6.2.6 and v2.6.2.7 (PIV Card Application: Cert. #10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008; 07/09/2008; 11/18/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (ISO7816 & ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.2 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite provides services for authentication, access control, generic container and PKI. The module conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
962	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510- 574-0101	ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.A3, PKI/GC applet package v2.6.2.A1, ASC library package v2.6.2.A1, PIV End-Point package v2.6.2.A1 and v2.6.2.A2, SKI applet package v2.6.2.A2 (PIV Card Application: Cert. #7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/12/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model. The validated product is similar to Applet v2.6.2a (FIPS 140-2 Cert. #880), but added the One Time Password applet."
961	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 and FortiGate-5140 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008; 06/13/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
960	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X3 PSD Cryptographic Module (Hardware Version: 1R84000; Firmware Version: 01.04.07) (When configured with the listed FIPS-approved algorithms) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #342) -Other algorithms: N/A Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
959	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: 919-462-1933	SafeEnterpriseTM Encryptor, Model 650 (Hardware Versions: 904-200xx-00y, 904-210xx-00y; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#391, and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
958	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 3750G Integrated Wireless LAN Controller (Hardware Version: 02; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008; 11/17/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); AES (Cert. #555; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
957	Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: 6506, 6509, 6506-E, 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Version: 12.2(18)SXF7, Build adventerprisek9 (Supervisor); 4.1.171.0[1] and 4.1.185.10[2] (WiSM)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008; 11/17/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES (AES Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
956	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: 011-44-1442458600 FAX: 44-1442458601	AEP Advanced Configurable Cryptographic Environment (ACCE) (Hardware Version: 2730_G1; Firmware Version: 1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #599); AES (Cert. #648); DSA (Cert. #243); SHS (Cert. #681); RNG (Cert. #369); RSA (Cert. #297); Triple-DES MAC (Triple-DES Cert. #599, vendor affirmed). -Other algorithms: MD5; DES; Diffie-Hellman Multi-chip embedded "AEP Advanced Configurable Cryptographic Environment (ACCE) crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The ACCE crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
955	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402 and 4404, Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008; 11/17/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES (Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
954	Trapeze Networks 5753 W. Las Positas Blvd. Pleasanton, CA 94588 USA TEL: 925-474-2602 FAX: 925-251-0642	MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers (Hardware Versions: P/Ns MX-200R-GS/MX-216R-GS Rev. A; Firmware Versions: MSS 6.1.0.3 and MSS 6.1.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008; 11/13/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #594); AES (Cert. #642); RNG (Cert. #365); RSA (Cert. #293); SHS (Cert. #677); HMAC (Cert. #331) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® WLAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software« and RingMaster® lifecycle WLAN management software."
953	Semtek Innovative Solutions Corporation 12777 High Bluff Drive San Diego, CA 92130 USA -Patrick Farrell TEL: 858-436-2270 FAX: 858-436-2280	Cipher Cryptographic Module (Hardware Version: P/N 7000-0008; Firmware Version: 1.00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008; 06/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #720); Triple-DES (Cert. #643) -Other algorithms: N/A Single-chip "The Cipher Cryptographic Module is a hardware module that provides physical protection for cryptographic keys and sensitive application code. The module can be used by point-of-sale manufacturers as a secure, drop-in solution to provide cardholder data encryption."
952	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	MCC7500 Secure Card Crypto Engine Cryptographic Module (Hardware Version: R01.00.00; Software Versions: R02.01.10 and R02.01.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; LFSR; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The MCC7500 Secure Card Crypto Engine is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
951	TANDBERG Telecom AS Philip Pedersens Vei 20 1366 Lysaker Oslo, Norway -Stig Ame Olsen TEL: +47 67838418 FAX: +47 67125234	TANDBERG MXP Codec (Firmware Version: F6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	05/22/2008	Overall Level: 1  -Tested: TANDBERG 6000 MXP server running Nucleus RTOS version 1.13.5 (PowerPC Freescale MPC8270), pSOS version 254 (video processor Phillips PNX1500) and DSP/BIOS version 5.20.05 (audio processor TI6713) -FIPS-approved algorithms: Triple-DES (Cert. #514); AES (Cert. #504); DSA (Cert. #208); SHS (Cert. #574); RNG (Cert. #282); RSA (Cert. #218); HMAC (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The TANDBERG MXP Codec is the firmware installed on nineteen various TANDBERG codec servers supporting a full line of videoconferencing systems designed for medium-to-large groups, as well as individual desktops. The firmware provides secure video conferencing through encryption and authentication for point-to-point calls and multipoint calls with the speed of up to 768 kbps."
950	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiClient Crypto Module (Software Version: 3.0.470) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/22/2008; 06/13/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional, SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317) -Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
949	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiClient Crypto Module (Software Version: 3.0.470) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/22/2008; 06/13/2008	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX270 runnning Windows XP Professional; SP2 with security patches 907865, 27802, 928255, 885835, 888302, 885250, 873333, 890859, 896422, 899587, 899588, and 896423 -FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317) -Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
948	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure ACS FIPS Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server Service Pack 4; Windows 2003 Service Pack 1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #566); HMAC (Cert. #303); RNG (Cert. #331); RSA (Cert. #263); SHS (Cert. #632) -Other algorithms: AES (AES Cert. #566, vendor affirmed; key wrapping; key establishment methodology provides 128 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "Cisco Secure ACS FIPS Module is a software library that supports WPA2 security and is contained within a defined cryptographic boundary. It provides FIPS 140-2 validated support for EAP-TLS, EAP-FAST, PEAP and AES key wrap for 802.11i PMK transfer."
947	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tony Ureche TEL: 1-800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #891 and Cert. #892 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2008; 08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition (x86 Version) and Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert #715); HMAC (Cert #386); SHS (Cert #737) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
946	Authernative, Inc. 201 Redwood Shores Parkway Suite 275 Redwood City, CA 94065 USA -Len L. Mizrah TEL: 650-587-5263 FAX: 650-587-5259	Authernative® Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/16/2008; 06/23/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 1.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #697); HMAC (Cert. #375); RNG (Cert. #408); SHS (Cert. #725); Triple-DES (Cert. #629) -Other algorithms: MD5 Multi-chip standalone "The Authernative Cryptographic Module is a software cryptographic module that is implemented as a software library. This software library provides cryptographic services for all Authernative products. The module provides FIPS-Approved cryptographic services for encryption, decryption, key generation, secure hashing, and random number generation."
945	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-50B (Hardware Version: FortiGate-50B (C5GB38); Firmware Version: FortiOS 3.00, build 8568,070918) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/16/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613 and #614); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
944	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 128 v5.5 D (Hardware Version: P/N B0; Firmware Version: F310-067733) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008; 05/20/2008; 06/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #657); Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); SHS (Cert. #688); RSA (Cert. #304); RNG (Cert. #377); ECDSA (Cert. #70) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); RSA (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); AES MAC (AES Cert. #657; non-compliant) Single-chip "This new generation Oberthur Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that includes NSA SUITE-B cryptography for Top Secret classified information (symmetric encryption, message digest, and digital signature). Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and offers a full 128KB of EEPROM for customer data and keys. It is available with two communication interfaces (ISO 7816 for contact and ISO 14443 for contactless)."
943	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	iKey 4000 USB Token (Hardware Version: 909-40002-000 and 909-40002-006; Firmware Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #455 and #755); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The iKey 4000 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 4000 offers wide range of authentication services together with the highest levels of security. It offers powerful implementations for public and secret key encryption supporting RSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
942	Guidance Software, Inc. 215 North Marengo Avenue Suite 250 Pasadena, CA 91101 USA -Ken Basore TEL: 626-229-9191 FAX: 626-229-9199	EnCase Enterprise Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/16/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP Professional SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #666); DSA (Cert. #248); SHS (Cert. #698); HMAC (Cert. #350); RNG (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "EnCase Enterprise has changed the landscape of enterprise and computer investigations by providing complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations anywhere on a network. EnCase« Enterprise is a scalable platform that integrates seamlessly with your existing systems to create an enterprise investigative infrastructure. This cutting-edge solution can be tailored to meet your unique needs, including the automation of time-consuming investigative processes, incident response and eDiscovery."
941	Ericsson, Inc. 6300 Legacy Drive Plano, TX 75024 USA -Robert Walls TEL: 972-583-3592 FAX: 972-583-1848	AUC-10 GARP Cryptographic Module (Hardware Version: P/N ROJ 208 16/3 R1A/1; Firmware Version: CXC 106 0272 R1C) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #678); RNG (Cert. #394) -Other algorithms: N/A Multi-chip embedded "The AUC-10 GARP Cryptographic Module (CM) is a multi-chip embedded module composed of the AGEN2R WCDMA Authentication Vectors Generation application executing on an Ericsson proprietary Generic Application Regional Processor (GARP) board. The 3rd Generation Partner Project (3GPP) organization defines standards followed by the telephony industry for 3G networks (GSM and WCDMA). The Authentication Center (AUC) is the specific entity that provides authentication and ciphering data to the WCDMA system."
940	IBM® Corporation 9032 S Rita Rd Tucson, AZ 85744 USA -James Karp -Paul Greco	IBM System Storage TS1120 Tape Drive - Machine Type 3592, Model E05 (Hardware Version: 23R6564 EC level H82149; Firmware Version: 95P5203 EC level H82669) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #631 and #632); RNG (Cert. #362); RSA (Cert. #291); SHS (Cert. #671) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The TS1120 / 3592 E05 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256 bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
939	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.11b and 3.8.5.11c) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	04/23/2008	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8300 with BlackBerry OS Version 4.3 -FIPS-approved algorithms: Triple-DES (Certs. #653 and #654); AES (Certs. #734, #735, #736 and #737); SHS (Certs. #751 and #752); HMAC (Certs. #400 and #401); RSA (Certs. #344 and #345); RNG (Certs. #428 and #429); ECDSA (Certs. #78 and #79) -Other algorithms: EC Diffie-Hellman key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
938	IronKey, Inc. 5150 El Camino Real, Suite C31 Los Altos, CA 94022 USA -Gil Spencer TEL: 650-492-4055 x102 FAX: 650-967-4650	IronKey Secure Flash Drive Cryptographic Module (Hardware Versions: P/Ns 46.012.001.01 Version 1.0, 46.012.001.02 Version 1.0, 46.012.001.04 Version 1.0, and 46.012.001.08 Version 1.0; Firmware Version: 1.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #655); RNG (Cert. #380); RSA (Cert. #305); SHS (Certs. #689 and #691) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-chip standalone "The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
937	Memory Experts International, Inc. 227 Rue Montcalm, Suite 202 Gatineau, Quebec J8Y 2B9 Canada -Scott Ashdown TEL: 613-851-2102	MXI Cryptographic NAND Controller (CNC) (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The MXI Cryptographic NAND Controller (CNC) provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The CNC employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
936	Verbatim Americas LLC 1200 West WT Harris Blvd. Charlotte, NC 28262 USA -Mark Rogers TEL: 704-547-6600 FAX: 704-547-6522	Store 'n' Go Corporate Secure FIPS (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The Store 'n' Go Corporate Secure FIPS provides FIPS 140-2 Approved security functionality to DiskOnKey flash drives. The Store 'n' Go Corporate Secure FIPS employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
935	Tait Electronics Ltd 175 Roydvale Avenue Christchurch, New Zealand -Werner Hoepf TEL: + 64 3 358 6613	TEL_crypto_module (Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Firmware	04/17/2008	Overall Level: 1  -Tested: Texas Instruments TMS320C5509 and TNS320C5510 Digital Signal Processors -FIPS-approved algorithms: AES (Cert. #537); TDES (Cert. #539); SHS (Cert. #672); HMAC (Cert. #327); RNG (Cert. #343) -Other algorithms: N/A Single-chip "Firmware implementation of the Tait FIPS 140-2 Crypto module used in the Tait Electronics Ltd digital product range."
934	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Patrick Blanluet TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10	PSD Model 105, 106, 115, 116, 126, 127, 101, 102, 111, 112, 121, 122 (Hardware Version: P/Ns 4129955L and 4129955LD; Firmware Version: P/N 4143184RA Version 22.4) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/17/2008; 09/12/2008; 01/26/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: Triple-DES (Cert. #558); Triple-DES MAC (Triple-DES Cert. #558, vendor affirmed); AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
933	Trapeze Networks 5753 W. Las Positas Blvd. Pleasanton, CA 94588 USA -Ted Fornoles TEL: 925-474-2602 FAX: 925-251-0642	MP-422F Mobility Point (Hardware Version: P/N MP-422F Rev. A; Firmware Versions: MSS 6.1.0.3 and MSS 6.1.0.4) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/08/2008; 11/06/2008	Overall Level: 2  -FIPS-approved algorithms: AES CCM (Cert. #641); HMAC (Cert. #330); SHS (Cert. #676) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RNG (non-compliant) Multi-chip standalone "Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® LAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software® and RingMaster® lifecycle WLAN management software."
932	SanDisk Corporation 601 McCarthy Boulevard Milpitas, CA 95035-0459 USA -Daniel Shefer TEL: 408-801-1563 FAX: 408-801-8508	S2 FIPS DiskOnKey Controller (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600, 6.612 and 6.615) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/08/2008; 05/08/2008; 06/23/2008; 10/16/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The SanDisk S2 FIPS DiskOnKey Controller provides FIPS 140-2 Approved security functionality to SanDisk DiskOnKey USB flash drives. The S2 FIPS DiskOnKey Controller employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
931	Secure Computing Corporation 2340 Energy Park Drive St. Paul, MN 55108 USA -Chuck Monroe TEL: 651-628-2799 FAX: 651-628-2701	Cryptographic Module for SecureOS® v9.7.1 (Software Version: 9.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/31/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SecureOS® v6.1 and v7.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #548); AES (Cert. #552); DSA (Cert. #225); SHS (Cert. #617); HMAC (Cert. #293); RSA (Cert. #248); RNG (Cert. #320) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder® and Sidewinder G2® Security Appliance™. Sidewinder is a line of comprehensive network gateway security appliances consolidating a variety of Internet security functions including TrustedSource™, IPS, firewall, VPN, anti-virus, anti-spam, SSL decryption, and more. Sidewinder G2® is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
930	Hewlett-Packard Company, Atalla Security Products 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Ted Hadley TEL: 408-447-3397 FAX: 408-447-5525	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 543856-001; Firmware Versions: Loader Version 1.0, PSMCU Version 7.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2008	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #148); SHS (Cert. #473) -Other algorithms: N/A Multi-chip embedded "The ACS is a multi-chip embedded cryptographic module. It consists of a secure hardware platform (a full length PCI Card) and a secure firmware loader. The purpose of the module is to load application programs, called "personalities," in a secure manner."
929	Kingston Technology Company 17600 Newhope Street Fountain Valley, CA 92708 USA -Mark Akoubian TEL: 714-438-2719 FAX: 714-427-3598	Kingston S2 CM (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2008; 04/04/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The Kingston S2 CM is the core component of this performance secure USB Flash Drive. All data stored in the userÆs private partition is encrypted in hardware without reducing performance. The Kingston S2 CM provides encryption, user authentication and access control independent of the host software and hardware."
928	Comtech Mobile Datacom Corporation 20430 Century Blvd. Gaithersburg, MD 20874 USA -John Fossaceca TEL: 240-686-2146 FAX: 240-686-3301 -Bill Vaughan TEL: 240-686-3300 FAX: 240-686-3301	MTM-203 Satellite Mobile Transceiver (Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Versions: Commercial Firmware: C.3.7.Y and C.3.7.Z, and Boot Code: 2.3.E) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/18/2008; 04/29/2008; 12/03/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #626); HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502) -Other algorithms: AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; RNG (non-compliant); Triple-DES (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
927	Mocana Corporation 350 Sansome Street Suite 210 San Francisco, CA 94104 USA -Lee Cheng TEL: 415-617-0055 FAX: 415-617-0056	Mocana Cryptographic Module (Software Versions: 3.06.1 and 3.06.1a) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/14/2008; 05/08/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2; Linux Kernel 2.6; uCLinux Kernel 2.4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #665); Triple-DES (Cert. #611); SHS (Cert. #697); HMAC (Cert. #349); RSA (Cert. #308); DSA (Cert. #247); RNG (Cert. #384) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Mocana Cryptographic Module is used in conjunction with Mocana's scalable, high performance embedded security solutions. These include: Mocana EAP supplicant/authenticator, Mocana SSL/TLS Client & Server, Mocana SSH Client & Server and Mocana IPsec/IKE."
926		Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/11/2008; 12/03/2008	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
925	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect (Hardware Version: P/N AT90SC25672RCT Revision D; Firmware Version: 0106.6340.0101) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #560); Triple-DES MAC (Triple-DES Cert. #560, vendor affirmed); AES (Cert. #577); SHS (Cert. #633); RNG (Cert. #332); RSA (Cert. #264) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Athena Smartcard Solutions is a global smart card company offering a wide range of smart card products and solutions for Government, Enterprise and Financial institutions. Athena's products include advanced smart card operating systems, cross-platform cryptographic middleware and innovative biometric and card management solutions as well as advanced smart card readers. Athena offers FIPS and VISA certified Java Card solutions for ID and Finance on various smart card silicon and in a variety of form-factors."
924	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	03/14/2008	Overall Level: 1  -Tested: ARM 920T processor, running Hand Held Products BASE firmware 31205423-052; Hand Held Products Scanner firmware 31205480-025 -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
923	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 x117 FAX: 813-288-7389	AirFortress® Wireless Security Gateways (Hardware Versions: AF2100 and AF7500; Firmware Version: 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #550); HMAC (Cert. #291); RNG (Cert. #318); SHS (Cert. #615); Triple-DES (Cert. #546) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5 Multi-chip standalone "The AirFortress® Wireless Security Gateways are electronic encryption modules that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress« Wireless Security Gateways provide encryption, data integrity checking, authentication, access control, and data compression."
922	Software House 70 Westview St Lexington, MA 02421 USA -Rick Focke TEL: 781-768-0266 FAX: 781-466-9550	iSTAR eX Controller (Hardware Version: STAREX004W-64; Firmware Version: 4.1.1.12045) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/29/2008; 03/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #433); RNG (Cert. #283); SHS (Cert. #575); RSA (Cert. #219) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The iSTAR eX controller is a security door controller which is connected to at least one card reader and a door. The iSTAR eX controller works from a database stored internally in memory for determining access privilege of an individual. When a card is swiped by a reader the data goes to the iSTAR eX controller. The controller then sends a notify message to the access database to determine if access is allowed. If access is granted then the iSTAR eX controller sends an open command back to the door and access is granted. If access is not granted the door remains closed and locked."
921	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Shryl Tidmore TEL: 469-524-2681 FAX: 972-953-2690 -Terrence Shaw TEL: 469-524-2413 FAX: 972-953-2816	Sterling Crypto-C (Software Version: 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/29/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Sun Solaris 10; IBM AIX 5L(TM) 5.3; and HP-UX 11i v2 (single-user mode) -FIPS-approved algorithms: SHS (Cert. #655); HMAC (Cert. #312); RSA (Cert. #280); DSA (Cert. #235); RNG (Cert. #403); Triple-DES (Cert. #578); AES (Cert. #605) -Other algorithms: DES; RC2; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Sterling Crypto-C is a software module implemented as two dynamic libraries. Sterling Crypto-C provides security capabilities, such as encryption, authentication, and signature generation and verification for Sterling Commerce's managed file transfer solutions."
920	Security First Corp. 22362 Gilberto Suite 130 Rancho Santa Margarita, CA 92688 USA -Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092	SecureParser (Software Versions: 4.5.0 and 4.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/29/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP, Window Server 2003, Red Hat Linux Enterprise v4, SUSE Linux Enterprise v10 (single user mode) -FIPS-approved algorithms: AES (Certs. #594 and #687); RNG (Certs. #330 and #401); RSA (Certs. #262 and #321); DSA (Certs. #229 and #260); SHS (Certs. #631and #716); HMAC (Certs. #302 and #366); ECDSA (Certs. #63 and #77) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The SecureParser is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
919	Hughes Network Systems 11717 Exploration Lane Germantown, MD 20876 USA -Vivek Gupta TEL: 301-548-1292 FAX: 301-428-1868	Hughes Crypto Kernel (Firmware Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	02/29/2008	Overall Level: 1  -Tested: Hughes 7700S Satellite Router running VxWorks 5.4 -FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
918	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: 1.1.2; Resultant Compiled Software Version: 1.1.2) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/29/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 10.2 (gcc Compiler Version 4.1.2) -FIPS-approved algorithms: Triple-DES (Cert. #613); AES (Cert. #668); SHS (Cert. #701); HMAC (Cert. #352); RSA (Cert. #310); RNG (Cert. #387) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DSA (Cert. #250; non-compliant) Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
917	CardLogix Corporation 16 Hughes, Suite 100 Irvine, CA 92618 USA -Ken Indorf TEL: 949-380-1312 FAX: 949-380-1428	CardLogix Credentsys-J (Hardware Version: P/N AT90SC12872RCFT Rev. J; Firmware Version: Credentsys-J PIV applet Version 2.3.0.8, OS755 Version 07.0107.04 (PIV Card Application: Cert. #9) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/13/2008; 04/29/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #566); Triple-DES MAC (Triple-DES Cert. #566, vendor affirmed); AES (Cert. #595); RNG (Cert. #339); RSA (Cert. #272); SHS (Cert. #644) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "CREDENTSYS-J is a secure smart card that is designed for National ID systems and multi-use enterprise security environments. The CREDENTSYS-J card is based on Java Card TM 2.2.1 and Global Platform 2.1.1 architectures and is readily deployable into existing or new PKI environments. CREDENTSYS-J cards offer a combination of high performance and cost-effectiveness by running on advanced 32-bit RISC processor cores with TDES and PKI cryptographic accelerations."
916	SafeNet Inc. 350 Convention Way Redwood City, CA 94063 USA -Eric Murray TEL: 650-261-2400 FAX: 650-261-2401	DataSecure Appliance i416, i426 and i116 (Hardware Versions: P/N DS-0116-0100-00 (i116); P/N DS-0416-0100-00 (i416); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.2p01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/29/2008; 11/06/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; SEED; MD5; RC4 Multi-chip standalone "The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
915	Hughes Network Systems 11717 Exploration Lane Germantown, MD 20876 USA -Vivek Gupta TEL: 301-548-1292 FAX: 301-428-1868	Hughes Crypto Kernel (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/13/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode) -FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
914	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku,, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS Lite and CSL software cryptographic modules (Software Versions: 2.1.0 (C4CS Lite) and 2.1.0 (CSL)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 08/29/2008	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 with SP3 and Q326886 Hotfix running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS Multi-chip standalone "C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
913	Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points (Hardware Versions: 1131 Revision C0, 1242 Revision A0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2008; 03/07/2008; 11/06/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370, #591[1] and #592[1], #905[2] and #907[2]); HMAC (Certs. #308[1] and #498[2]); RNG (Certs. #337[1] and #520[2]); RSA (Certs. #270[1] and #441[2]); SHS (Certs. #642[1] and #895[2]) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco LWAPP Aironet 1131 & 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
912	Sterling Commerce, Inc. 4600 Lakehurst Court PO Box 8000 Dublin, OH 43016-2000 USA -Shryl Tidmore TEL: 469-524-2681 -Adrian Glanvill TEL: 614-793-3757	Sterling FIPS Crypto-J Module (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/12/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit; Solaris 9 32-bit; Solaris 9 64-bit; Solaris 10 32 bit SPARC (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41); RSA (Cert. #191) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Sterling FIPS Crypto-J Module is a cryptographic toolkit for Java language users, providing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography."
911	Tyco Electronics, M/A-COM, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Dennis Maddox TEL: 434-455-9591 FAX: 434-455-6851	M/A-COM Wireless Systems Cryptographic Library (SECLIB) (Software Version: R1A) (While operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Windows Server 2003 SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #637); Triple-DES (Cert. #591); SHS (Cert. #673); HMAC (Cert. #328); RNG (Cert. #363) -Other algorithms: AES MAC (AES Cert. #637; non-compliant); DES; DES MAC Multi-chip standalone "The M/A-COM Wireless Systems Cryptographic Library is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements."
910	IBM® Corporation Nymollevej 91 Lyngby, DK-2800 Denmark -Crypto Competence Center Copenhagen TEL: +45 4523 4441 FAX: +45 4523 6802	IBM CryptoLite for Java (Software Version: 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 03/07/2008; 06/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with Sun Java JRE 1.6.0 (single user mode) -FIPS-approved algorithms: AES (Cert. #659); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECDSA (Cert. #71); HMAC (Cert. #341); RNG (Cert. #379); SHS (Cert. #692) -Other algorithms: N/A Multi-chip standalone "The IBM CryptoLite for Java (CLiJ) v4 is a Java Cryptographic Extension (JCE) compliant cross-platform software library which provides APIs for the cryptographic functions specified in NSA Suite B. CLiJ includes specific high performance implementations of a number of cryptographic algorithms and services. CliJ has highly optimized elliptic curve operations and very efficient implementation of finite field arithmetic.CLiJ can be used on any JVM running Java version 1.5 or higher. CLiJ is compliant with ANSI X9.62, ANSI X9.63 and IEEE 1363."
909	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Kostas Vassilakis TEL: 203-924-3610 FAX: 203-924-3409	Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) (Hardware Versions: P/Ns 41U0438 and 12R8561, Model 4764-001; Firmware Version: Miniboot FW v1.25, Segment 2 FW v1.3, CCV Application FW v3.02.05) (When operated with module IBM eServer Cryptographic Coprocessor Security Module validated to FIPS 140-2 under Cert. #661 and operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #215); Triple-DES MAC (Triple-DES Cert. #215, vendor affirmed); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132) -Other algorithms: DES MAC Multi-chip embedded "The Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
908	GlobalSCAPE, Inc. 6000 Northwest Parkway Suite 100 San Antonio, TX 78249 USA -Mike Hambidge TEL: 210-293-7921 FAX: 210-690-8824	GlobalSCAPE® Cryptographic Module (Software Version: 1.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode) -FIPS-approved algorithms: AES (Cert. #618); Triple-DES (Cert. #586); DSA (Cert. #240); SHS (Cert. #666); RSA (Cert. #287); HMAC (Cert. #320); RNG (Cert. #388) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD2; MD4; MD5; MDC2; RIPEMD160; Blowfish; CAST5; RC2; RC4; RC5; IDEA Multi-chip standalone "The GlobalSCAPE® Cryptographic Module (GSCM) provides cryptographic services for the GlobalSCAPE family of software products such as Secure FTP Server and EFT Server. The services include symmetric/asymmetric encryption/decryption, digital signatures, message digest, message authentication, random number generation, and SSL/TLS support. The GSCM is intended for use by applications through the moduleÆs Application Programming Interface (API), which is based on the OpenSSL API defined by the OpenSSL Project."
907	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku,, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS Lite and CSL software cryptographic modules (Software Versions: 1.1.0 (C4CS Lite) and 1.1.0 (CSL)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 08/29/2008	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS Multi-chip standalone "C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
906	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5505 and ASA 5550 (Hardware Versions: 5505 and 5550; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/25/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #536 and #564); HMAC (Certs. #125, #283 and #301); RNG (Certs. #144, #309 and #329); RSA (Certs. #106, #242 and #261); SHS (Certs. #196, #606 and #630); Triple-DES (Certs. #217, #538 and #559) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
905	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD, FortiGate-300A/300A-HD, FortiGate-500A/500A-HD and FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89); FortiGate-300/300A-HD (build C4FK88); FortiGate-500/500A-HD (build C4BE21); FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/25/2008; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
904	Foundry Networks 4980 Great America Pkwy Santa Clara, CA 95054 USA -Michael Hong TEL: 408-207-1700	Foundry Networks FIPS 140-2 Cryptographic Module (Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Foundry Networks FIPS 140-2 Cryptographic Modules resides on PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
903	Foundry Networks 4980 Great America Pkwy Santa Clara, CA 95054 USA -Michael Hong TEL: 408-207-1700	Foundry Networks FIPS 140-2 Cryptographic Module (Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-Des Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Foundry Networks FIPS 140-2 Cryptographic Module resides on a PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
902	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-5GT (Hardware Version: NS-5GT; Firmware Versions: 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/23/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #532); AES (Cert. #525); DSA (Cert. #216); SHS (Cert. #598); RNG (Cert. #301); RSA (Cert. #235); HMAC (Cert. #276) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates a complete set of best-in-class UTM security features including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering which allow the NetScreen-5GT to defend the network against worms, Spyware, Trojans, malware and other emerging attacks. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security."
901	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: NS-500; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -FIPS-approved algorithms: DSA (Cert. #214); SHS (Cert. #590); Triple-DES (Cert. #527); AES (Cert. #517); HMAC (Cert. #268); RSA (Cert. #231); RNG (Cert. #293) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance solution for medium and large enterprise central sites and service providers. The NetScreen-500 security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile, modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones."
900	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks SSG 5 and SSG 20 (Hardware Versions: P/N SSG-5 and SSG-20; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #533); AES (Cert. #526); DSA (Cert. #217); SHS (Cert. #599); RNG (Cert. #302); RSA (Cert. #236); HMAC (Cert. #277) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks Secure Services Gateway 5 (SSG 5) and Secure Services Gateway 20 (SSG 20) are purpose-built security appliances that deliver a perfect blend of performance, security and LAN\WAN connectivity for small branch office and small business deployments. Traffic flowing in and out of the branch office can be protected from worms, Spyware, Trojans, and malware by a complete set of Universal Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
899	IBM® Corporation Nymøllevej 91 Lyngby, DK-2800 Denmark -Crypto Competence Center Copenhagen TEL: +45-4523-4441 FAX: +45-4523-6802	IBM CryptoLite for C (Software Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/16/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate; Red Hat Enterprise Linux v4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #615); Triple-DES (Cert. #585); SHS (Cert. #663); DSA (Cert. #238); RSA (Cert. #286); RNG (Cert. #350); HMAC (Cert. #318); ECDSA (Cert. #66) -Other algorithms: DES; CAST-5; CAST-6; RC2; ArcFour; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 to 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD2; MD5; Whirlpool; HMAC MD5 Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
898	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-204 and NetScreen-208 (Hardware Versions: NS-204 and NS-208; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #215); SHS (Cert. #591); Triple-DES (Cert. #528); AES (Cert. #518); HMAC (Cert. #269); RSA (Cert. #232); RNG (Cert. #294) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances available today. They easily integrate and secure many different network environments, including medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure. Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-208)."
897	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-5200 and NetScreen-5400 (Hardware Versions: NS-5200 and NS-5400; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #212); SHS (Cert. #587); Triple-DES (Cert. #524); AES (Cert. #514); HMAC (Cert. #265); RSA (Cert. #228); RNG (Cert. #290) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-5000 series is a line of purpose-built, high-performance firewall/VPN security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 series consists of two products: the 2-slot NetScreen-5200 system and the 4-slot NetScreen-5400 system. NetScreen-5000 security systems integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality, in a low-profile modular chassis."
896	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks ISG 1000 and ISG 2000 (Hardware Versions: P/N NS-ISG-1000 and NS-ISG-2000; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #213); SHS (Cert. #588); Triple-DES (Cert. #525); AES (Cert. #515); HMAC (Cert. #266); RSA (Cert. #229); RNG (Cert. #219) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen ISG 1000 and ISG 2000 are Internet security devices that integrate firewall, virtual private networking (VPN), and traffic shaping functions. Through the VPN, the NetScreen ISG devices provide the following: IPSec standard security, Triple-DES, and Advanced Encryption Standard (AES) encryption, Manual and automated IKE (ISAKMP), and Use of RSA and DSA certificates."
895	Xirrus, Inc. 370 N. Westlake Blvd. Suite 200 Westlake Village, CA 91362 USA -Patrick Parker TEL: 805-497-0955 FAX: 866-462-3980	Xirrus Wireless LAN Array (Hardware Versions: Models: XS-3900 P/Ns 190-0001-001, 190-0001-002, 190-0001-003, 190-0001-004 Version B1; XS-3700 P/Ns 190-0005-001, 190-0005-002, 190-0005-003, 190-0005-004 Version B1; XS-3500 P/Ns 190-0004-001, 190-0004-003 Version A1; WFX-3900 P/N 190-0016-001 Version A1; WFX-3700 P/N 190-0017-001 Version A1; WFX 3500 P/N 190-0018-001 Version A; XS4 P/N 190-0092-001 Version A; XS8 P/N 190-0091-001 Version A; XS16 P/N 190-0090-001 Version A; Firmware Version: 3.2-0477) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/10/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #470); RNG (Cert. #255); HMAC (Cert. #304); SHS (Cert. #638); RSA (Cert. #290) -Other algorithms: RC4; MD5 Multi-chip standalone "The Xirrus Wireless LAN Array represents the next generation in enterprise wireless LAN architecture - combining the functionality of a WLAN switch and Integrated Access Points (IAPs) in a single device. The WLAN Array delivers Gigabit-class Wi-Fi bandwidth to an extended coverage area simplifying the wireless LAN setup."
894	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
893	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
892	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); DSA (Cert. #227); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4 Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
891	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 50 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
890	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Code Integrity (ci.dll) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #889 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
889	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Winload OS Loader (winload.exe) (Software Versions: 6.0.6000.16386, 6.0.6000.16476 and 6.0.6000.20586) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #888 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #424); RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
888	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Boot Manager (bootmgr) (Software Version: 6.0.6000.16386) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #424); HMAC (Cert.#298); RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
887	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	CoSign (Hardware Version: 4.0; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/07/2008; 03/07/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organizationÆs end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
886	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client Bridge (Hardware Version: 1.0; Firmware Version: 2.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/07/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #545); Triple-DES (Cert. #541); SHS (Cert. #609); RNG (Cert. #312); HMAC (Cert. #286) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant); RSA (non-compliant); MD2; MD5; Blowfish; CAST; IDEA; RC2; RC4; RC5 Multi-chip standalone "The Fortress Secure Client Bridge is a hardware module designed to deliver security on wireless and wired devices that cannot run the Fortress Secure Client software. A plug-and-play solution, the Secure Client Bridge encrypts and decrypts communication across the WLAN and LAN and protects the device against attacks without user intervention."
885	L-3 Communications Linkabit 3033 Science Park Road San Diego, CA 92121 USA -Rick Roane TEL: 858-597-9097 FAX: 858-552-9660	MPM-1000, 70 MHz Layout 1; MPM-1000, 70 MHz Layout 2; and MPM-1000, L-Band (Hardware Versions: P/N 119811-1, 119903-30 and 119903-33; Firmware Version: 121423-00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."