CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine if their product utilizes an embedded validated cryptographic module. There is inevitably a larger number of security products or applications available which use embedded validated cryptographic modules, than the number of modules which are found in this list. In addition, it is possible that other vendors, who are not found in this list, might incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the product or application that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the product or application uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number from this listing.

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSEC. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the indicated vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
494	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library (Software Versions: 2.2.5, 2.2.7 and 2.2.12 (Windows) and 1.1.8, 1.1.9 and 1.1.15 (Solaris)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/03/2005; 12/20/2006	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix EAL 4 on Dell Optiplex GX 400 Personal Computer System, Trusted Solaris 8 7/03 EAL 4 on SunBlade 100 -FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4) -Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)); RC2 Multi-chip standalone "The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The Windows and Solaris versions are designed and implemented to meet the Level 2 requirements of FIPS publication 140-2 when running on an appropriate hardware under Windows 2000, Solaris 8 and Trusted Solaris 8 operating systems."
493	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library (Software Versions: 2.2.5, 2.2.7, 2.2.8 and 2.2.12 (Windows) and 1.1.8, 1.1.9, 1.1.10, 1.1.12 and 1.1.15 (Solaris/Linux/AIX/HP-UX)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/03/2005; 12/22/2005; 07/10/2006; 12/19/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP Professional, Windows ME, Windows 2000, HP-UX B.11.11, AIX 5, Trusted Solaris 8 7/03 and Linux RHEL 3 (all in single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4) -Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement); RC2; RIPEMD-160 (v1.1.10 and 1.1.12 only); RSA (specified in RFC 2409) Multi-chip standalone "The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
492	ITServ Inc. Six Montgomery Village Avenue Suite 405 Gaithersburg, MD 20879 USA TEL: 301-948-1111 FAX: 301-948-7582	RideWay Station (Hardware Version: FGC; Firmware Version: 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/22/2004; 01/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #247); SHS (Cert. #186); HMAC-SHA-1 (Cert. #186, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RC4; MD5; CRYPT(3) Multi-chip standalone "RideWay Station FGC integrates powerful firewall protection and VPN capabilities to safeguard computer networks from the threat of Internet attacks and intrusions. Each computer or server on the LAN must follow a strict authorization procedure in order to gain access to the network. In addition, the module uses Triple-DES encryption in its IPSec VPN to allow multiple offices to securely communicate over the Internet or to allow a remote client to securely connect to its office network. The highperforming hardware efficiently conducts encryption and decryption tasks without sacrificing throughput."
491	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Kenneth Jensen TEL: 408-227-4500 FAX: 408-227-4550 -Keerti Melkote TEL: 408-227-4500 FAX: 408-227-4550	Aruba 5000/6000 WLAN Switch with AirOS Software (Hardware Versions: Configuration A, Configuration B, Configuration C, Configuration D; Firmware Version: A5000_2.1.0.0_7862) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/22/2004; 01/07/2005; 12/22/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #158 and #159); Triple-DES (Certs. #260 and #261); SHA-1 (Certs. #243 and #244); HMAC-SHA-1 (Certs. #243 and #244, vendor affirmed); RNG (Cert. #8); RSA (Cert. #9) -Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Aruba Wireless Networks’ FIPS validated WLAN switching platform is a purpose-built Wireless LAN voice and data switching solution designed to specifically address the needs and reduce the cost of large scale WiFi network deployments for Government and large enterprise. Aruba’s WLAN switching platform is a highly scalable and redundant solution that provides centralized intelligence to secure and manage the corporate RF environment, enforce identity based user security and policies, enable service creation and provide secure mobility management to hundreds of simultaneously connected users."
490	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS (Software Versions: 1.0.0 and 1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/25/2005; 08/21/2008	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Service Pack 3 with Hotfix 326886 and Microsoft Windows XP Service Pack 1 -FIPS-approved algorithms: SHS (Cert. #222); HMAC-SHA-1 (Cert. #222, vendor affirmed); AES (Cert. #133); RNG (Cert. #1); RSA (Cert. #1); ECDSA (vendor affirmed) -Other algorithms: C4Custom; RSAES_PKCS_v1_5; RSAES_OAEP; Diffie-Hellman (key agreement); SSS Multi-chip standalone "C4CS is a software cryptographic module providing symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
489	Bluesocket, Inc. 7 New England Executive Park Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-2100 Wireless Gateway (Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002, 870-212TT-002, Software Version: 3.1.1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 08/30/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #76); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC-SHA-1 (Certs. #228 and #229, vendor affirmed) -Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-2100 Wireless Gateway provides a scalable solution with security, quality of service (QoS), Mobility, Role/Policy Enforcement and Management for today's highly-secure 802.11 Government wireless networks."
488	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	EFJohnson Encryption Module (Software Version: 1.0.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004; 05/05/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix on Dell OptiPlex GX400 -FIPS-approved algorithms: AES (Cert. #26); DSA (Cert. #72); SHS (Cert. #121); Triple-DES (Cert. #135); RNG (Cert. #14) -Other algorithms: DES (Cert. #186); AES-MAC (Cert #26, non-compliant) Multi-chip standalone "The EFJohnson Encryption Module is a software cryptographic module that serves both as a key store and a cryptographic service provider. The module is accessible through an API, and provides an easy-to-use yet secure means of storing sensitive cryptographic keys. The Encryption Module meets level 1 FIPS 140-2 requirements and achieves level 2 in the "Roles, Services, and Authentication" and "Operation Environment" sections of FIPS 140-2."
487	Kasten Chase Applied Research, Ltd. Orbitor Place 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Steve Demmery TEL: 905-238-6900 x3303 FAX: 905-212-2003	Kasten Chase Cryptographic Engine (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Red Hat 7.3 with Linux kernel 2.4; AIX 5L for POWER V5.2; Sun Trusted Solaris™ Version 8 4/01; Sun Solaris™ 9 (all in user and kernel modes and single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert. #10) -Other algorithms: MD5; HMAC-MD5; KEA; ECDH (key establishment) Multi-chip standalone "KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
486	Kasten Chase Applied Research, Ltd. Orbitor Place 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Steve Demmery TEL: 905-238-6900 x3303 FAX: 905-212-2003	Kasten Chase Cryptographic Engine (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server with SP3 and Hotfix Q326886 on a 650 MHz Pentium III platform; AIX 5L for POWER V5.2 on a IBM p630-6C4 with a POWER4 CPU; Sun Trusted Solaris™ Version 8 4/01 on a SunBlade 100 with a 500 MHz UltraSPARC Iie -FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384; HMAC- SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert #10) -Other algorithms: MD5; HMAC-MD5; KEA, ECDH (key establishment) Multi-chip standalone "KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
485	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert FIPS 64 (Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 04/04/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Cert. #216); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed) -Other algorithms: DES (Cert. #249); DES MAC (Cert. # 249, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
484	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330G3 Smart Card (Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS and Biometric authentication application executable (G3 EXF) Version 21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); RSA (PKCS #1, vendor affirmed); Triple-DES (Cert. #236); RNG (vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip "The 330G3 is a biometrically-enabled ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for strong user authentication and single sign on when integrated with SAFENET Axis software. The card supports creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials; Strong authentication of the cardholder using fingerprint biometrics; Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
483	Symantec Corporation 1 Symantec Way Suite 200 Newport News, VA 23602 USA -William L. Stewart TEL: 757-880-7782 FAX: 757-249-7124	Symantec Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004; 07/27/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional, Windows 2000 -FIPS-approved algorithms: AES (Cert. #164); Triple-DES (Cert. #266); SHS (Cert. #248); HMAC (Cert. #5); RNG (Cert. #12) -Other algorithms: N/A Multi-chip standalone "The Symantec Cryptographic Module is a software library that contains FIPS-approved cryptographic algorithms. This module provides encryption functionality for selected Symantec products."
482	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-1 Postal Security Device (Hardware Versions: P/N 1L00, Versions AAA, AAC and AAD (US); P/N 1LEC, Versions AAA, AAC and AAD (Canada)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/03/2005; 03/14/2005	Overall Level: 3  -FIPS-approved algorithms: DSA (Cert. #105); SHS (Cert. #232); Triple-DES (Cert. #252); Triple-DES MAC (Cert. #252, vendor affirmed); HMAC-SHA-1 (Cert. #232, vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Pitney Bowes Cygnus X-1 Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation's Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products."
481	Realia Technologies S.L. Orense, 68 11th floor Madrid, 28020 Spain -Sebastián Muñoz TEL: +34 91 449 03 30 FAX: +34 91 579 56 06 -Luis Jesús Hernández TEL: +34 91 449 03 30 FAX: +34 91 579 56 06	Cryptosec 2048 (Hardware Version: Model 1.0, Firmware Version: 01.04.0010) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #262); RSA (Cert. #10); SHS (Cert. #242); RNG (Cert. #11) -Other algorithms: DES (Cert. #263); CRC-32; MD5; RIPEMD-128; RIPEMD-160 Multi-chip embedded "The Cryptosec 2048 is a high-end PCI cryprographic accelerator card that provides cryptographic services and secure storage of cryptographic keys. The module is built to perform general cryptographic processing (RSA, DES, SHA-1, MD5,...) and features a tamper-protective case to physically protect sensitive information contained within the card."
480	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Key Variable Loader (KVL) 3000 Plus (Hardware Version: P/N CLN7493D, Version 8, Firmware Version: U239AC, X795AH, Versions R3.52.17, R3.52.22 and R3.52.31.) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/25/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; DVI-SPFL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
479	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Alan Myrvold TEL: 613-270-3009	Entrust Authority™ Security Toolkit for Java™ (Software Version: 7.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/16/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP SP1 in single user mode running Sun JRE 1.4.2 and UltraSPARC-11i 300 MHz processor running Solaris 9 in single user mode running Sun JRE 1.4.2 -FIPS-approved algorithms: AES (Cert. #193); Triple-DES (Cert. #289); Triple-DES MAC (Cert. #289, vendor affirmed); DSA (Cert. #122); ECDSA, (vendor affirmed); SHS (Cert. #273); HMAC (Cert. #8); RNG (Cert. #40); RSA (Cert. #30) -Other algorithms: DES (Cert. #279); DES MAC (Cert. #279, vendor affirmed); CAST 128; IDEA; RC2; RC4; Diffie-Hellman (key agreement); SPEKE; Rijndael 256; CAST128 MAC; MD2; MD5; HMAC- MD5; IDEA MAC Multi-chip standalone "Authority Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
478	Carrier Access Corp. (a wholly owned subsidiary of Turin Networks, Inc.) and Team F1 5395 Pearl Parkway Boulder, CO 80301 USA -Thomas Gormley TEL: 303-442-5455 FAX: 303-443-5908 -Mukesh Lulla TEL: 510-505-9931 FAX: 510-505-9941	Broadmore/SSHield Management Module (Software Versions: 4.0.0, 4.1.0, 4.1.1 and 4.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/08/2004; 12/01/2004; 02/24/2005; 12/22/2005; 03/07/2008; 03/19/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Key Management: Level 3 -Operational Environment: Tested as meeting Level 1 with WindRiver pSOS operating system version 2.2.7 and ATM configuration -FIPS-approved algorithms: DSA (Cert. #100); Triple-DES (Cert. #238); AES (Cert. #129); SHA-1 (Cert. #214); HMAC-SHA-1 (Cert. #214, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Broadmore family of products offer a unique economical means of provisioning, grooming, and routing TDM DS3, DS1, E3, E1 services and mixed-speed serial data to logical ATM connections. The Broadmore/SSHield Management Module controls the Broadmore configuration parameters using SSHield, an implementation of the IETF SECSH protocol, which provides an authenticated, encrypted data communications channel for secure management. More information can also be found on www.teamf1.com and www.carrieraccess.com."
477	Secure Systems Limited 80 Hasler Road Osborne Part, Western Australia 6017 Australia -Michael J Wynne TEL: +61 8 9202 8333 FAX: +61 8 9202 8334 -Christine Rainwater TEL: 703-535-7999	Silicon Data Vault® (SDV®) (Hardware Versions: SDV201B Rev B and SDV18A Rev A, Firmware Version: SDV2_Ver_1.3.4, Embedded_AA_1.07) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/04/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #136); SHS (Cert. #219) -Other algorithms: CRC-32 Multi-chip embedded "The Silicon Data Vault® (SDV®) is a cryptographic hardware security device which asserts absolute control over the hard disk drive (HDD) at the earliest stage of boot up, ensuring the user is authenticated before any data can be accessed. The SDV® is operating system independent, works with any standard ATA HDD, and resides in the IDE channel, blocking and controlling all access to the HDD."
476	Prism Payment Technologies (Pty) Ltd PO Box 901 Witkoppen, Gauteng 2068 South Africa -Wayne Donnelly TEL: +27 11 5481000 FAX: +27 11 4673424	Incognito TSM410 (Hardware Version: P/N 5520-00091, Version 2, Firmware Version: 1.1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/04/2004	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #259); SHA-1 (Cert. #241); Triple-DES MAC (Cert. #259, vendor affirmed); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #261); Enhanced Security DES MAC (Cert. #261, vendor affirmed); DES MAC (Cert. #261, vendor affirmed); Multi-chip embedded "The Incognito TSM410 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers highperformace, high-security services targeted at EFT switches and mCommerce applications."
475	Trust Digital, Inc. 1600 International Drive Suite 100 McLean, VA 22102 USA -Norm Laudermilch TEL: 703-760-9400 FAX: 703-760-9415	Trust Digital Crypto Library Cryptographic Module (Software Versions: 3.0, 3.0.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2004; 03/02/2005; 07/29/2005; 09/21/2005; 10/26/2006; 11/06/2006; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows NT SP6, 2000; XP Pro; Palm OS 4.1, 5.2.1, 5.2.1H, 5.4.5; Pocket PC 3.0, 4.20; Symbian 7.0; Smartphone 2002; Windows Mobile v5.0 and v6.0; and v5.0 Smartphone edition. -FIPS-approved algorithms: AES (Certs. #69 and #456); Triple-DES (Certs. #177 and #473); SHS (Certs. #164 and #520); HMAC-SHA-1 (Certs. #164 and #520, vendor affirmed) -Other algorithms: Blowfish; TwoFish; RC4; TEA; Fast XOR; MD5 Multi-chip standalone "Trust Digital’s Cryptographic Module is a 32-bit Windows library compatible with Palm, Pocket PC, RIM, Symbian and other related operating systems. This module provides cryptographic services accessible from software programs written in C/C++ through Application Program Interfaces (APIs). The DLL (dynamically linked library) format of this module allows it to be embedded in existing applications targeted for Palm, Pocket PC, RIM and Symbian operating systems."
474	L-3 Communications Government Services, Inc. 3750 Centerview Drive Chantilly, VA 20151 USA -Suma Shastry TEL: 703-375-6598	Hand Held Monitor Module (HHM) (Hardware Version: Rev B, Part No: 1500, Firmware Version: 5.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Hand Held Monitor Module (HHM) device is a component of the Tactical Automated Security System (TASS). The HHM is used to detect, monitor, and access intrusions in secured areas. The HHM works in conjunction with the Communications Module (CM), which receives, and forwards intrusion alerts to the HHM."
473	L-3 Communications Government Services, Inc. 3750 Centerview Drive Chantilly, VA 20151 USA -Suma Shastry TEL: 703-375-6598	Communications Module (CM) (Hardware Version: Rev B, Part No: 1550, Firmware Version: 5.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Communications Module (CM) device is a component of the Tactical Automated Security System (TASS). The Communications Module (CM) works in conjunction with the HHM to receive and forward intrusion alerts."
472	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB1 - 1.50) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
471	SafeNet, Inc. 4690 Millennium Drive Suite 400 Belcamp, MD 21017 USA -George L. Heron TEL: 410-933-5883 FAX: 410-931-7524	SafeNet HighAssurance 4000 Gateway (Hardware Version: C, Firmware Versions: 2.2 and 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004; 05/04/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSEC encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. With the implementation of firmware version 2.2, the SafeNet HA 4000 can now be set-up and configured with the Safe Enterprise Security Management Center (SMC)."
470	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A, Firmware Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
469	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG1001 (Hardware Version: C, Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics Security Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
468	Fortinet, Inc. 920 Stewart Drive Sunnyvale, CA 94085 USA -Alan Kaye TEL: 613-225-2951	FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-800 (Hardware Versions: FortiGate-300 (build x20), FortiGate-400 (build x20), FortiGate-500 (build x20) and FortiGate-800 (build x20), Firmware Version: 2.50, build 219,040616) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed) -Other algorithms: DES; DDiffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
467	Fortinet, Inc. 920 Stewart Drive Sunnyvale, CA 94085 USA -Alan Kaye TEL: 613-225-2951	FortiGate-3000 and FortiGate-3600 (Hardware Versions: FortiGate-3000 (build xx20) and FortiGate-3600 (build xx20), Firmware Version: 2.50, build 219,040616) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed) -Other algorithms: DES; Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
466	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder, Germany -Volker Baum TEL: +49 3303 525 668 FAX: +49 3303 525 609	FrankIT Postal Revenector (Hardware Version: 58.0036.0001.00/05, Firmware Version: 90.0036.0007.00/00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #39); RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. #43); HMAC-SHA-1 (Cert. #43, vendor affirmed) -Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia FrankIT Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The FrankIT Postal Revenector has been designed in compliance with the Deutsche Post AG (DPAG), FrankIT Specification."
465	D'Crypt Pte Ltd. 20 Ayer Rajah Crescent #08-08 Technopreneur Centre, Singapore 139964 Singapore -Quek Gim Chye TEL: +65-6773-9016 FAX: +65-6873-0796	d'Cryptor QE Cryptographic Module (Hardware Versions: P/N DC/QE-L.8.1024 Versions 3.0L and 3.1L and P/N DC/QE-S.4.512 versions 3.0S and 3.1S, Firmware Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004; 06/06/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #159); SHA-1 (Cert. #139); RSA (FIPS 186-2 and PKCS#1, vendor affirmed); AES (Cert. #49); HMAC-SHA-1 (Cert. #139, vendor affirmed) -Other algorithms: DES (Cert. #205) Multi-chip embedded "The d'Cryptor QE is a programmable cryptographic coprocessor designed for high security assurance applications and features in the d'Cryptor line of products such as d'Cryptor XE, d'Cryptor HSM and TelePort. It contains a secure high-performance cryptographic core that comprises a CPU, Flash ROMs, NVRAM, UTC clock, firmware and a host of useful and cryptographic APIs. The QE provides strong physical security through an opaque, hard epoxy potting and a tamper response mesh that zeroizes all keys in event of tamper. Application loading is authenticated using an approved digital signature scheme."
464	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity 1700, 2700 and 5000 Secure IP Services Gateways (Hardware Versions: 1700, 2700 and 5000, Firmware Version: V04_85.121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004; 01/06/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #183); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC-MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant Contivity 1700, 2700 and 5000 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 1700, 2700 and 5000 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
463	VIACK Corporation 16701 NE 80th St. Suite 100 Redmond, WA 98052 USA -Peter Eng TEL: 425-605-7400 FAX: 425-605-7405	VIA3 VkCrypt Cryptographic Module (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/20/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4 -FIPS-approved algorithms: RNG (Cert. #3); AES (Cert. #147); RSA (Cert. #5); SHA-1 (Cert. #236); HMAC-SHA-1 (Cert. #236, vendor affirmed) -Other algorithms: RSA (PKCS #1); RC2 Multi-chip standalone "The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing for VIA3 E-meeting products. VIA3 is a secure and confidential E-meeting solution integrating live audio and video, instant messaging, and real-time information sharing."
462	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP Wireless Gateways (Hardware Versions: 3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP, Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1); MD5; RC4; DES Multi-chip standalone "The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface. The cryptographic suite is implemented in an innovative manner so that critical performance is not sacrificed in providing a rugged FIPS 140-2 Level 2 secure wireless solution."
461	Lucent Technologies, Inc. 600 Mountain Ave Murray Hill, NJ 07974 USA -Kim Tourigny TEL: 978-952-1504 FAX: 978-952-1120 -Dan Buczala TEL: 978-952-1512 FAX: 978-952-1516	VPN Firewall Brick® 350, Brick® 1000 and Brick® 1100 with Encryption Accelerator Cards (Hardware Versions: Brick® 350, Brick® 1000 and Brick® 1100, and Encryption Accelerator Card v2: Version 1.0, Board Version 1, Firmware Versions: Lucent LVF v7.2.292 and EAC v2: 7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/03/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #75 and #245); SHA-1 (Certs. #65 and #225); HMAC-SHA-1 (Certs. #65 and #225, vendor affirmed); DSA (Cert. #62) -Other algorithms: DES (Certs. #135 and #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC- MD5 Multi-chip standalone "The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
460	Lucent Technologies, Inc. 600 Mountain Ave Murray Hill, NJ 07974 USA -Kim Tourigny TEL: 978-952-1504 FAX: 978-952-1120 -Dan Buczala TEL: 978-952-1512 FAX: 978-952-1516	VPN Firewall Brick® 350 and Brick® 1000 (Hardware Versions: Brick® 350 and Brick® 1000, Firmware Version: Lucent LVF v7.2.292) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/03/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #245); SHA-1 (Cert. #225); HMAC-SHA-1 (Cert. #225, vendor affirmed); DSA (Cert. #62) -Other algorithms: DES (Cert. #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip standalone "The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
459	Backbone Security.com, Inc. 701 Main Street Suite 300 Stroudsburg, PA 18360 USA -Glenn Watt TEL: 570-422-7900 FAX: 570-422-7940	Ribcage 1100 and Ribcage 2800 (Hardware Version: 3.0, Software Version: 2.2 FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #208); AES (Cert. #94); SHA-1 (Cert. #184); HMAC-SHA-1 (Cert. #184, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); HMAC-SHA-256; HMAC-SHA-512; HMAC-MD5 Multi-chip standalone "Ribcage is a secure IPSec Virtual Private Network that provides secure connectivity deployed on a shared infrastructure with the same privacy and performance as a leased network. Ribcage is a solution that is flexible as both a secure virtual private network and as a remote access, with straightforward administration tools that allow rapid set-up and administration remotely or locally."
458	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	SonicWALL TZ 170 (Hardware Version: P/N 101-5000072-00 rev A, Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/24/2005; 05/17/2006; 04/25/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. # 208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering."
457	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Irfan Khan TEL: 510-936-4840	Sun Cryptographic Accelerator 4000 (Hardware Versions: Fiber: 501-6040-02 and 501-6040-03, UTP/Copper: 501-6039-05 and 501-6039-06, Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/12/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.# 190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
456	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert FIPS 64 with ActivCard Applet v2 (Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102, Applet Versions: AC Applet Versions 2.3.0.2 and 2.3.0.5; ASC Library 2.3.0.2 and 2.3.0.3; and PKI/GC Applet Versions 2.3.0.2 and 2.3.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/11/2004; 09/07/2005; 04/04/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHA-1 (Cert. #216); DSA (Cert. #102); RSA (Cert. #7, PKCS#1); Triple-DES MAC (Cert. #239, vendor affirmed) -Other algorithms: DES (Cert. #249); DES MAC (Cert. #249, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
455	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	SonicWALL PRO 3060/4060 (Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A, Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/11/2004; 02/24/2005; 05/17/2006; 05/31/2006; 04/25/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed) -Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces."
454	iDirect 13865 Sunrise Valley Drive Suite 100 Herndon, VA 20171 USA -Chris Burdick TEL: 703-648-8000 FAX: 703-648-8014	Protocol Processor (Hardware Version: 5.0, Firmware Version: 5.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/02/2004; 12/23/2008	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #243); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The Protocol Processor is the central component of iDirect’s TDMA star network product and is responsible for network wide functions such as: TCP acceleration, QoS, 3DES encryption, TDMA management and dynamic time slot allocation."
453	iDirect 13865 Sunrise Valley Drive Suite 100 Herndon, VA 20171 USA -Chris Burdick TEL: 703-648-8000 FAX: 703-648-8014	NetModem II Plus (Hardware Version: 5.0, Firmware Version: 5.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004; 12/23/2008	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #242); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The iDirect NetModem II Plus broadband router is a compact, set-top terminal that routes IP traffic over satellite networks."
452	Credant Technologies Corporation 15305 Dallas Parkway Suite 1010 Addison, TX 75001 USA -Chris Burchett TEL: 972-458-5407 FAX: 972-458-5454	Credant Cryptographic Kernel (Versions 1.3 and 1.4) Validated to FIPS 140-2 Security Policy Certificate	Software	07/28/2004; 09/21/2004; 09/24/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 1 and Windows CE 3.0 (single user mode) -FIPS-approved algorithms: AES (Certs. #117 and #168); Triple-DES (Certs. #229 and #272); SHA-1 (Certs. #206 and #253); HMAC-SHA-1 (Certs. #206 and #253, vendor affirmed); RNG (Cert. #19) -Other algorithms: Multi-chip standalone "Credant Cryptographic Kernel is a FIPS 140-2 compliant, software-based cryptography library that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1 algorithms for the Credant Mobile Guardian product. Credant Mobile Guardian enables enterprise-wide control of security for mobile and wireless users of laptops, tablet PCs, PDAs and smart phones."
451	Good Technology, Inc. 4250 Burton Drive Santa Clara, CA 95054 USA -Daphne Won TEL: 408-327-6000	Good FIPSCrypto (Software Versions: Pocket PC 20040220 and Symbian 4.9.1) Validated to FIPS 140-2 Security Policy Certificate	Software	07/28/2004; 01/11/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Symbian 9.1 and Windows CE 4.2 -FIPS-approved algorithms: AES (Certs. #134 and #477); Triple-DES (Certs. #240 and #491); SHA-1 (Certs. #217 and #545); HMAC-SHA-1 (Certs. #217, vendor affirmed and #234) -Other algorithms: Multi-chip standalone "The Good FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements the Triple-DES; AES; SHA-1; HMAC-SHA-1 algorithms."
450	Nokia Enterprise Solutions 313 Fairchild Drive Mt View, CA 94043 USA -Robert Kusters TEL: 650-625-2940	Nokia VPN Appliance (Hardware Versions: IP350, IP355, IP380 and IP385, Software Versions: (IPSO v3.7.99 and Check Point NG with Application Intelligence R54) and (IPSO v3.9 and Check Point NG with Application Intelligence R60)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004; 07/28/2005; 09/21/2006; 11/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #88 and #407); Triple-DES (Certs. #41, #80, #132, #234, #235, #333 and #440); SHA-1 (Certs. #42, #69, #210, #211, #212, #325 and #474); HMAC-SHA-1 (SHA-1 Certs. #42, #56, #69, #210, #211, #212, vendor affirmed and HMAC-SHA-1 #179 and #180); DSA (Cert. #99); RSA (PKCS #1 vendor affirmed and #63, #146 and #149); RNG (#30, #196 and #201) -Other algorithms: DES (Certs. #110, #142, #183, #247, #311 and #314); CAST; DES (40 bits); HMAC-MD5; MD5; Arcfour; Blowfish Multi-chip standalone "The Nokia IP350, IP355, IP380 and IP385 are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1/FW-1, these platforms provide reliable, easy to manage distributed security and access."
449	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N: 77, Firmware Version: E302) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004; 02/25/2005; 03/01/2005; 06/29/2005; 09/23/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHA-1 (Cert. #209); RSA (FIPS 186-2, PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
448	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China -Yu-Ling Cheng TEL: +886 3 424-5883 FAX: +886 3 424-4167	SafGuard 200 HSM (Hardware Version: HSM-HW-0312.02, Firmware Version: HSM-SW-ARM-FRTO.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #224); AES (Cert. #111); SHA-1 (Cert. #201); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: RC6 Multi-chip standalone "SafGuard200 is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-4096 bit public key signatures, and hashing). The SafGuard 200 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved 3DES and AES encryption."
447	Oracle Corporation 500 Oracle Parkway Redwood Shores California, CA 94065 USA -Shaun Lee TEL: +44 1189 243860	Oracle Cryptographic Libraries for SSL 10g (9.0.4) (Software Version 10g (9.0.4)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/30/2004; 08/06/2004	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Sun Solaris Version 8 running on a Sun Ultra 60 UltraSparc workstation -FIPS-approved algorithms: Triple-DES (Cert. #170); SHA-1 (Cert. #154); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #154, vendor affirmed) -Other algorithms: DES (Cert. #215); RSA-MD5 (PKCS#1); RC4; HMAC-MD5; Diffie-Hellman (key agreement); RSA (PKCS#5) Multi-chip standalone "The Oracle Cryptographic Libraries for SSL 10g (9.0.4) is a generic module used by Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle Database Server, Oracle Applications Server, Oracle Internet Directory, Web Cache and Oracle HTTP Server. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
446	3Com Corporation 5500 Great America Parkway Santa Clara, CA 95052 USA -Rahul Jain TEL: 408-326-3518 -Annette Davis TEL: 408-326- 8954	3Com 10/100 Secure NIC (3CR990B-97) and 3Com 100 Secure Fiber NIC (3CR990B-FX-97) (Hardware Versions: 03-0229-100 and 03-0347-000, Firmware Versions: Runtime: 03.001.008, Diagnostic: 03.001.008, Sleep: 03.001.007) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #212); SHA-1 (Certs. #188 and #189); HMAC-SHA-1 (Certs. #188 and #189, vendor affirmed) -Other algorithms: DES (Cert. #234); MD5; HMAC-MD5 Multi-chip embedded "3Com® 10/100 Secure NICs offers IPSec and TCP/IP offloading, upgradability to the embedded firewall technology while also offering advanced intrusion resistance to protect your LAN, without sacrificing throughput performance. In addition, the NICs incorporate advanced server features and remote management capabilities to accelerate application response and lower IT administration time."
445	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Enterprise Server Cryptographic Kernel (Software Version: 1.0.0.2) (When operated in FIPS mode with FIPS validated Microsoft® Base Cryptographic Providers Certificates #76 or #103 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/30/2004; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP6a -FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHA-1 (Cert. #195); HMAC-SHA-1 (Cert. #195, vendor affirmed) -Other algorithms: Rijndael Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete endtoend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®"
444	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330G2 Smart Card (Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS application executable (G2 EXF) Version 22) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004; 02/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #236); DSA/SHA-1 (Cert. #35);RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip "The 330G2 is an ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials. Authentication of the cardholder and the security officer. Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
443	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 (Hardware Version: Cyberflex Access 64k v2, OS Hard Mask no01 v01 Firmware Version: OS Soft Mask no02 v03, ID Applet v1.0.0.23, PKI Applet v1.0.0.29, GC Applet v1.0.0.27, SKI Applet v1.0.0.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/23/2004; 05/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); SHA-1 (Cert. #173); RSA (PKCS#1, vendor affirmed); AES (Cert. #81) -Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed) Single-chip "ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 provides the following services: - Card Holder verification using PIN - Secure storage of data and private information - RSA based Digital Signature (1024 and 2048 bits) - DES/TDES based One Time Password (OTP) generation"
442	Vormetric, Inc. 3131 Jay Street Santa Clara, CA 95054 USA -Suhel Khan TEL: 408-961-6114 FAX: 408-844-8638 -Paulus Weemaes TEL: 408-961-6117 FAX: 408-844-8638	CoreGuard Security Server (Hardware Version: P/N 30 Release 1.0 Version 3.0, Firmware Versions: VN.3.0SP1- Build0060 and VN.3.0SP1-Build0064) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 07/27/2004; 01/27/2006	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #241); AES (Cert. #135); SHA-1 (Cert. #218); HMAC-SHA-1 (Cert. #218, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); MD5 Multi-chip standalone "Vormetric CoreGuard Security Server is a comprehensive security solution that combines protection of data at rest, application integrity and host protection. CoreGuard integrates a software module loaded on a server, and a FIPS compliant appliance with user-defined security policies allowing fine-grain data access control and selective encryption of data at rest (AES 128/256 and 3DES), application digital signatures, enforced user authentication, host protection and central management. CoreGuard installs transparently and does not require changes to applications, databases or storage architectures allowing the security to extend to any data across the enterprise."
441	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00181 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® and Pointsec® Windows Mobile Cryptographic Library (Software Version: 1.1.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004; 05/20/2008	Overall Level: 1  -EMI/EMC: Level 3 -Self-Tests: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 4.20.1081 -FIPS-approved algorithms: AES (Cert. #4); SHA-1 (Cert. #224); HMAC-SHA-1 (Cert. #224, vendor affirmed) -Other algorithms: Passphrase-based key derivation (PBKDF2 as specified in PKCS#5); AES (IWEC) Multi-chip standalone "The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Windows Mobile 2003 and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a Clanguage Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
440	Proofpoint Inc. 892 Ross Drive Sunnyvale, CA 94089 USA -Stephen Lewis TEL: 408-517-4710 FAX: 408-517-4711	Proofpoint Security Library (Software Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004; 11/06/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1, Java Runtime Environment 1.4.2-b28 -FIPS-approved algorithms: Triple-DES (Cert. #94); AES (Cert. #22); SHA-1 (Cert. #78); HMAC-SHA-1 (Cert. #78, vendor affirmed); DSA (Cert. #56); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); Secure Remote Password (SRP); Extended Secure Remote Password (ESRP); Triple-DES (ECB mode); DSA (Signing and Key Generation) Multi-chip standalone "The module is a JAVA language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.4 or later."
439	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SEP (Hardware PN/Rev 60-000109/A, Firmware PN NAS 29.4 and SAN 29.4, Software PN 23.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 06/21/2007	Overall Level: 3  -FIPS-approved algorithms: SHA-1 (Certs. #190, #191 and #192); AES (Certs. #97, #98 and #99); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #192, vendor affirmed); SHA-256 (Cert. #223); HMAC-SHA-256 (Cert. #223, vendor affirmed) -Other algorithms: Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
438	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2621XM and 2651XM Modular Access Routers with AIM-VPN/EP (Hardware Versions: 2621XM and 2651XM with AIM-VPN/EP Version 1.0 and Board Version B0, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26 and DSA Cert. #38); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
437	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library™ for Windows (Software Version 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP and Windows ME (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST 128; MD5; SHA-256; HMAC- MD5, HMAC-SHA-256, Diffie-Hellman (key agreement); Passphrase-based key derivation (PBKDF2 as specified in PKCS#5) Multi-chip standalone "The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 1 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 98, ME or XP operating system."
436	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5076 FAX: 613-723-5078	Chrysalis-ITS K3 Cryptographic Engine (Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/10/2004; 10/18/2004; 12/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 3 -Mitigation of Other Attacks: Level 3 -FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5 MAC Multi-chip embedded "The K3 Chrysalis-ITS Cryptographic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
435	SafeNet, Inc. 951 Aviation Pkwy Suite 300 Morrisville, NC 27560 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptors NRZ - H[1], NRZ - L[2], T1[3], E1 75ohm[4], E1 120ohm[5], RS-232[6], T3[7] and HSSI[8] (Hardware Versions: SE-SLE-HNxAC[1], SE-SLE-LNxAC[2], SE-SLE-1ExAB[3], SE-SLE-27xAB[4], SE-SLE-2ExAB[5], SE-SLE- LRxAB[6], SE-SLE-37xAB[7] and SE-SLE-VVxAB[8], Firmware Version: 4.01) (When operated in FIPS mode) (Note: Refer to the cryptographic module’s security policy for the details on the letter x designation) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2004; 06/10/2004	Overall Level: 2  -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ Link Encryptor's (SLE's) secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 8 Mbps, and employs FIPS approved AES or Triple-DES algorithms. The SLE can be locally controlled or managed using the SafeNet™ SafeEnterprise™ Security Management Center (SMC), an SNMP-based security management system."
434	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust TruePass™ Applet Cryptographic Module (Software Version: 7.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/27/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed) -Other algorithms: CAST 128 Multi-chip standalone "The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
433	Enterasys Networks 50 MinuteMan Rd. Andover, MA 01810 USA -Damon Hopley TEL: 978-684-1083	XSR-1805, XSR-1850 and XSR-3250 (Hoftware Version: REL 6.3, Firmware Version: REL 6.3, Hardware Version: REV 0A-G) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #48, 106 and #107); Triple-DES (Certs. #158, #218, #219 and #220); SHA-1 (Certs. #143, #197, #198 and #199); HMAC-SHA-1 (Certs. #143, #197, #198 and #199, vendor affirmed); DSA (Cert. #97); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Certs. #204, #238, #239 and #240); HMAC-MD5; MD5; MD4; 40-bit and 128-bit RC4; CAST; Blowfish; Twofish; ARCfour; Diffie-Hellman (key agreement) Multi-chip standalone "Enterasys Networks X-Pedition Security Routers (XSR), the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality."
432	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco 3220 and 3251 Mobile Access Router Cards (Hardware Version 3.2, Firmware Version 12.2(11r) YQ4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 10/01/2004; 05/24/2005	Overall Level: 1  -Cryptographic Module Specification: Level 2 -Roles, Services, and Authentication: Level -EMI/EMC: Level 2 -Design Assurance: Level 2 -Cryptographic Module Ports and Interfaces: Level 2 -Finite State Model: Level 2 -Cryptographic Key Management: Level 2 Self-Tests: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
431	Gemplus Corp. Avenue du Pic de Bretagne BP 100, GTmenos Cedex 13881 France -Luc Astier TEL: +33 (0) 4 42 36 50 00	GemXpresso Pro R3 E64 PK - FIPS (GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 07/27/2004; 08/05/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed) Single-chip "GemXpresso Pro R3 E64 PK - FIPS is based on a Gemplus Open OS Smart Card with 64K of EEPROM.. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The module conforms to Java Card V2.1.1 and Global Platform V2.0.1 standards"
430	SafeNet, Inc. 951 Aviation Parkway Suite 300 Morrisville, NC 27560 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Frame Encryptor II[1] and SafeEnterprise™ Frame Encryptor HSSI[2] (SE-SFE-LixAC[1], SE-SFE-HixAC[1], and SE-SFE-VVxAC[2], Firmware Version: 5.00) (When operated in FIPS mode) (Note: Refer to the cryptographic module’s security policy for the details on the letter (i and x) designations) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 06/10/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through AES/TDES encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 8m Mbps and 922 active secure connections."
429	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Cisco Catalyst 6509 Switch, 7606 and 7609 Routers with VPN Services Module (Hardware Versions: 6509, 7606 and 7609, Backplane Chassis Version 3.0 (6509), 1.0 (7606) and 1.0 (7609), Supervisor Blade Version 3.2, VPN Accelerator Blade Version 1.2, Firmware Version: 12.2(14)SY3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #132, #155 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); SHA-1 (Certs. #26 and #117); HMAC-SHA-1 (Certs. #26 and #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #183, #201 and #202); DES MAC (Cert. #202, vendor affirmed); AES (Cert #46); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip standalone "The Cisco Catalyst 6509 Switch, 7606 and 7609 Routers offer versatility, integration, and security to branch offices. With numerous Network Modules (NMs) available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Cisco 6509, 7606 and 7609 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
428	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206 VXR NPE-G1 Router with Single and Dual VPN Acceleration Module 2 (VAM2) (Hardware Versions: 7206 VXR NPE-G1 Version 1.1, Fab Version 05 and VAM2 Version 2.0, Board Version A0, and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #156 and #158); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #48); SHA-1 (Certs. #26 and #143); HMAC-SHA-1 (Certs. #26 and #143, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #202 and #204); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
427	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2691 and 3725 Modular Access Routers with AIM-VPN/EPII and 3745 Modular Access Router with AIM-VPN/HPII (Hardware Versions: 2691, 3725 and 3745 with AIM-VPN/EPII Version 1.0, Board Version A0 and AIM-VPN/HPII Version 1.0, Board Version A0, and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #156 and #160); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #51); SHA-1 (Certs. #26 and #144); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #202 and #206); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
426	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	1721 and 1760 Modular Access Routers with MOD1700-VPN (Hardware Versions: 1721 and 1760 with MOD1700-VPN Version 2.1, Board Version A0 and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); DSA/SHA-1 (Cert. #38); HMAC-SHA-1 (SHA-1 Cert. #26 and DSA/SHA-1 Cert. #38, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
425	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware version: DS1955B PBO-1.00c) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information- Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
424	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	AirFortress® Client Cryptographic Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/06/2004; 02/07/2006; 12/20/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress(tm) Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
423	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206-VXR NPE-400 Router with VPN Acceleration Module (VAM) (Hardware Version: 7206-VXR with VAM Version 1.0 and Board Version A0, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Certs. #26 and #51); HMAC-SHA-1 (Certs. #26 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #101 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
422	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	1721, 1760, 2621XM, 2651XM, 2691, 3725 and 3745 Modular Access Routers and 7206-VXR NPE-400 Router (HW Versions: 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745 and 7206-VXR, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES- MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
421	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco VPN 3000 Series Concentrators - 3005, 3015, 3030, 3060 and 3080 (Hardware Version: 3005, 3015, 3030, 3060 and 3080, Firmware Version: FIPS 3.6.7.F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #168); Triple-DES MAC (Certs. #32 and #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (DSA/SHA-1 Cert. #38 and SHA-1 Cert. #152, vendor affirmed); DSA/SHA-1 (Certs. #38 and #85); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #210); DES MAC (Certs. #100 and #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3000 Series Concentrators are hardware appliances that operate as concentrators in Virtual Private Networking (VPN) environments. They combine the best features of a software concentrator, including scalability and easy deployment, with the stability and independence of a hardware platform."
420	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 (Version NG with Application Intelligence) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	05/06/2004; 05/19/2004; 10/12/2005; 11/17/2005; 01/06/2006; 05/02/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 -Tested: Secure Platform Operating System version NG with Application Intelligence -FIPS-approved algorithms: AES (Cert. #88); Triple-DES (Certs. #41 and #80); SHA-1 (Certs. #42 and #69); HMAC-SHA-1 (Certs. #42 and #69, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Certs. #110 and #142); CAST 40; CAST 128; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Check Point’s VPN-1 version NG with Application Intelligence is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point’s Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
419	Blue Ridge Networks 14120 Parke Long Court Chantilly, VA 20151 USA -Tom Gilbert TEL: 703-631-0700 FAX: 703-631-9588	BorderGuard 4000 and BorderGuard 3140 (BorderGuard 4000 & 3140, Firmware Version: BG4000 DPF1 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #116); Triple-DES (Certs. #227 and #228); SHS (Certs. #49 and #203); HMAC-SHS (Cert. #49, vendor affirmed) -Other algorithms: DES (Certs. #119 and #243); DES MAC (Cert. #119, vendor affirmed); Diffie-Hellman (key agreement); IDEA; MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The BG4000 and BG3140 are network security appliances for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
418	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Applet v2 on Cyberflex Access 64k v1 (Firmware Versions: OS Hard Mask no5 v01 and OS Soft Mask no 4 v01 and 4v2, Applet Versions: ACA Applet v2.3.0.1, v2.3.0.4, and v2.3.0.5, ASC Library v2.3.0.1 and v2.3.0.3 and PKI/GC Applet v2.3.0.1, v2.3.1.1, and v2.3.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/19/2004; 01/13/2005; 06/06/2005; 08/22/2005; 05/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed); -Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use) Single-chip "ActivCard Applet v2 provides significant enhancement over the ActivCard v1 Applet in service, security, and flexibility. The v2 framework is backward compatible with earlier versions of ActivCard Applets and offers a more open, stable, and flexible platform for developers to build and deploy smart card applications. ActivCard Applet v2 also complies with GSC-IS 2.1 standard."
417	Encotone Ltd. Bldg. 5, Har Hotzvim Scientific Park P.O.B. 45094, Jerusalem 91450 Israel -Marc Houri TEL: +972 2586 6570 x4 FAX: +972 2581 6871 -Dr. Isaac Labaton TEL: +972 25866570 x2 FAX: +972 25816871	Tele-ID (Hardware P/N 567-2.6.6 Version 6.2, Firmware HardMask Version 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #141); ECDSA (vendor affirmed) -Other algorithms: Multi-chip standalone "The Tele-ID is a portable, phone and PC compatible signature tool able to digitally sign messages, either locally entered on the module or whose Hash value has been transmitted to the module. The digital signature is encoded to sound and, hence, can be sent through any phone, cellular or fixed, or any PC microphone. The Tele-ID has capabilities to create an ECDSA K-163 key pair and enroll the public key with most of the PKI vendors RA-CA. The Tele-ID includes an autarkic GMT Time Stamp in each digital signature to enable CRL/OCSP on-line checking, after signature execution time-stamp corroboration, and with it, to strongly enhance the legal defense of the relying party."
416	Real Time Logic, Inc. 8591 Prairie Trail Drive Suite 500 Englewood, CO 80112 USA -Bela Szabo TEL: 303-703-3834 FAX: 303-703-4058	RTL-TDEA Crypto Module (Hardware P/N RTL-P200006 Rev A Version 1.0, Firmware Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #222) -Other algorithms: Multi-chip embedded "The RTL-TDEA Crypto Module is a PCI card developed to encrypt and decrypt serial user data using Triple Data Encryption (TDEA) algorithms certified to FIPS-140-2 Level 2 security requirements. The certified TDEA algorithms include TECB, TCBC Encrypt and TCFB-64, TOFB-64, Encrypt and Decrypt. The crypto module is a multi-chip embedded short form PCI card (ISA standard) with all of the control functions and encryption algorithms implemented in firmware and hosted in an FPGA. All control of the module is via an RS-232, 9600 Baud DTE UART interface while the data is passed through dedicated RS-422 input and output ports at a rate of up to 10 Mbps."
415	Gemplus Corp. and ActivCard, Inc. Avenue du Pic de Bretagne BP 100, GTmenos Cedex 13881 France -Luc Astier TEL: +33 (0) 4 42 36 50 00 -Eric Le Saint TEL: 510-745-0100 x6211	GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 (Hardware Version: GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applet Versions: AC Applet Versions 2.3.0.1, 2.3.0.4 and 2.3.0.5, ASC Libraries 2.3.0.1 and 2.3.0.3, and PKI/GC Applet Versions 2.3.0.1, 2.3.1.1 and 2.3.1.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004; 07/27/2004; 08/05/2004; 02/24/2005; 07/28/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed) Single-chip "GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on latformindependent cryptographic applets suite developed by ActivCard. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The Applet incoporates some services for PKI (Public Key Infrastructure), for secure credentials management and authentication mechanisms. In addition, the Applet suite allows the registration and management of post-issuance applets that can be handled under the framework. The module conforms to Java Card V2.1.1, Global Platform V2.0.1, and GSC/IS 2.1 standards."
414	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N92i/152 Secure Metering Module (SMM) (Hardware P/N 3000186T Version A, Firmware Versions 3800157W E24 (Main) and 3800159Y E (Coprocessor)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 10/03/2006	Overall Level: 3  -Self-Tests: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #39) -Other algorithms: Multi-chip embedded "The module provides services to an office and post room based mailing system. The system's features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
413	Good Technology, Inc. 1032 Morse Ave Sunnyvale, CA 94089 USA -Phil Peterson TEL: 408-400-4800	FIPSCrypto on Palm (Software Version 20031028) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Palm OS Version 5 -FIPS-approved algorithms: AES (Cert. #108); Triple-DES (Cert. #221); SHA-1 (Cert. #200); HMAC-SHA-1 (Cert. #200, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto on Palm is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
412	Good Technology, Inc. 1032 Morse Ave Sunnyvale, CA 94089 USA -Phil Peterson TEL: 408-400-4800	FIPSCrypto on G100 (Version 1.9.3.7) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with eCos Version 1.3.1 Operating System -FIPS-approved algorithms: AES (Cert. #95); Triple-DES (Cert. #209); SHA-1 (Cert. #185); HMAC-SHA-1 (Cert. #185, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto on G100 is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
411	ECI Systems & Engineering 3100 Knight Street Suite 7 Shreveport, LA 71105 USA -Mac McGregor TEL: 318-868-4911	ECI IPSec Cryptographic Module (Software Versions 1.6-FIPS-1, 1.8, 1.9 and 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004; 11/08/2004; 04/27/2005; 09/07/2005	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 running on an Intel Pentium III -FIPS-approved algorithms: Triple-DES (Cert. #186); SHA-1 (Cert. #168); HMAC-SHA-1 (Cert. #168, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); MD5; HMAC MD5; CAST; RSA (PKCS#1, non-compliant); DSA (non-compliant) Multi-chip standalone "A software IPSec implementation for Sun Trusted Solaris. This module supports Triple DES encryption/decryption, SHA-1, and HMAC-SHA-1."
410	Airespace, Inc. 110 Nortech Pkwy San Jose, CA 95134 USA -Scott Kelly TEL: 408-635-2000 FAX: 408-635-2020	Airespace Cryptographic Manager (ACM) (Hardware P/Ns AS-4101- X0S00, AS-4012- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), AS-4024- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), Hardware Versions 1.0 and 2.0, Firmware Version 1.2.77.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 06/16/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #196 and #197); AES (Certs. #85 and #86); SHA-1 (Certs. #174 and #175); HMAC-SHA-1 (Certs. #174 and #175, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Airespace Cryptographic Manager (ACM) provides cryptographic services for the Airespace Wireless Enterprise Platform. Airespace offers a unique hierarchical architecture that centralizes network intelligence for cost effective deployment, dynamic RF operations, secure mobility management, service creation, and policy enforcement throughout an entire wireless network."
409	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-838-1211 FAX: 512-838-1032	IBM® Java JSSE FIPS 140-2 Cryptographic Module (Software Version 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OSV1R4 (JVM 1.4.1) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement) Multi-chip standalone "The IBM+ Java+ JSSE (Java Secure Sockets Extension) FIPS provider (IBMJSSEFIPS) for Multi-platforms is a scalable, multi-purpose Secure Sockets provider that supports only FIPS approved TLS cipher suites via the Java2 Application Programming Interfaces (APIs)."
408	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry™ 5810 and BlackBerry™ 5820 (Hardware Version: 1.0, Software Version: 3.6.0.49, S/MIME Support Package Version 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 08/24/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #200); AES (Cert. #83); DSA (Cert. #93); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #200, vendor affirmed); RSA (PKCS#1 and FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #228); DES MAC (Cert. #228, vendor affirmed); RC2; RC5; Skipjack; CAST5-128; Rijndael; ARC FOUR; KEA; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ECNR; ElGamal; SHA-256; SHA-384; SHA-512; HMAC (SHA-256, SHA-384, SHA-512, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160); MAC (AES, CAST5-128, RC2, RC5, Skipjack); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
407	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco Software VPN Client (Software Version 3.6.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/29/2004; 04/07/2004; 05/24/2005; 04/09/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #169); AES (Cert. #58); SHA-1 (Cert. #153); HMAC-SHA-1 (Cert. #153, vendor affirmed); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #169, vendor affirmed) -Other algorithms: DES (Cert. #212); DES MAC (Cert. #212, vendor affirmed); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The Cisco Software VPN client for Window OS is an award winning IPsec VPN client which is available free of charge for use across all termination products. It is the most advanced VPN client available and enables secure Remote Access connectivity to employees and partners. The Cisco Software VPN Client is also a key part of the industries best load balancing, fail-over and recovery strategy."
406	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM® SSLite for Java (Software Version 3.15.3232 and 3.16 (FIPS140/Prod)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 02/24/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP 3 (JRE 1.3.1_03), Red Hat Linux 8.0 (JRE 1.3.1_07) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement) Multi-chip standalone "SSLite is a SSL (Secure Socket Layer) V2.0, V3.0 and TLS (Transport Layer Security) V1.0 protocol implementation including PKI (Public Key Infrastructure) functionality, in Java."
405	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [SP1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 10/07/2005; 10/25/2005; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64, and IA64) [2] (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) -Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) Multi-chip standalone "Microsoft Corporation’s Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
404	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER	nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8] (Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
403	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield F3 SCSI Ultrasign 32[3], payShield[4], and payShield Ultra[5] (Hardware Versions: nC4032W-150[1], nC4032W-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DR, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
402	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5] (Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
401	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5] (Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
400	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI[1] and nForce 300 PCI[2] (Hardware Versions: nC3022P-150[1] and nC3022P-300[2], Build Standard E, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
399	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI[1] and nForce 400 SCSI[2] (Hardware Versions: nC3022W-150[1] and nC3022W-400[2], Build Standard D, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging"
398	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI[1] and nShield F2 PCI[2] Ultrasign (Hardware Versions: nC4022P-150[1] and nC4022P-300[2], Build Standard ER, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
397	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI[1] and nShield F2 SCSI Ultrasign[2] (Hardware Versions: nC4022W-150[1] and nC4022W-400[2], Build Standard DR, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD- 160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
396	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8] (Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
395	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield SCSI Ultrasign 32[3], payShield SCSI[4], and payShield Ultra[5] (Hardware Versions: nC4032W-150[1], nC4032w-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DP, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
394	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer’s Kit (PGP SDK) (Software Version 3.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 05/08/2007; 03/07/2008; 07/28/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP SP1 -FIPS-approved algorithms: Triple-DES (Cert. #207); AES (Cert. #93); DSA (Cert. #96); SHA-1 (Cert. #183); HMAC-SHA-1 (Cert. #183, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: CAST-5; IDEA; Twofish; SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5; RIPEMD-60; ElGamal; Shamir Treshold Secret Sharing Multi-chip standalone "The PGP SDK includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers the same core crypto that is at the heart of PGP products."
393	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Versions 3.18, 3.18.1 and 3.18.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004; 10/19/2004; 09/14/2006; 10/03/2006	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX400 running Windows 2000 Professional, Server and Advanced Server with SP3 and Q326886 Hotfix (EAL 4 augmented configuration) -FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed) -Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
392	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version 3.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004; 10/19/2004	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with MS Windows 9x, 2000 NT 4.0, XP (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed) -Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPMD-128; RIPMD-160 Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
391	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00181 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library™ for Windows (Software Version 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows 2000 with Service Pack 3 and Q326886 Hotfix EAL 4 certified on Dell Optiplex GX 400 Personal Computer System -FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST-128; MD5; SHA-256; HMAC-MD5; HMAC-SHA-256; Diffie-Hellman (key agreement); Passphrase-Based Key Derivation (PBKDF2 as specified in PKCS#5) Multi-chip standalone "The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 2 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 2000 with service pack 3 and Q326886 Hotfix operating system."
390	General Dynamics Decision Systems 8201 East McDowell Road Scottsdale, AZ 85252 USA -Dick Moat TEL: 480-441-6863 FAX: 480-441-8500	Assembly Crypto Module (ACM) and Flight Crypto Module (FCM) (ACM: HW P/N 01- P35200T004 Version E001, FW Revisions C and D, FCM: HW P/N 01-P35390T003 Version 001, FW Revisions C and D) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/08/2004; 11/03/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #184) -Other algorithms: Multi-chip standalone "The ACM and FCM are multi-chip standalone cryptographic modules designed to meet the Level 2 security requirements as defined in FIPS PUB 140-2. ACM and FCM perform the Triple-DES algorithm."
389	Network Security Technology (NST) Co. 11 F, No 190, Jung-Jeng Rd. Shindian City, Taipei County, Taiwan 231 Republic of China -Ming-Chih Tsai TEL: +886-2-8911-1099 FAX: +886-2-8911-1098	NST Security CryptoCard 2200(CC2200) (Hardware Version 1.0, Firmware Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/05/2004; 04/09/2004; 10/01/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #52); SHA-1 (Cert. #48); RSA (FIPS 186-2, vendor affirmed); Triple-DES DAC (Cert. #52, vendor affirmed) -Other algorithms: DES (Cert. #117); DES DAC (Cert. #117, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "NST CC2200, a security cryptographic card with PCI bus interface, is a “multi-chip embedded cryptographic module” that provides hardware cryptographic services to users, groups or processes. The NST Security CryptoCard provides hardware cryptographic services such as acceleration for bulk data encryption / decryption, digital signature generation / verification, secure key storage and key management functions to its users."
388	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco VPN 3002 and 3002-8E Hardware Clients (Hardware Versions: 3002 and 3002-8E, Firmware Version: FIPS 3.6.7.F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/23/2004; 02/27/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #168); Triple-DES MAC (Cert. #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (Cert. #152, vendor affirmed); DSA (Cert. #85); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #210); DES MAC (Cert. #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
387	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Irfan Khan TEL: 510-936-4840	Sun Cryptographic Accelerator 4000 (Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber) and 501-6039-05 and 501-6039-06 (UTP/Copper), Firmware Version: 1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/23/2004; 04/05/2004; 04/27/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92) and RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
386	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	AirFortress™ Wireless Security Gateway Cryptographic Module (Firmware version 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/19/2004; 04/29/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested: Fortress interface and Shell (FISH) Version 2.4 -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
385	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	SafeNet HighAssurance 500/1000 Gateway Cryptographic Module (Firmware Versions 5.01 and 7.0.1, Hardware Versions SE-HA500-01 and SE-HA1000-01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/19/2004; 10/19/2004; 06/06/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #96); Triple-DES (Cert. #210); SHA-1 (Cert. #187); HMAC-SHA-1 (Cert. #187, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #233); HMAC-MD5, Diffie-Hellman (key agreement); DSA (non-compliant) Multi-chip standalone "The SafeNet HA500/1000 Gateway is a high-performance, standards-based hardware Virtual Private Network (VPN) and firewall. Providing a high speed, low cost solution, it features the strongest cryptography available and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA500/1000 that allows encryption using either AES, DES, or triple-DES as nIeeded by client applications."
384	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (ICC) (Software Versions: 1.1, 1.2, 1.2.1 and 1.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 04/27/2004; 12/02/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Solaris 5.8, AIX 5.2, Windows 2000 Professional and Advanced Server, SUSE Linux Enterprise Server 8 (x86 and PowerPC), RedHat Linux Advanced Server 2.1 (x86), z/Linux 2.4, and HPUX 11i (all in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed, non-compliant); RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; DSA (non-compliant); Diffie-Hellman (key agreement) Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
383	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access 64K v2 Cryptographic Module (Hardware P/N M512LACC2, Firmware Versions: a: HardMask 1v1 and SoftMask 2v1, b: HardMask 1v1 and SoftMask 2v3, c: HardMask 1v2 and SoftMask 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 07/27/2004; 09/21/2004; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); AES (Cert. #81); SHA-1 (Cert. #173); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed); Single-chip "The Cyberflex Access 64K v2 Cryptographic Module serves as a highly portable PKI and digital signature secure token for enhancing the security of network access and ensuring secure electronic communications. It supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1’. The Cyberflex Access 64K v2 Cryptographic Module is part of a range of Schlumberger highly secure, Java-based cryptographic modules for physical and logical access, e-transactions and other applications."
382	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 10/07/2005; 10/25/2005; 10/15/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003[1] and Windows Server 2003 Service Pack 1[2] (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Cert. #80[1] and #290[2]); SHS(Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) -Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
381	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 10/25/2005; 10/15/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64 and IA64) [2] (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) -Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 Multi-chip standalone "The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, softwarebased, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, DSA and Diffie- Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
380	ActivCard, Inc., Atmel, Inc. and MartSoft, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101 -Paul Chen TEL: 408-737-3380 x1202	Eagle 64K Flash Module v1 (Hardware AT90SC6464C-Pro, Firmware OS v09FA, ID applet v1.0.0.14, PKI applet v1.0.0.14, GC applet v1.0.0.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 05/26/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #182); Triple-DES MAC (Cert. #182, vendor affirmed); SHA-1 (Cert. #166); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Single-chip "Eagle 64K Flash Module v1 is based on Atmel Secure IC, MartSoft Global Platform Java Card OS and ActivCard Applet Suite. When the module is placed in a plastic smart card housing, it is ideal for secure identification, digital signature, storing and updating account information, personal data, and even monetary value, with increased security, portability and convenience to computer applications. The external interface provided by the applet suite is compliant with the smart card interoperability specification GSC-IS defined by GSA."
379	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis -Simon McCormack TEL: 978-288-8592	Contivity® 600, 1700 and 2700 Secure IP Services Gateways (Firmware Version V04_75.183, Hardware Version 600, 1700 and 2700) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 09/21/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #183 and #29); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant Contivity 600, 1700 and 2700 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 600, 1700 and 2700 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
378	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Adam Bell TEL: 410-931-7500 FAX: 410-931-7524	HighAssurance 2000 Gateway (Firmware Versions 6.00, 6.10, 6.20 and 6.21, Hardware SE-HA2000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/12/2004; 02/20/2004; 03/17/2004; 10/19/2004; 06/06/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); HMAC-SHA-1 (Cert. #5, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #104); DES-MAC; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet HA2000 is a high-performance, standards-based hardware Virtual Private Network (VPN). Providing a high speed, low cost solution, it features strong security and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA2000 that allow high speed encryption with Data Encryption Standard (DES) and triple-DES. DES is included for legacy systems."
377	ReefEdge, Inc. 2 Executive Dr. Fort Lee, NJ 07024 USA -Silvia Ercolani TEL: 201-242-9700 FAX: 201-242-9760	Edge Controller 200 (Software Version 3.1.3a, Hardware Version 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/30/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #171, #172 and #173); SHA-1 (Certs. #155, #156 and #157); HMAC-SHA- 1 (Certs. #155, #156 and #157, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: RC4; MD5; HMAC-MD5 Multi-chip standalone "The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
376	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-436-1223 -512-436-8009	IBM Java JCE 140-2 Cryptographic Module (Software Version 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	01/30/2004; 04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OS V1R4 (JVM 1.4.1) (all in single user mode) -FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #91); SHA-1 (Cert. #170); HMAC-SHA-1 (Cert. #170, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #224); Diffie-Hellman (key agreement) Multi-chip standalone "The IBM« Java« JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multi-purpose cryptographic module that supports only FIPS approved cryptographic operations via the Java2 Application Programming Interfaces (APIs)."
375	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5076 FAX: 613-723-5078	Chrysalis-ITS K3 Cryptographic Engine (Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/30/2004; 10/18/2004; 12/22/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA- 1 (Cert. #64); RSA (FIPS 186-2, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SEED; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5-MAC Multi-chip embedded "The K3 Chrysalis-ITS Cryptgraphic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
374	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware P/N-Versions 023-5000-980 and 023-5000-982, Firmware Version 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2004; 05/05/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #73); DSA (Cert. #89); SHA-1 (Cert. #165); HMAC-SHA-1 (Cert. #165, vendor affirmed) -Other algorithms: DES (Cert. #221); SecureNet DES 1 bit with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirement. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
373	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman - CipherOptics Inc. TEL: 919-865-0661 FAX: 919-865-0679 -George L. Heron - SafeNet, Inc. TEL: 410-933-5883 FAX: 410-931-7524	CipherOptics Security Gateway SafeNet HighAssurance 4000 Gateway (Hardware Version: SG1000, Firmware Versions: 1.2.1 and 1.3 and Hardware Version: SG1001, Firmware Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/15/2004; 02/27/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #155); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #201); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics Security Gateway and the SafeNet High Assurance 4000 Gateway (aka the SafeNet HA 4000), which is the OEM version of the CipherOptics Security Gateway; is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."

Need Assistance?