Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
613	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #96); Triple-DES (Certs. #311 and #210); SHS (Certs. #300 and #317); HMAC (Certs. #84 and #50); RNG (Cert. #97) -Other algorithms: DES (Certs. #292 and #233); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
612	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Router (Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31) -Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
611	Litronic, Inc. 17861 Cartwright Irvine, CA 92614 USA -Cameron Durham TEL: 949-851-1085 FAX: 949-851-8588	jForté/HAT Cryptographic Module (Hardware Version: P/N 078-2010-02 Version J002; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #306); Triple-DES MAC (Cert. #306, vendor affirmed); SHS (Cert. #294); RSA (Cert. #46); RNG (Cert. #59); Skipjack (Cert. #15) -Other algorithms: DES (Cert. #289); DES MAC (Cert. #289, vendor affirmed) Single-chip "The high assurance jForté/HAT module is a multi-function, secure device, specifically engineered to provide expanded storage and accelerated processing of complex cryptographic functions. jForté/HAT also provides high data throughput via its dual I/O interface, supporting both ISO7816-3 and Full Speed USB. The module is available in several different packaging configurations - smart card module, 24-pin SOIC or bare die. Our patented smart card packaging provides access to both 7816-3 and USB interfaces so the same smart card will work in both standard readers, at 7816 speeds, and in high-speed USB readers and Full Speed USB."
610	Avaya, Inc. Atidim Technology Park Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G250 and G250-BRI Branch Office Media Gateways w/FIPS (Hardware Versions: 700356231 and 700356223 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #330); AES (Cert. #242); SHS (Cert. #320); HMAC (Cert. #60); RSA (Cert. #60); RNG (Cert. #77) -Other algorithms: DES (Cert. #308); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2 Multi-chip standalone "The Avaya G250 Branch Office Media Gateway w/FIPS and G250-BRI Branch Media Gateway w/FIPS are complete branch office business communications systems that integrate an IP telephony gateway, an advanced IP WAN router, and a PoE LAN switch into a compact (2U) chassis. Ideally suited for enterprise with distributed branch office locations of 2-10 extensions, the G250 and G250-BRI Gateways replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
609	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPfone (Hardware Versions: P/N Snapfone Versions E and F; Firmware Versions: 7.10.1 v_7101 and 7.10.1 v_7101p2p) Snapfone (Hardware Versions: P/N Snapfone Versions E and F, Firmware Versions: 7.10.1v 7101 and 7.10.1v-l101p2p) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005; 01/13/2006; 01/27/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #302); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "SNAPfone is a compact encryption termination unit capable of securing voice communications over analog telephone lines. SNAPfone performs high level encryption process with a new key draw for each session using Asymmetric Public Key Cryptography (1024 bit Diffie-Hellman) for key exchanging and Symmetric block cipher (192-bit 3DES) algorithm for session encryption. SNAPfone requires minimum user intervention with seamless operation." "The Snapfone is a plug-n-play encryption device for securing communications over regular analog (POTS) or fax lines. Snapfone is designed for compatibility among major telephone and PBX brands. It can also be deployed as a shared resource device when connected to a PBX. Its small footprint and 1101220v connectivity allows for easy transport and maximum flexibility. The cryptographic core engines are optimized for minimal voice latency providing superior voice quality. Snapfones can also be configured as a distributed secure voice network solution among groups and between multiple locations."
608	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/13/2005; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Linux 7.2; Red Hat Enterprise Linux AS3.0; Solaris 8 (Sun OS 5.8) Sparc V8; Solaris 8 (Sun OS 5.8) Sparc V8+; Solaris 8 (Sun OS 5.8) Sparc V9; Microsoft Windows Mobile 2003; Microsoft Windows XP SP2; IBM AIX 5L 5.3; HP-UX 11.23 Itanium 2; HP-UX 11.23 PA-RISC 2.0W; HP-UX 11.11 PA-RISC 2.0; VxWorks 5.4 PPC 604; VxWorks 5.5 PPC 603; VxWorks 5.5 PPC 604 -FIPS-approved algorithms: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert. #303); CCM (Cert. #7); SHS (Cert. #380); RSA (Cert. #96); RNG (Cert. #130); ECDSA (Cert. #11); HMAC (Cert. #113) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG; RSA (key wrapping, key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement, key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
607	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-204 and 208 (Hardware Version: P/N NS-204 and NS-208 Version 0110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. 118); DSA (Cert. #132); SHS (Cert. 103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
606	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5XT (Hardware Version: P/N NS-5XT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
605	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5400 (Hardware Version: P/N NS-5400 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); DSA (Cert. #132); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5400 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
604	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: P/N NS-500 Version 4110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32) -Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
603	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5200 (Hardware Version: P/N NS-5200 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5200 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
602	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	JUNOS-FIPS (Firmware Versions: 7.2R1.7 and 7.4R1.7) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/12/2005; 05/16/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Routing Engine RE 3.0, Routing Engine RE 4.0, Routing Engine 5.0, Routing Engine RE 5.0+ -FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344) -Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "JUNOS firmware is the first routing operating system designed specifically for the Internet. It runs on all Juniper Networks T-series, M-series, and Jseries routers, and is currently deployed in the largest and fastest growing networks worldwide. Its full suite of industrial strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. As well, JUNOS firmware supports the industry's first production-ready GMPLS implementation."
601	Avaya, Inc. Atidim Technology Park Bldg. 3 Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G350 Branch Office Media Gateway w/FIPS (Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Certs. #171 and #251); SHS (Cert. #256); HMAC (Cert. #61); RSA (Cert. #17); RNG (Cert. #21) -Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2; DSA (non-compliant) Multi-chip standalone "The Avaya G350 Branch Office Media Gateway w/FIPS is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high-performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
600	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB4 4.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (encrypt/decrypt); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
599	Blue Ridge Networks, Inc. 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/08/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 80 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Warp Drive (Software Version: 2.1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/01/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81) -Other algorithms: N/A Multi-chip standalone "Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
597	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 310-884-7900 FAX: 310-884-7904	ID-One Cosmo 32 v5 (Hardware Version: P/N 90; Firmware Version: E311-063842) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #303); Triple-DES MAC (Cert. #303, vendor affirmed); SHS (Cert. #290); RSA (Cert. #42); RNG (Cert. #99) -Other algorithms: DES (Cert. #286); DES MAC (Cert. #286, vendor affirmed); MD5 Single-chip "The ID-One Cosmo 32 v5 is a JavaCard cryptographic module specifically designed for identity and government market needs. It offers a full 32K Byte of EEPROM space available for customer discretionary use, together with on-card cryptographic services such as TDES (using double and triple length DES keys), and 2048-bit RSA with on-card key generation. The cryptographic module loads and runs applets written in Java programming language. It includes a native implementation of the latest Java Card TM (Version 2.2) and Open Platform (Version 2.1.1A) specifications, with full support for Delegated Management and DAP / Mandated DAP, that define a secure infrastructure for post-issuance programmable platforms. Additional features include On-Card fingerprint matching and Logical Channels."
596	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Router (Hardware Versions: 3825 and 3845; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs.#210 and #311); AES (Certs. #96 and #219); RNG (Cert. #97); SHS (Certs. #300 and #317); HMAC (Certs. #50 and #84) -Other algorithms: DES (Certs. #233 and #292); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. By integrating security functions directly into the router itself, Cisco can provide unique intelligent security solutions, such as network admissions control (NAC) for antivirus defense; Voice and Video Enabled VPN (V3PN) for quality-of-service (QoS) enforcement when combining voice, video, and VPN; and Dynamic Multipoint VPN (DMVPN) and Easy VPN."
595	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 03/06/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (ANSI X9.31, MD5, SHA1; non-compliant); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
594	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Mike French TEL: 847-435-5219	MCC7500 Secure Card Crypto Engine Cryptographic Module (Hardware Version: P/N CLN8131 Version B; Firmware Version: R02.00.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 06/14/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; ADP; DVI-SPFL; DVP-XL Multi-chip embedded "The MCC7500 Secure Card Crypto Engine Cryptographic Module is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
593	Research In Motion 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.3.3, 3.8.3.5, 3.8.3.6 and 3.8.3.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	12/01/2005	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 7290 with BlackBerry OS Version 4.1 -FIPS-approved algorithms: Triple-DES (Cert. #366); AES (Cert. #291); SHS (Cert. #365); HMAC (Cert. #100); RSA (Cert. #82); RNG (Cert. #115); ECDSA (Cert. #9) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
592	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6 (Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 01/05/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
591	Research In Motion 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-888-6906	BlackBerry Enterprise Server™ Cryptographic Kernel (Software Versions: 1.0.2.5, 1.0.2.7, 1.0.2.8, 1.0.2.9 and 1.0.2.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 05/10/2007; 06/08/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4 -FIPS-approved algorithms: Triple-DES (Cert. #364); AES (Cert. #289); SHS (Cert. #363); HMAC (Cert. #98); RNG (Cert. #114); ECDSA (Cert. #8) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic ryptographic functionality for the BlackBerry® Enterprise Server."
590	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J Software Module (Software Versions: 3.5 [1], 3.5.2 [2] and 3.5.3 [3]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/18/2005; 03/06/2006; 05/17/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with Java JRE 1.4.2. (in single user mode) -FIPS-approved algorithms: DSA (Cert. #139); Triple-DES (Cert. #353); AES (Cert. #270); SHS (Cert. #355); RSA (Certs. #70 [1] and #185 [2]); RNG (Cert. #105); HMAC (Cert. #85) -Other algorithms: DES (Cert. #325); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
589	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Crypto Module (Software Version: 2.1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/18/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 and Red Hat Enterprise Linux 3.0 (in single user mode); Pocket PC 2003 -FIPS-approved algorithms: Triple-DES (Cert. #351); AES (Cert. #268); SHS (Cert. #348); RNG (Cert. #98); HMAC (Cert. #83) -Other algorithms: Multi-chip standalone "Mobile Armor's Cross platform implementation of Cryptographic Services for use in Enterprise Mobile Data Security products on the Linux, Windows XP, and Windows CE platform."
588	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-5000 Wireless Gateway (Hardware Versions: 870-500FF-002, 870-500FT-002, 870-500TF-002 and 870-500TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/18/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #254); Triple-DES (Certs. #335 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #329); HMAC (Certs. #12 and #63) -Other algorithms: DES (Cert. #313); Diffie-Hellman (key agreement); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-5000 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
587	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-2100 Wireless Gateway (Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002 and 870-212TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #253); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC (Certs. #11 and #12) -Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement, key establishment methodology provides 80-bits of encryption strength); RSA (PKCS#1, key wrapping, key establishment methodology provides 80-bits of encryption strength); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-2100 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
586	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware Versions: 023-5000-980, 023-5000-982, 023-5000-984 and 039-575-1200; Firmware Versions: 4.0, 4.1 and 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #217); SHS (Cert. #238); HMAC (Cert. #80); DSA (Cert. #110); RNG (Cert. #5) -Other algorithms: DES (Cert. #291); SecureNet DES 1 bit CFB with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms. These algorithms are used for data or voice communication and protection of SEM firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2 Level 1 security."
585	Bluefire Security Technologies 1040 Hull Street #101 Baltimore, MD 21230 USA -Phil Smith TEL: 410-637-8160 FAX: 410-637-8172	Bluefire Mobile Security™ FIPS Cryptographic Module (Software Version: 1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, PocketPC 2003 (single user mode) -FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7) -Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "The Bluefire Mobile Security™ FIPS Cryptographic Module is Bluefire Security Technologies' cryptographic library designed for securing mobile devices such as personal digital assistants (PDA’s) and Smart Phones based on the Microsoft Windows Mobile platform. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
584	Credant Technologies Corporation 15303 Dallas Parkway Suite 1420 Addison, TX 75001 USA -Chris Burchett TEL: 972-458-5407 FAX: 972-458-5454	Credant Cryptographic Kernel[1] and CmgCryptoLib[2] (Software Versions: 1.5[1] and 1.7[2]) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005; 11/04/2005; 12/07/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Version 1.5 tested as meeting Level 1 with Palm OS 5.4.5. Version 1.7 tested as meeting Level 1 with Windows Mobile 5, Windows Mobile 6, Windows XP SP2 (single user mode), Windows Vista 32-bit (single user mode), and Symbian Series 60 -FIPS-approved algorithms: Triple-DES (Cert. #336); AES (Cert. #255); SHS (Cert. #330); HMAC (Cert. #65); RNG (Cert. #88) -Other algorithms: N/A Multi-chip standalone "CREDANT CmgCryptoLib (previosuly known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library that implements Triple-DES, AES, ANSI X9.31 RNG, SHA-1, and HMAC-SHA-1 algorithms for CREDANT Mobile Guardian (CMG). CMG provides centrally managed mobile data protection via strong authentication, Intelligent Encryption and usage controls with guaranteed data recovery for laptops, desktops, removable media, PDAs and smart phones."
583	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Rose Quijano-Nguyen TEL: 408-473-1313 -Chris Winter TEL: 408-473-1393	CryptoStor FC2002W SAN Security Appliance (Hardware Version: 820-0001-06 Rev2; Firmware Version: 2.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 11/07/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and 183); SHS (Cert. #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Cert. #35) -Other algorithms: N/A Multi-chip standalone "The NeoScale CryptoStor FC2002 appliance, is a Fibre Channel Storage Area Network (SAN) data security appliance that provides data flow control and encryption based on configured policy rules. Operating as a fully transparent, in-line storage appliance, the FC2002 inspects storage traffic and applies information flow controls and strong encryption to the data payload at gigabit rates. Storage data privacy policies are centrally managed, employing access and encryption rules which are easily modified to suit current and evolving storage infrastructures. Deep frame inspection allows access and encryption policies to be dynamically applied at wirespeed. True gigabit throughput with low latency and transparent operation ensures uninterrupted, scalable storage data protection."
582	Oceana Sensor Technologies, Inc. 1632 Corporate Landing Parkway Virginia Beach, VA 23454 USA -Alex Kalasinski TEL: 757-426-3678 FAX: 757-426-3633 -Don Kennamer TEL: 757-426-3678 FAX: 757-426-3633	Fortress Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.4.2 running on Windows 2000 Service Pack 4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #256); Triple-DES (Cert. #337); RSA (Cert. #65); SHS (Cert. #331); HMAC (Cert. #66); RNG (Cert. #89) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); Rijndael Multi-chip standalone "The Oceana Sensor Technologies Fortress Cryptographic LibraryTM (FCL) is a cryptographically secure interface to applications both internal and external to the OST product. It has many features and supports AES, Triple DES and RSA. It is entirely a software product."
581	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -David Aylesworth TEL: 813-288-7388 FAX: 813-288-7389	AirFortress™ Wireless Security Gateway (Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 04/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
580	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	AS2-FIPS PIC (Hardware Versions: PB-AS2-FIPS, PE-AS2-FIPS, Rev. A and B; Software Versions: 7.2R1.7 and 7.4R1.7; Firmware Version: 560-011740 (Rev. 4.008)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005 12/02/2005; 01/27/2006; 06/14/2006; 12/19/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #69); Triple-DES (Certs. #341 and #350); SHS (Certs. #336 and #347); HMAC (Cert. #71); RNG (Cert. #93) -Other algorithms: MD5; DES (Cert. #324); RSA (key wrapping, key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Adaptive Services (AS) Physical Interface Card (PIC) is a multi-chip embedded cryptographic module, which supports a new level of services integration and performance. The AS2-FIPS PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future. With high-speed NAT and stateful firewall, providers can protect their networks and simultaneously deploy network-based security and VPN solutions."
579	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V21, RU101188V12, RU101188V22, RU101188V31, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V51, RU101219V61, RU101219V63, RU101219V41, RU101219V71 and RU101219V73; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #155) -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7150IP Scan Portable/M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
578	Certicom Corporation 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Java Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005; 07/20/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1 and 1.4.2 running on Windows 2003 x86 (Binary compatible to Windows 98/2000/XP); Red Hat Linux Application Server 3.0 x86 (Binary compatible to AS 2.1); Solaris 2.9 32-bit SPARC; Solaris 2.9 64-bit SPARC -FIPS-approved algorithms: Triple-DES (Cert. #318); AES (Cert. #227); SHS (Cert. #307); HMAC (Cert. #37); RNG (Cert. #68); DSA (Cert. #128); ECDSA (Cert. #6); RSA (Cert. #54) -Other algorithms: DES (Cert. #298); ARC2; ARC4; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); EC MQV (key agreement); RSA (Cert. #52, key wrapping) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
577	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #155); -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
576	PalmSource, Inc. 1188 East Arques Avenue Sunnyvale, CA 94085 USA -Laurent Sanchez TEL: 408-400-3000 FAX: 408-400-1510	Cryptographic Provider Module + FIPS Provider (Software Version: 5.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm Tungsten™ C running Palm OS version 5.2.1 -FIPS-approved algorithms: AES (Cert. #114); Triple-DES (Cert. #226); HMAC (Cert. #46); RNG (Cert. #63); SHS (Certs. #303 and #202) -Other algorithms: N/A Multi-chip standalone "The PalmSource Cryptographic Provider Module + FIPS Provider version 5.2.2 is a software library that implements cryptographic functions and is contained within a defined cryptographic boundary using the PalmOS version 5.2.1."
575	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005; 05/26/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine comman interface; Supports GSC-IS 2.1 data model; Can be configured for Level and Level 3 modes."
574	RedCannon Security 42808 Christy Street Suite #108 Fremont, CA 94538 USA -Kurt Lennartsson TEL: 510-498-4104 FAX: 510-498-4109 -Brian Wood TEL: 410-902-9779	RedCannon Cryptographic Module (Software Version: 1.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #249); Triple-DES (Cert. #334); SHS (Cert. #327); HMAC (Cert. #58); RSA (Cert. #64); RNG (Cert. #87) -Other algorithms: DES (Cert. #312); TwoFish; BlowFish; Serpent; CAST; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 150-bits of encryption strength); RSA (key generation; non-compliant); RSA (PKCS#1; key transport; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The RedCannon Crypto Module provides cryptographic support for the RedCannon line of products. The crypto module is used to create, manage and delete cryptographic keys as well as to perform cryptographic operations. The crypto module can be used for multiple functions within the RedCannon applications. It provides a structured set of APIs, which can be called to perform these functions. This provides flexibility for the module and the ability to add new applications for the crypto module functions in the future without changing the module itself."
573	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB2 - 2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
572	Axalto 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access 64K V2 Cryptographic Module (Hardware Versions: P/N A1002057 and A1002631; Firmware Version: Hardmask 1V3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/15/2005; 10/31/2005; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64) -Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed); Single-chip "The Cyberflex Access 64K V2 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card is part of a range of Axalto highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
571	AirMagnet, Inc. 1325 Chesapeake Terrace Sunnyvale, CA 94089 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor AM-5010-11-AG and AM-5012-11AG (Hardware Versions: AM-5010-11-AG and AM-5012-11AG; Firmware Version: 5.2.0-2928) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/12/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #214); Triple-DES (Cert. #307); SHS (Cert. #295); RSA (Cert. #47); RNG (Cert. #60); HMAC (Cert. #23) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant); DES; RC2; IDEA Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
570	Thales e-Security Meadow View House, Crendon Industrial Estate, Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 1844 201800 FAX: +44 1844 202170	Secure Generic Sub-System (SGSS), Version 3.2 (Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/07/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
569	Funk Software, Inc. 222 Third Street Cambridge, MA 02142 USA -Steven Erickson TEL: 978-371-3980 x112 FAX: 978-371-3990	Odyssey Security Component and Odyssey Security Component/Portable (Software Version: 1.2) Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2005; 01/13/2006; 02/24/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP, Red Hat Linux 9.0 (single user mode) -FIPS-approved algorithms: AES (Certs. #245 and #246); Triple-DES (Certs. #331 and #332); SHS (Certs. #322 and #323); HMAC (Certs. #53 and #55); RSA (Certs. #61 and #62); DSA (Certs. #133 and #135); RNG (Certs. #79 and #84); CCM (Certs. #2 and #3) -Other algorithms: DES (Certs. #309 and #310); Diffie-Hellman (key agreement) Multi-chip standalone "The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms, while the portable (C) version can be used on a large variety of platforms."
568	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 525 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
567	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 318 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
566	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Donovan Deakin TEL: 206-217-7500 FAX: 206-217-7515	Reflection Security Component for Java (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/19/2005	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX 400 running Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; HP Proliant ML 330 running Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1 (configured in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20) -Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
565	Schweitzer Engineering Laboratories, Inc. 2545 NE Hopkins Court Pullman, WA 99163-5603 USA -David Whitehead TEL: 509-336-2417 FAX: 509-336-2406	SEL-3021 Serial Encrypting Transceiver (Hardware Version: P/N SEL-3021, Version 00004CA8; Firmware Version: SEL-3021-R105-V0-Z002001-D20050701) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #202); SHS (Cert. #279); HMAC (Cert. #14); RNG (Cert. #46) -Other algorithms: N/A Multi-chip standalone "The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks."
564	SkyTel Corp. 500 Clinton Center Drive Bldg. 2, Floor 4 Clinton, MS 39056 USA -Mike Sheffield TEL: 601-460-3627 FAX: 888-944-7396	SkyTel ST900 Secure 2Way (Hardware Version: P/N ST900, Version 2.0; Firmware Versions: 20050624 ver.f.2.9 and 20050705 ver.f.3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005; 10/13/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #261); RNG (Cert. #95); HMAC (Cert. #74); SHS (Cert. #341) -Other algorithms: Elliptic Curve Diffie-Hellman (key agreement) Multi-chip standalone "SkyTel ST900 Secure 2Way is a wireless product for agencies transmitting sensitive and critical communications. The device, an ST900 2Way pager, operates on narrowband PCS, recommended for reliability and superior inbuilding penetration. It is password-protected, with AES encryption and encryption key establishment based on ANSI X9.63."
563	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPcell (Hardware Version: P/N Snapcell, Version 1.5; Firmware Versions: 5133 050322.2 SnapP2P.2 and 5133 050322.2 SnapP2MP.2) Snapcell (Hardware Version: P/N Snapcell-F, Version 1.5; Firmware Versions: SnapP2P.2 and SnapP2MP.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005 12/02/2005; 12/22/2005; 01/13/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #212); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "SNAPcell is a plug-in cellular accessory for Sony Ericsson handsets which enable secure end-to-end GSM communications. SNAPcell draws a new key for each session. SNAPcell requires minimum user intervention with seamless operation and due to the efficient implementation of the encryption algorithms it has minimum impact on the handset battery life. SNAPcell can be used across all four GSM frequency bands and the handset or the subscriber cannot be identifiable within the network. SNAPcell can be easily transferred from one device to another." "Snapcell is a high assurance, lightweight, micro-adapter that secures cellular communications, end-to-end on any GSM frequency (850/900/1800/1900). Snapcell is compatible with standard Sony-Ericsson (GSM) mobile phones. Snapcell is approved for exporting outside the USA. Snapcell is also available with an optional centralized enterprise manager gateway (CEMG) that provides a secure single-point of administration for networking up to several thousands of users over public and private networks. Snapcell is currently deployed by the U.S. Special Forces, U.S. Navy, Coalition partners and financial institutions in over 30 countries."
562	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677	Crypto++ Library (Software Version: 5.2.3) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/29/2005; 08/24/2005; 10/28/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional, Service Pack 1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #14); Triple-DES (Cert. #309); AES (Cert. #216); SHS (Certs. #134 and #298); DSA (Cert. #79); RSA (Cert. #50); ECDSA (Cert. #5); HMAC (Cert. #26); RNG (Cert. #61); Triple-DES MAC (Cert. #309, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
561	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Bill Bialick TEL: 410-964-6400 FAX: 410-964-5154	LYNKS Privacy Card (Hardware Version 2.0; Firmware Version: 1.c) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/29/2005	Overall Level: 2  -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA Multi-chip standalone "The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
560	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Ganapathy Raman TEL: 425-707-3658 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Versions: 5.01.01603 [1], 5.00.911762 [1], and 5.04.17228 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2005 08/24/2005; 06/21/2006; 06/28/2006; 06/29/2006; 12/08/2006; 05/14/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 5.01, Windows CE 5.00, and Windows Mobile 6.0 -FIPS-approved algorithms: AES (Certs. #224 [1] and #507 [2]); Triple-DES (Certs. #315 [1] and #517 [2]); RSA (Certs. #52 [1] and #222 [2]); RNG (Certs. #66 [1] and #286 [2]); SHS (Certs. #305 [1] and #578 [2]); HMAC (Certs. #31 [1] and #260 [2]) -Other algorithms: DES (Cert. #296 [1]); MD5; HMACMD5; RC2; RC4; DES [2] Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of generalpurpose cryptography."
559	Nortel 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	Contivity® VPN Client (Software Version: 5.11_021) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/25/2005; 08/24/2005; 08/29/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional Service Pack 2 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #218); Triple-DES (Cert. #310); SHS (Cert. #299); HMAC (Cert. #28); RNG (Cert. #62) -Other algorithms: Diffie-Hellman (key agreement); DES; 40-bit DES; MD5; ECDH (key agreement); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
558	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/25/2005; 05/26/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine command interface; Supports GSC-IS 2.1 data model."
557	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series iBridge and Telkonet G3 Series eXtender (Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/25/2005; 04/04/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
556	JP Mobile, Inc. 12000 Ford Road Suite 400 Dallas, TX 75234 USA -Kishore Kankipati TEL: 972-277-8340 FAX: 972-484-4154	SureWave Mobile Defense Security Kernel (Software Version: 5.0.050107) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/07/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft PocketPC 2003 Premium -FIPS-approved algorithms: AES (Cert. #221); SHS (Cert. #302); Triple-DES (Cert. #313); Triple-DES MAC (Cert. #313, vendor affirmed); RNG (Cert. #65) -Other algorithms: DES (Cert. #294); Blowfish; MD5 Multi-chip standalone "The SureWave Mobile Defense Security Kernel controls the cryptographic functions of various versions of the SureWave Mobile Defense 4.0 software for Palm, Pocket PC, and Symbian OS enabled devices. Although the same kernel is used in all versions of PDA Defense 4.0, it has only been tested and validated for use on the Pocket PC 2003 Premium."
555	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Hui Chen TEL: 510-936-4839	Sun Cryptographic Accelerator 4000 (Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber), 501-6039-05 and 501-6039-06 (UTP/Copper); Firmware Versions: 2.0 and 2.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2005; 07/28/2005; 09/16/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHS (Certs. #171 and #172); HMAC (Certs. #34 and #88); DSA (Cert. #92); RNG (Cert. #108); RSA (Cert. #95) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software."
554	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Versions: DS1955B PB3 - 3.02 and DS1955B PB5 - 5.00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/29/2005; 10/18/2005; 03/29/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #185, vendor affirmed); RNG (Cert. #86) -Other algorithms: DES (Cert. #222); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the Canada Post Corporations Digital Indicia Standard. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digitial metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
553	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series Gateway (Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2005; 07/07/2005; 03/29/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
552	Gemplus Corp. Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Anthony Vella TEL: +33 (0) 4 42 36 61 38	GemXpresso Pro R3 E64 PK - FIPS with DAL C3 Applet Suite (Hardware Version: GP92; Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applets: Access Control Applet Version 1.0 and GSC Service Applet Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #95); SHS (Cert. #82); RSA (Cert. #33); Triple-DES MAC (Cert. #95, vendor affirmed); RNG (Cert. #44) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed); Single-chip "This module is based on a Gemplus Open OS Smart Card with a large 64K EEPROM memory, and on a cryptographic applet suite developed by Dreifus Associates LTD. Inc. The SmartCard platform has on board Triple DES and RSA algorithms and provides on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.1.1, Global Platform 2.0.1', and GSC-IS v2.1 standards-Card Edge Interface for VM cards, and is very well suited for US Government and Federal projects."
551	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N94i/155 SMM (Hardware Version: 3000186T A; Firmware Versions: 3800157W Version L4 (SH1), 3800159Y Version F (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2005; 10/03/2006	Overall Level: 3  -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (vendor affirmed) -Other algorithms: Multi-chip embedded "The N94i/155 module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet printhead, the module is capable of producing up to 110 envelopes per minute."
550	Priva Technologies, Inc. 1054 S. De Anza Blvd. Suite 201 San Jose, CA 95129 USA -William Sibert TEL: 312-560-5317 FAX: 208-330-3470	Priva Technologies Cleared IC (Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #299) -Other algorithms: Single-chip "This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
549	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Chrisophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Version: E303-063792) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 08/16/2006; 04/30/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROm space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional feature include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
548	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Versions: E303-063683 and E303-063684) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 05/16/2006; 08/16/2006; 04/30/2007; 10/15/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On- Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
547	Pitney Bowes 35 Waterview Drive Shelton, CT 06484-8000 USA -Dennis Crowe TEL: 203-924-3500 FAX: 203-924-3352	Compliant Meter Postal Security Device (CoMet PSD) (Hardware Versions: US: 1A00ABA Revision A and 1A0TAAA Revision A; German: 1A51AAA Revision B; Canada: 1AECABA Revision A and 1ACTAAA.) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 02/24/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); HMAC-SHA-1 (Cert. #86, vendor affirmed); Skipjack (Cert. #6); ECDSA (ANSI X9.62, vendor affirmed); RNG (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, key wrapping) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Canada Post Corporations Digital Indicia Standard, and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
546	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen 204 and 208 (Hardware Version: P/N NS-204 and NS-208, Version 0110; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
545	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5400 (Hardware Version: P/N NS-5400 Version 3010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert #33) -Other algorithms: DES (Certs. #174 and #184) ; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5400 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
544	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5200 (Hardware Version: P/N NS-5200 Version 3010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5200 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
543	Utimaco Safeware AG Germanusstr. 4 Aachen, 52080 Germany -Rainer Herbertz TEL: +49 241 1696 240 FAX: +49 241 1696 222	CryptoServer® 2000 (Hardware Version: P/N CryptoServer® 2000, Version 1.0.2.0; Firmware Version: 1.0.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #284); Triple-DES MAC (Cert. #284, vendor affirmed); AES (Cert. #182); SHS (Certs. #268 and #297); RSA (Certs. #25 and #49); RNG (Cert. #34) -Other algorithms: Diffie-Hellman (key agreement); IDEA; Safer; MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC; DES Multi-chip embedded "The CryptoServer® 2000 is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functions."
542	Certicom Corporation 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/02/2005; 03/16/2006; 08/29/2006; 11/06/2006; 07/20/2007; 09/12/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Red Hat Linux Application Server 3.0, x86; Solaris 2.9, SPARC 32- bit; SPARC; Solaris 2.9, SPARC 64-bit; SPARC; HP-UX 11.00, 32-bit PA-RISC; HP-UX 11.00, 64-bit PA-RISC; Windows 2003, x86; Windows 2003, Itanium; AIX 5.2, 32-bit Power PC; AIX 5.2, 64-bit Power PC; Red Hat Linux Application Server 3.0, Itanium; HP-UX 11i, Itanium; Windows CE 3.0, ARM; Symbian 9, ARM; Linux 64-bit; Windows 64-bit, x86; Windows Vista, x86 and Windows Vista 64 bit, 64 bit x86 (all in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #276); AES (Cert. #175); SHS (Cert. #260); RSA (Cert. #20); HMAC (Cert. #9); RNG (Cert. #25); DSA (Cert. #115); ECDSA (Cert. #1) -Other algorithms: DES (Cert. #272); DES-X; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ARC2; ARC4; MD2; MD5; HMAC-MD5 Multi-chip standalone "The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API. The module can also be used in conjunction with other C."
541	AEP Networks Focus 31, West Wing Cleveland Rd New Hempstead, Herts HP2 7BW United Kingdom -Paul Goffin TEL: +44 1442 458624 -David Miller TEL: +44 1442 458600 FAX: +44 1442 458601	AEP Enterprise CM (Hardware Version: 2731_G1; Firmware Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/02/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #290); AES (Cert. #196); DSA (Cert. #123); SHS (Cert. #275); RNG (Cert. #41); RSA (Cert. #32); Triple-DES MAC (Cert. #290, vendor affirmed) -Other algorithms: DES (Cert. #281); MD5; Diffie-Hellman (key agreement); XOR Multi-chip embedded "The AEP Enterprise CM by AEP Networks offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The AEP Enterprise CM is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
540	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: P/N NS-500 Version 4110; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32) -Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
539	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5XT (Hardware Version: P/N NS-5XT Version 1010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
538	Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA TEL: 319-295-5997	Common Crypto Circuit Card Assembly (Hardware Version: 944-2541-002; Software Version: 091-3186-001) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005	Overall Level: 1  -Physical Security: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #169) -Other algorithms: Serpent; Twofish; Triple-DES Multi-chip embedded "The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
537	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI (Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
536	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI (Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
535	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2022P-000 Build Standard E; Firmware Version: 2.18.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: N/A Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
534	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI (Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers.. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
533	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI (Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 06/06/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
532	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Hardware Versions: nC3022P-150 and nC3022P-300 Build Standard E; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
531	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI and nForce 400 SCSI (Hardware Versions: nC3022W-150 and nC3022W-400 Build Standard D; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
530	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI and F2 Ultrasign SCSI (Hardware Versions: nC4022W-150 and nC4022W-400 Build Standard DR; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
529	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI and nShield F2 Ultrasign PCI (Hardware Versions: nC4022P-150 and nC4022P-300 Build Standard ER; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
528	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM (Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
527	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM (Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
526	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI (Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
525	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI (Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
524	IBM® Corporation 2455 South Road P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540 -Kevin Gotze TEL: 845-435-1056	IBM eServer Cryptographic Coprocessor Security Module (Hardware Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/27/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #215); AES (Cert. #103); SHS (Cert. #194); DSA (Cert. #106); RNG (Cert. #36) -Other algorithms: DES (Cert. #237); DES MAC (Cert. #237, vendor affirmed); MD5; RSA (ISO 9796) Multi-chip embedded "The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptograhpic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use as a feature in IBM eServer, zSeries990 and zSeries890 servers."
523	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	Cryptek Common Security Module (CSM) (Hardware Versions: 5110N0017-1, 5110N0017-2, 5110N0017-3, 5110N0017-4; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/27/2005; 06/29/2005; 10/13/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5, Diffie-Hellman (key agreement) Multi-chip embedded "The CSM is a secure network product designed to enforce three distinct information flow policies: Mandatory Access Control (MAC), Discretionary access Control (DAC), and Packet filtering. The design can support multiple security domains on a single network infrastructure by combining cryptography and labeling technology. The Cryptek CSM hardware and firmware constitute the core technology used in the DiamondLink, DiamondVPN, DiamondPAK, DiamondSAT, DiamondUTC, CL100, CL150, CL100-F, CP102, CP104, CP106, CV100, CS101, CS102, and CT100."
522	Voltage Security, Inc. 1070 Arastradero Road Suite 100 Palo Alto, CA 94304 USA -Matt Pauker TEL: 650-543-1280 FAX: 650-543-1279	Voltage IBE Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/27/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Windows 2003 Server, Windows XP Service Pack 2 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #291); AES (Cert. #199); DSA (Cert. #124); SHS (Cert. #277); RNG (Cert. #43) -Other algorithms: DES (Cert. #282); MD5; Identity Based Encryption (IBE) Multi-chip standalone "The Voltage IBE Cryptographic Module is a component of the Voltage IBE Toolkit, a set of development tools that enable any application to quickly and easily use Identity Based Encryption (IBE) to secure data. IBE uses simple strings like email or IP addresses as public keys, eliminating the need for certificates and associated management. The Voltage IBE Cryptographic Module also contains implementations of 3DES, AES, SHA- 1, and DSA. The Voltage IBE Toolkit is available for download at http://developer.voltage.com"
521	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	Port Authority 88 (Hardware Version: 01-03-0780; Firmware Version: 2.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed) -Other algorithms: Multi-chip standalone "The Port Authority 88 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 88 stores its own database of up to 150 users right on board. The Port Authority 88 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
520	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	Port Authority 44 (Hardware Version: 01-03-0782; Firmware Version: 2.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed) -Other algorithms: Multi-chip standalone "The Port Authority 44 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 44 stores its own database of up to 150 users right on board. The Port Authority 44 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
519	Avaya, Inc. Atidim Technology Park Tel Aviv, 61131 Israel -Pesah Spector TEL: +972 3645 9162 FAX: +972 3645 8462	G350 Branch Office Media Gateway w/FIPS (Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 23.18.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005; 05/05/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Cert. #171); SHS (Cert. #256); HMAC-SHA-1 (Cert. #256, vendor affirmed); RSA (Cert. #17); RNG (Cert. #21) -Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement); MD5; H248 Link Encryption; Avaya Media Encryption; SSHv2 Multi-chip standalone "The Avaya G350 Branch Office Media Gateway is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
518	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Cisco 831 Secure Broadband Router (Hardware Version: 831; Firmware Version: 12.3(8)T5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #271); AES (Cert. #46); RNG (Cert. #31); SHS (Cert. #252); HMAC-SHA-1 (Cert. #252; vendor affirmed) -Other algorithms: DES (Cert. #267); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "Branch office networking requirements are dramatically evolving, driven by web and e-commerce applications to enhance productivity and merging the voice and data infrastructure to reduce costs. The Cisco 831 Secure Broadband Router provides a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
517	SafeNet Canada, Inc. and Cavium Networks One Chrysalis Way Ottawa, Ontario K2G 6P9 Canada -Randy Kun TEL: 613-723-5076 x3427 FAX: 613-274-6365 -Rajneesh Gaur TEL: 408-844-8420 x212 FAX: 408-844-8418	Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board (Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/22/2005 12/02/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip embedded "The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
516	SafeNet Canada, Inc. and Cavium Networks One Chrysalis Way Ottawa, Ontario K2G 6P9 Canada -Randy Kun TEL: 613-723-5076 x3427 FAX: 613-274-6365 -Rajneesh Gaur TEL: 408-844-8420 x212 FAX: 408-844-8418	Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board (Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/22/2005 12/02/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip embedded "The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
515	GuardianEdge Technologies, Inc. 475 Brannan Street Suite 400 San Francisco, CA 94107 USA -Seth Ross TEL: 415-683-2200 FAX: 415-683-2349	Encryption Plus Cryptographic Library (Software Versions: 1.0.1 and 1.0.2) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2005; 02/23/2006; 02/24/2006; 02/27/2006; 11/28/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Service Pack 4 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #154); HMAC-SHA-1 (Cert. #239, vendor affirmed); SHS (Cert. #239); RNG (Cert. #45) -Other algorithms: N/A Multi-chip standalone "The Encryption Plus Cryptographic Library is a compact and fast encryption module that provides cryptographic services to the following products: GuardianEdge Data Protection Framework, GuardianEdge Hard Disk Encryption, GuardianEdge Removable Storage Encryption, Encryption Anywhere Hard Disk, Encryption Anywhere Removable Storage, Encryption Anywhere CD-DVD, Encryption Plus Hard Disk, Encryption Email, and Encryption Plus Folders."
514	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Eric Raisters TEL: 206-217-7100 FAX: 206-217-7515	Reflection Security Component (RSC) (Software Version: 12.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/15/2005	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP3 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #278, #279 and #280); AES (Cert. #176); RSA (Cert. #21); DSA (Cert. #116); SHS (Certs. #261, #262 and #263); HMAC-SHA-1 (Certs. #261, #262 and #263, vendor affirmed); RNG (#26) -Other algorithms: DES (Certs. #273 and #274); Diffie-Hellman (key agreement); Blowfish; Arcfour; CAST; RIPEMD 160; MD4; MD5; HMAC-MD5 Multi-chip standalone "WRQ Reflection software provides a complete range of terminal-emulation and PC X-server solutions for host access from Windows PCs. Each solution is specifically designed to boost IT efficiency and user productivity and includes full support for popular network security protocols such as Secure Shell, TLS/SSL, and Kerberos."
513	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	DPHx Radio with LZA0577 Cryptographic Module (Hardware Version: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606 and 030206; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05060-0000, 722-05061-0000) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/15/2005; 04/20/2005; 06/06/2005; 01/31/2006; 03/29/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #195); RSA (Cert. #31); ShA-1 (Cert. #274) -Other algorithms: DES (Cert. #280); NDRNG Multi-chip standalone "The DPHx Radio with LZA0577 Cryptographic Module is a public safety radio that provides secure, encrypted digital communication."
512	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Communication Cryptographic Library (CCL) (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/15/2004; 05/05/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1; Pocket PC 2003 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #131); SHS (Cert. #215); DSA (Cert. #101); HMAC-SHA-1 (Cert. #215, vendor affirmed); RNG (Cert. #6) -Other algorithms: DES (Cert. #248); SecureNet DES 1 bit CFB with differential encoding and decoding; DES 8 bit CFB; DES 8 bit OFB; DES 1 bit CFB Multi-chip standalone "The E.F. Johnson Co. Communication Cryptographic Library (CCL) is a Microsoft Windows 2000/2003/XP and Pocket PC 2003 Dynamic Link Library that performs security related functions. The CCL is packaged as a Software Development Kit which makes available an Application Programming Interface (API) for all the security functions of the CCL. The security functions available via the APIs are: AES 128 bit, AES 192 bit, AES 256 bit, DES, DSA 1024 bit Signature Generation and Verification, HMAC, PRNG, and SHA-1. The CCL is used in the E.F. Johnson Subscriber Management Assistant key loader."
511	Forum Systems, Inc. 45 West 10000 South Suite 415 Sandy, UT 84070 USA -Bruce Herron TEL: 425 882 9808 FAX: 801-313-4401	Forum FIA Gateway 1504G (Hardware Version: 1504; Firmware Version: 4.3) (When operated in FIPS mode and using the nCipher 1600 PCI card (Cert. #402)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/28/2005; 03/02/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #267); AES (Cert. #165); SHS (Cert. #249); HMAC-SHA-1 (Cert. #249, vendor affirmed); DSA (Cert. #60); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #265); Diffie-Hellman (key agreement); MD5; RC4 Multi-chip standalone "Forum FIA Gateway provides the foundation infrastructure that drives a return on investment by enabling secure XML and Web services communications for mission critical applications. Forum FIA Gateway industry specific solutions include: government compliance, secure electronic forms, secure partner integration, secure partner collaboration, electronic notary, evidence repository as well as secure Service Oriented Architectures."
510	AEP Networks 40 West Gude Drive Suite 100 Rockville, MD 20850 USA -Chris Brook TEL: 240-399-1214 FAX: 240-399-1250	SmartGate (Software Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/28/2005; 03/02/2005; 05/23/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux RedHat 7.2; Sun Solaris 8 -FIPS-approved algorithms: AES (Cert. #35); Triple-DES (Cert. #263); SHA-1 (Cert. #87); RSA (Cert. #11); RNG (Cert. #9) -Other algorithms: DES (Cert. #159); DES MAC (Cert. #159, vendor affirmed); RC4; MD5 Multi-chip standalone "SmartGate is one of the most comprehensive security products on the market. It is a virtual private network (VPN) software that provides secure encrypted channels between users outside your network and the applications and data contained within your network. Fine-grain access control ensures that authorized users are allowed access to specific applications only."
509	Dreifus Associates Limited, Inc. 3300 W. Lake Mary Blvd. Suite 300 Lake Mary, FL 32746 USA -Nicholas D. Pileggi Jr. TEL: 407-585-2840 FAX: 407-531-9932	DAL C32 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip (Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/28/2005; 03/23/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed); Single-chip "The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
508	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 1.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/28/2005; 10/07/2005; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, Solaris 8 32-bit, Solaris 8 64-bit, Red Hat Linux 7.2, Red Hat Enterprise Linux Advanced Server 3.0, PocketPC 2003, AIX 5L 5.2, HP-UX 11.0 PARISC2.0, HP-UX 11.0 PARISC 2.0W, HP-UX 11.11 PARISC2.0, HP-UX 11.11 PARISC2.0W, VxWorks 5.4 PowerPC750, VxWorks 5.5 PowerPC7410, VxWorks 5.5 PowerQuicc II -FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7) -Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
507	IMAG Technologies, Inc. 5270A Imperial Street Burnaby, BC V5J 1E4 Canada -Gerry Smalley TEL: 604-430-6460 FAX: 604-430-6475	TIMAC Cryptographic Module (Hardware Version: P/N EM01-01 Rev. 1.1; Firmware Version; 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/11/2005; 04/07/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #149) -Other algorithms: Multi-chip embedded "IMAG Technologies' TIMAC module is a header mounted multi-chip embedded firmware microprocessor module used to encrypt and decrypt serial data. The device is a FIPS 140-2 Level 3 compliant, high performance, encryption module implementing the AES algorithm operating in 128 bit ECB, CBC, and CFB modes. The chip may be incorporated into IMAG's Bluetooth Enabled wire replacement products, or may be used in other data transmission applications requiring NSA approved serial data encryption."
506	Control Break International Corporation 10 Beaumont Gate Radlett, Herts WD7 7AR United Kingdom -Simon Hunt TEL: 239-298-7014 FAX: 239-430-1916	SafeBoot Client (Software Version: 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/24/2005; 04/30/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 withWindows 2000 Professional (Service Pack 2) and Windows XP Professional in single-user mode -FIPS-approved algorithms: DSA (Certs. #53 and #112); AES (Certs. #21 and #170); RNG (Cert. #15); SHS (Certs. #71 and #254) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "SafeBoot Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized SafeBoot management system provides robust recovery tools, administration, and implementation."
505	Meganet Corporation 350 South Figueroa Street Suite 450 Los Angeles, CA 90071 USA -Saul Backal TEL: 213-620-1666 FAX: 213-620-1655	VME Crypto Engine (Version 4.4.0.0/M145) (When operated with the Microsoft® Base Cryptographic Provider validated to FIPS 140-1 under Certificate #238 operating in FIPS mode for the operating systems specified) Validated to FIPS 140-2 Security Policy Certificate	Software	01/24/2005; 02/04/2005; 05/04/2005; 12/07/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Version 2002 SP1. The following operating systems must use the Microsoft® Base Cryptographic Provider validated to FIPS 140-2 under Certificate #238 operating in FIPS mode: Windows 98, Second Edition, Windows ME Build 4.90.3000, Windows NT 4.0 Workstation SP 6, Windows NT 4.0 Server SP 6, Windows 2000 Professional SP4, Windows 2000 Server SP 4, Windows 2000 Advanced Server SP 4, Windows XP Home Edition SP 1, Windows Server 2003 Enterprise Edition (all in single-user mode) -FIPS-approved algorithms: AES (Cert. #77); Triple-DES (Cert. #188); SHA-1 (Cert. #83); RSA (PKCS #1, vendor affirmed) -Other algorithms: VME Multi-chip standalone "VME Crypto Engine is a suite of tools that make data encryption and decryption easy and reliable. VME Crypto Engine also provides tools that allow you to encrypt and decrypt email messages, chat sessions, files transmitted ftp, and more."
504	Thales e-Security Ltd. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6200 x6202 FAX: 954-888-6211	DC2K Security Module (Hardware Version: 3.411 (build 1213B130_PL_Iss002); Software Version: v3.411, Magazines: Triple-DES magazine version DHDES3_V1_81, AES magazine versions DHAES128_V1_19, DHAES192_V1_10 and DHAES256_V1_10) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/24/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #251); AES (Certs. #151, #152 and #153); SHS (Cert. #230); DSA (Cert. #104); RNG (Cert. #17) -Other algorithms: Multi-chip embedded "The DC2K Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® 2000 that secures communications using signed Diffie-Hellman key exchange and Triple-DES or AES encryption over point-to-point links, X.25, Frame Relay, and IP networks. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
503	Thales e-Security Ltd. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6200 x6202 FAX: 954-888-6211	DCAP Security Module (Hardware Version: v3.511 (build 1213E130_PL_Iss003); Software Version: v3.511, Magazines: Triple-DES magazine version DHDES3_V1_95, AES magazine versions DHAES128_V1_31, DHAES192_V1_22 and DHAES256_V1_21) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/24/2005; 03/14/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #282); AES (Certs. #178, #179 and #180); SHS (Cert. #266); DSA (Cert. #117); RNG (Cert. #29) -Other algorithms: Multi-chip embedded "The DCAP Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® Advanced Performance Cryptographic Module (known as the Datacryptor® AP). It secures communications using signed Diffie-Hellman key exchange and Triple- DES or AES encryption over IP networks. It provides data encryption rates of up to 100 Megabits per second (Mbps). The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
502	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-525A, 3e-525N and 3e-519 Wireless Gateway (Hardware and Firmware Versions: 3e-525A ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]), 3e-525N ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]) and 3e-519 ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16])) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005; 10/31/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. #200); HMAC (Cert. #13); SHS (Cert. #278); RNG (Cert. #22) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, non-compliant); MD5; RC4; DES; AES (non-compliant) Multi-chip standalone "A problem of increasing concern in the deployment of Wireless LANs throughout enterprise environments is security. 3e Technologies International meets this need by providing a secure, accessible, highperformance WLAN end-to-end solution, through its family of Secure Wireless Gateway/Access Points and Secure Client solutions. The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wire."
501	Dreifus Associates Limited, Inc. 3300 W. Lake Mary Blvd. Suite 300 Lake Mary, FL 32746 USA -Nicholas D. Pileggi Jr. TEL: 407-585-2840 FAX: 407-531-9932	DAL C3 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip (Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
500	Research In Motion 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.0.18[1], 3.8.0.20[1], 3.8.0.23[1], 3.8.0.23b [1,2], 3.8.0.24[1], 3.8.0.24b[1,2], 3.8.0.26[1], 3.8.0.26b[1,2], 3.8.0.27[1] and 3.8.0.27b[1,2]) Validated to FIPS 140-2 Security Policy Certificate	Firmware	01/18/2005; 01/31/2005; 03/11/2005; 06/30/2005; 08/24/2005; 09/09/2005; 10/07/2005	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry® 7230 with BlackBerry OS® Versions 3.8[1], 4.0[1] and 4.1[2] -FIPS-approved algorithms: Triple-DES (Cert. #281); AES (Cert. #177); SHS (Cert. #264); HMAC (Cert. #1); RSA (Cert. #22); RNG (Cert. #27) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
499	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware Versions: 023-5000-980, 023-5000-982; Firmware Version: 3.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005; 05/05/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #143); SHS (Cert. #238); HMAC-SHA-1 (Cert. #238, vendor affirmed); DSA (Cert. #110); RNG (Cert. #5 and FIPS 186-2 - general purpose, vendor affirmed) -Other algorithms: DES (Cert. #253); SecureNet DES 1 bit CFB with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson 5100 series radio with secure encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
498	Pitney Bowes 35 Waterview Drive Shelton, CT 06484-8000 USA -Dennis Crowe TEL: 203-924-3612 FAX: 203-924-3352	Compliant Meter Postal Security Device (CoMet PSD) (Hardware Version: P/Ns 1A00 Version BAA, 1AEC Version AAA, 1APC Version ABC) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); Skipjack (Cert. #6); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert #86, vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation’s Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD is a secure module employed within the metering product which performs high-speed cryptographic functions, funds management, and printer administration functions that preclude unauthorized disbursing of indicia. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
497	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-436-1223 FAX: 512-436-8009	IBM Java JCE 140-2 Cryptographic Module (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/07/2005; 01/11/2005; 09/07/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional using IBM JVM 1.4.2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #114); SHS (Cert. #259); HMAC-SHA-1 (Cert. #259, vendor affirmed); RSA (Cert. #18); RNG (Cert. #23) -Other algorithms: Diffie-Hellman (key agreement); MD5 Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.4.0 level and higher."
496	Research In Motion 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry Enterprise Server™ Cryptographic Kernel (Software Version: 1.0.1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/07/2005; 01/11/2005; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP 6a -FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHS (Cert. #265); HMAC (Cert. #2); RNG (Cert. #28) -Other algorithms: Rijndael Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
495	Thales e-Security, Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 888-744-4976 x6202 FAX: 954-888-6211	Thales Datacryptor Gigabit (Hardware Version: C; Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/07/2005; 10/13/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The Datacryptor Gigabit is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Datacryptor Gigabit has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. Fully compatible with existing IP networks, the Datacryptor Gigabit can be seamlessly deployed into Gigabit Ethernet environments, including IP siteto-site VPNs and storage over IP networks. Its high-speed AES and 3DES IPSec processing eliminates bottlenecks while providing data authentication, confidentiality, and integrity."

Need Assistance?