Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

Last Update: 1/4/2008

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
729	Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: 6506, 6506-E, 6509 and 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions: 4.1 (SUP720-3B) and 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Versions: 12.2(18)SXF4, Build adventerprisek9 (Supervisor) and 3.2.116.21 (WiSM)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #369 and #368); SHS (Certs. #442 and #441); HMAC (Cert. #164); RSA (Certs. #124 and #123); RNG (Cert. #177); CCM (Cert. #10) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
728	Extreme Networks 3585 Monroe Street Santa Clara, CA 95051 USA -Prasad Yerneni TEL: 408-579-3379	Sentriant CE150 (Hardware Version: A; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/21/2006	Overall Level: 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The Sentriant CE150 is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, it has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
727	Ceragon Networks, Ltd. 24 Raoul Wallenberg Street Tel-Aviv, 69719 Israel -Yossi Sarusi TEL: 972 3 7666436 FAX: 972 3 6455559 -Boris Radin TEL: 972 3 76668160 FAX: 972 3 6455559	FibeAir®1500P™ Secure Basic Indoor Unit (Hardware Version: mux_fal2_4.084.s.frx; Firmware Version: idc_swr_4.80s28.s.idn) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #395 and #396); RNG (Cert. #192); RSA (Cert. #141); SHS (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "High capacity broadband wireless system which provide FIPS compliant secure operation."
726	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523-F2 Secure Multi-function Wireless Data Point (Hardware Versions: HW V1.0 and V1.1; Firmware Version: 4.1.7.2) (When operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/18/2006; 09/25/2007	Overall Level: 2 -FIPS-approved algorithms: AES (Cert. #238); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22); RSA (Cert. #129); CCM (Cert. #1) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
725		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1 -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
724		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1 -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
723	Thales e-Security Meadow View House Crendon Industrial Estate, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.3 (Hardware Version: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/18/2006; 09/25/2007	Overall Level: 3 -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
722	Check Point Software Technologies Ltd. 12007 Sunrise Valley Dr. Suite 130 Reston, VA 20191 USA -Malcolm Levy TEL: 703-234-0100 x218	VPN-1 (Firmware Version: NGX (R60) with hot fix HFA-03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/08/2006; 01/04/2007	Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 -Tested: Check Point SecurePlatform Operating System, version NGX (R60) HFA-03 on General Purpose Computing platform with single and dual Intel XEON® and single and dual AMD Opteron® processor configurations -FIPS-approved algorithms: Triple-DES (Cert. #338); AES (Cert. #257); SHS (Cert. #332); HMAC (Cert. #67); RSA (Certs. #66 and #132); RNG (Cert. #90) -Other algorithms: DES (Cert. #314); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 202 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NGX (R60) with hot fix HFA-03 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
721	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Thierry Le Jaoudour TEL: 01 45 36 30 00 FAX: 01 45 36 30 10	N30i/N30ig - 135/136 Meter (Hardware Version: P/N 4127205W; Firmware Versions: P/N 4132525N V50.0 and P/N 4134515L V50.02) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2006; 12/19/2006	Overall Level: 3 -Physical Security: Level 3 +EFT -FIPS-approved algorithms: DSA (Cert. #61); Triple-DES (Cert. #119); Triple-DES MAC (Cert. #119, vendor affirmed); SHS (Certs. #391 and #455); RNG (Cert. #141) -Other algorithms: Multi-chip embedded "Cryptographic software module used in the N30i/N30ig - 135/136 Postage Meter."
720	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 4.5 on z/OS) (When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessor validated to FIPS 140-1 under Cert. #118 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/15/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
719	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 3.7 on UNIX) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/15/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Sun Solaris 10, IBM AIX 5.3, and HP-UX 11i (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #288, #423, and #424); AES (Certs. #192 and #380); SHS (Certs. #272, #451, #452, and #453); HMAC (Certs. #7 and #168); DSA (Cert. #164); RNG (Certs. #39 and #182) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; MD5 Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
718	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Security Controller (FC-X) (Hardware Version: FC-X; Firmware Versions: FC-X 4.0.3 and 4.0.4) (When operated in FIPS mode.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 08/31/2007	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465); RNG (Certs. #189 and #190); HMAC (Cert. #174) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA) Multi-chip standalone "The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
717	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6.1 (Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 01/05/2007	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
716	D'Crypt Private Limited 20 Ayer Rajah Crescent #08-08 Technopreneur Centre Singapore, 139964 Singapore -Quek Gim Chye TEL: (65) 6776-9210 FAX: (65) 6873-0796	d'Cryptor ZE Cryptographic Module (Hardware Version: P/N DC-ZEN2-41 v4.1, DC-ZEN4-41 v4.1; Firmware Version: Kernel v4.5, LFM v2.1, AFM v2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #332); Triple-DES (Cert. #396); SHS (Cert. #407); RSA (Cert. #113); HMAC (Cert. #136); RNG (Cert. #153) -Other algorithms: DES (Cert. #328; v3.0) Multi-chip embedded "The d'Cryptor ZE Cryptographic Module is a micro-token targeted at high security embedded applications. Central to the next generation of d'Cryptor products where it serves as a secure coprocessor, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
715	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Version: P/N 7011-30967-000 Versions 050306 and 030207; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006; 04/26/2007; 12/18/2007	Overall Level: 1 -FIPS-approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; NDRNG Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
714	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5.2 [1] and 3.5.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/02/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode). -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Certs. #71 [1] and #186 [2]); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 non-compliant, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
713	Sagem Orga Am Hoppenhof 33 Paderborn, 33104 Germany -Fabien Guichon TEL: 49 52 51 88 90	J-IDMark 64 (Hardware Version: HW P/N AT58829-C-AA, Version 01; Firmware Version: FW Version J-IDMark 64 IDT 005) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/02/2006	Overall Level: 3 -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Certs. #459 and #460); RSA (Certs. #136 and #137); Triple-DES (Cert. #430); Triple-DES MAC (Cert. #430, vendor affirmed); RNG (Cert. #187) -Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The J-IDMark 64 is a single chip cryptographic module, compliant with Global Platform 2.0.1 and Sun Java Card TM 2.1.1. It runs a proprietary Applet, ID v1, which includes the following features: - A PKI-based digital signature for secure transactions and digital certificate management. - Secure storage of data and identification management rights (driving licenses, health care entitlement, car certificate, etc.). - A Match On Card mechanism which performs fingerprint verification. The J-IDMark 64 module meets the requirements to the Level 4 of FIPS 140-2 for physical security."
712		Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/27/2006	Overall Level: 2 -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
711	Kenwood Corporation 1-16-2, Hakusan, Midori-ku, Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A1.0.0 and A1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/16/2006	Overall Level: 1 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #363); SHS (Cert. #437) -Other algorithms: DES; LFSR Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing Kenwood radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
710	Ecutel Systems, Inc. 2300 Corporate Park Drive Suite 410 Herndon, VA 20171 USA -Dzung Tran TEL: 571-203-8300	Ecutel Cryptographic Service Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/16/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP; Windows Mobile for Pocket PC 2003; Linux RedHat Kernel 2.6 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #381); Triple-DES (Cert. #425); SHS (Cert. #456); HMAC (Cert. #170); RNG (Cert. #183) -Other algorithms: Multi-chip standalone "The Ecurtel Cryptographic Service Module (ECSM) is a cryptographic library that offers cryptographic functionalities to Ecutel products only. It is installed on a machine as a constituent of host application."
709	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 and StrongROM v3.1 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0; Firmware Version: StrongROM v3.1) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	10/17/2006	Overall Level: 1 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #343 and #344); RSA (Certs. #114 and #115); SHS (Certs. #83, #418, and #419); HMAC (Certs. #105 and #147); HMAC (Cert. #83, vendor affirmed); RNG (Certs. #118 and #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
708	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/11/2006	Overall Level: 1 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #344); RSA (Cert. #115); SHS (Certs. #83 and #419); HMAC (Cert. #147); HMAC (Cert. #83, vendor affirmed); RNG (Cert. #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
707	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 871, 876, 877 and 878 Integrated Services Routers (Hardware Versions: 1.0 (871), 1.0 (876), 1.0 (877) and 1.0 (878); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/11/2006	Overall Level: 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #389 and #390); AES (Certs. #324 and #325); RNG (Cert. #147); SHS (Certs. #398 and #399); HMAC (Certs. #131 and #134) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 870 Series fixed-configuration integrated services routers support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices. They run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. These routers also offer Stateful Inspection Firewall, IP security (IPSec) VPNs, intrusion prevention system (IPS), antivirus support, and secure WLAN 802.11b/g option with use of multiple antennas."
706	Britestream Networks, Inc. 12401 Research Boulevard Bldg 2, Suite 275 Austin, TX 78759 USA -Rick Hall TEL: 512-250-2129 x135 FAX: 512-250-9068	Britestream nCipher Asymmetric Module (Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/27/2006	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Britestream nCipher Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for achieving FIPS 140-2 certification of the overall system that the module is used in."
705	SETECS Inc. and Gemalto 8070 Georgia Avenue Silver Spring, MD 20910 USA -Sead Muftic TEL: 301-587-3000 FAX: 301-587-7877 -Nick Hislop TEL: 610-202-4942 FAX: 215-390-2915	SETECS Inc. OneCARD™ PIV-II Java Card Applet on Gemalto GemCombi'Xpresso R4 E72K PK card (Hardware Version: GCX4-M2569420; Firmware Version: GCX4-FIPS EI07, Applet Version: SETECS Inc. OneCARD™ PIV-II Java Card Applet Version 1.2) (PIV Card Application: Cert. #4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. #168) -Other algorithms: N/A Single-chip "SETECS OneCARD(TM) is the smart card created as the combination of SETECS OneCARD(TM) PIV-II Java Card Applet and Gemalto GemCombi'Xpresso R4 E72K PK card. SETECS OneCARD(TM) Card (PIV Card) is the full implementation of the FIPS 201 card application (PIV applet) with all required access rules and protocols. The PIV Card contains all mandatory and optional data objects, as specified in the NIST Special Publication 800-73-1. The GCX4 is based on a Java platform with 72K EEPROM memory. The module provides dual interfaces (i.e. contact and contactless) where the same security level is achieved."
704	Utimaco Safeware AG Hohemarkstraße 22 Oberursel, D-61440 Germany -US Corporate Headquarters TEL: 508- 543-1008 FAX: 508- 543-1009 -Dr. Christian Tobias TEL: +49 6171 88 1711	SafeGuard Easy (Software Version: 4.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/15/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode) -FIPS-approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438) -Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES Multi-chip standalone "SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
703	Pitney Bowes 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: (US) 1M00 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Specimen) 1M03 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Gov.) 1M05 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (UN) 1M08 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (Royal Mail) 1M20 AAA/AAC/AAD/BAA/ABA/ ABB/BAB/BAE/BAF, (Royal Mail Specimen) 1M23 AAA/AAC/AAD/BAA/ABA/ABB/BAB/BAE/BAF) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2006; 04/26/2007; 05/14/2007	Overall Level: 3 -Physical Security: Level 3 +EFP -FIPS-approved algorithms: DSA (Cert. #153); SHS (Cert. #395); Triple-DES (Cert. #386); Triple-DES MAC (Cert. #386, vendor affirmed); RNG (Cert. #146) -Other algorithms: Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
702	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models (Hardware Versions: 2:0 (1801), 4.0 (1802), 3.0 (1803) and 3.0 (1811) and 3.0 (1812); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2006	Overall Level: 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #414 and 415); AES (Certs. #357 and 358); RNG (Cert. #171); SHS (Certs. #432 and 433); HMAC (Certs. #156 and 157) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 1800 Series fixed-configuration integrated services routers enable a network infrastructure for SMBs and enterprise small branch offices. They enable deployment of a single device to provide multiple services, including integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and quality of service (QoS). The Cisco IOS Software Advanced IP Services feature set facilitates hardware-based IPSec encryption and features such as Cisco IOS Firewall, URL Filtering, IPS support, IPSec VPNs, Dynamic Multipoint VPN (DMVPN), anti-virus support, SSH 2.0, and SNM"
701	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge (Hardware Versions: AP1131AG: C0; AP1232AG: A0; AP1242AG: A0; BR1310G: C0; Firmware Version: 12.3(8)JA2(ED)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/23/2006; 12/19/2006; 02/27/2007	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #356 and #370); CCM (Cert. #11); SHS (Cert. #428); HMAC (Cert. #154); RNG (Cert. #169) -Other algorithms: MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco Aironet 1131AG, 1242AG, 1232AG, and 1310G access points deliver the versatility, high capacity, security, and enterprise-class features required for autonomous based Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i standard and Advanced Encryption Standard (AES). The Cisco APs are Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
700	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 and 6000 Series (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 80 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
699	WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007; 07/05/2007	Overall Level: 1 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Pro with Service Pack 3; Windows XP Pro with Service Pack 2; Windows 2000 Advanced Server; Windows 2000 Server; Windows 2003; Windows Vista -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
698	WinMagic Incorporated 200 Matheson Blvd W. 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Professional, Server and Advanced Server with Service Pack 3 and Q326886 Hotfix running on a Dell OptiPlex GX400 PC -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
697	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 2500 Identity and Access Management Appliance (Hardware Version: Rev 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
696	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 500 Identity and Access Management Appliance (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
695	Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet LWAPP AP1131AG, Cisco Aironet LWAPP AP1231G, Cisco Aironet LWAPP AP1232AG, and Cisco Aironet LWAPP AP1242AG Wireless Access Points (Hardware Version: 1131, Revision C0; 1231, Revision A0; 1232, Revision A0; 1242, Revision A0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/04/2006; 06/11/2007; 08/07/2007	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #370 and #373); CCM (Certs. #11 and #12); SHS (Cert. #443); HMAC (Cert. #165); RNG (Cert. #178); RSA (Cert. #125) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
694	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523 and 3e-523-F1 WLAN Products (Hardware Versions: 3e-523 V1.0, 3e-523-F1 V1.0; Firmware Version: 3.4, Build 5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/21/2006; 08/01/2006	Overall Level: 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #200); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The 3e-523 and 3e-523-F1 WLAN products provide wired connections for Ethernet and Serial devices. This connection can be over an Ethernet 10/100 baseT RJ-45 and/or via RS-232/422/485 interface. The 3e-523 and 3e-523-F1 wireless connection can be configured to use IEEE 802.11a/b/g with Layer 2 AES or TDES encryption. The wireless connectivity is a wireless bridging function to, for example, another 523, a 3e-525A-3 Wireless Access Point, or similar device. The 3e-523 and 3e-523-F1 are ideal for connecting RFID readers, sensors, and other data devices (printers, terminals, etc.) into a secur"
693	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Version: 4402 and 4404; Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/20/2006; 10/10/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #368 and #369); CCM (Cert. #10); SHS (Certs. #441 and #442); HMAC (Cert. #164); RNG (Cert. #177); RSA (Certs. #123 and #124) -Other algorithms: RC4; MD5; HMAC MD5; Triple-DES; AES-CTR (non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
692	Federal Reserve Bank of Boston 600 Atlantic Avenue Boston, MA 02210 USA -Peggy Li TEL: 617-973-3917 FAX: 617-573-5417	FRBB ePurse v2 on ActivCard Applet v2 on Cyberflex Access 64k v1 (Hardware Version: SLE66CX640P; Firmware Versions: OS Hardmask n5 v1, OS Softmask n4 v2, ACA Applet v2.3.0.5, ASCLib v2.3.0.3, PKI/GC Applet v2.3.1.2, ePurse v2 Version 2.0.12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006	Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58); RNG (vendor affirmed) -Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use); Single-chip "The ePurse is a secure payment module which enables a Common Access Card to be used as a payment mechanism at designated locations."
691	Gemalto Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Vincent Prothon TEL: 512-257-3810	SafesITe FIPS 201 Applet on SafesITe PIV TPC DM Card (Hardware Versions: GCX4-M2569420, GXP4-M2569430 and GCX4-M2569422; Firmware Versions: GCX4-FIPS EI07 (MPH051), GCX4-FIPS EI08, GXP4-FIPS EI07 (MPH052) and GXP4-FIPS EI08; Applet Version: SafesITe FIPS 201 Applet Version 1.20) (PIV Card Application: Cert. #2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006; 12/19/2006; 08/29/2007; 12/20/2007	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: Single-chip "This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, NITS SP-800-73-1, and is very well suited for US Government and Federal projects where FIPS-201, PIV-II compliance is required."
690	L-3 Communications Cincinnati Electronics 7500 Innovation Way Mason, OH 45040-9699 USA -Doug Merz TEL: 513-573-6567 FAX: 513-573-6767	AES-256 Encryption Core, T-724 X-Band Mission Data Transmitter FPGA [1] and T-725 X-Band Telemetry Transmitter FPGA [2] (Hardware Versions: 669510-1, 669515 [1] and 669715-1 [2]) (When operated in FIPS mode [1, 2]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2006; 08/30/2006	Overall Level: 1 -FIPS-approved algorithms: AES (Cert. #346) -Other algorithms: DES [1] Single-chip "The AES-256 Encryption Core is to be used in spacecraft based transmitters for protection of electronic data during downlink to earth based ground stations. Applications include low rate telemetry data transmitters and high rate mission data transmitters."
689	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	C95i Secure Metering Module (SMM) (Hardware Version: 4126736H B; Firmware Version: 4130379C G10 (SH1), 4126898B A (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/14/2006; 10/03/2006; 04/26/2007	Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #389); RNG (Cert. #38); ECDSA (Cert. #15); HMAC (Cert. #119) -Other algorithms: Multi-chip embedded "The IJ40/50/60 are Neopost mid range of Franking products that incorporate a secure metering module for producing a highly secure franking impressions to meet CPC requirements."
688	DigitalGlobe Inc. 1900 Pike Road Longmont, CO 80501-6700 USA -Skip Cubbedge TEL: 303-684-4516 FAX: 303-684-4048	WorldView Wideband Transmitter FPGA (Hardware Version: 668515-1) (Bypass capability excluded from FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/13/2006	Overall Level: 1 -FIPS-approved algorithms: AES (Cert. #296) -Other algorithms: Single-chip "The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
687	TecSec Incorporated Accounts Payable 1953 Gallows Road Suite 220 Vienna, VA 22182 USA -Lisa Liedel -Roger Butler	CKM® Cryptographic Module (Software Version: 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/13/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode) -FIPS-approved algorithms: AES (Certs. #345 and #379); Triple-DES (Certs. #407 and #422); SHS (Certs. #420 and #450); HMAC (Certs. #149 and #167); RNG (Certs. #165 and #181); RSA (Certs. #116 and #131); DSA (Certs. #155, #163, and #165) -Other algorithms: DES; Twofish; Blowfish; P-Squared; RSA Key Establishment (key wrapping; key establishment methodology provides between 69 bits and 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; HMAC-MD5; CKM Key Construction Multi-chip standalone "TecSec® IncorporatedÆs Constructive Key Management« (CKM®) Cryptographic Module (CKMCRYPTO_FIPS.DLL) (Software version 2.0.0.11) is a FIPS 140-2 Level 1 compliant, general purpose, software based cryptographic module running upon the Microsoft« Windows« Operating System (in single user mode)."
686	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Mel Snyder TEL: 919-462-1900 x208 FAX: 919-462-1933	SafeEnterprise™ Encryptor, Model 600 (Hardware Version: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10112-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-30013-00x, 904-10014-00x, 904-10014-00x, 904-10113-00x, 904-25005-00x, 904-25005-00x, 904-25005-00x; Firmware Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/11/2006; 04/09/2007; 04/26/2007; 12/07/2007	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#262 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterprise™ Encryptor, Model 600 provides data privacy and access control for connections between vulnerable public and private networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in 155Mbps (OC-3), 622Mbps (OC-12), 1.0Gbps, and 2.4Gbps (OC-48) networks."
685	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
684	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
683	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2033P-000; Build Standard C; Firmware Version: 2.22.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 2 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
682	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Versions: 1.0.4.7 and 1.0.4.15) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/26/2006; 04/26/2007; 04/30/2007; 06/21/2007	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLock, featured in the KanguruMicro Drive AES USB 2.0 Flash Drive, addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
681	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, and nCipher 800 PCI (Hardware Version: nC3033P-1K6, nC3033P-1K6N and nC3033P-800 Build Standard C; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
680	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI, nCipher 1600 PCI, and nCipher 1600 PCI for NetHSM (Hardware Version: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, Build Standard C; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
679	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Series II (Hardware Version: Models PC500 P/N 906-160001-01, PC530 P/N 906-162001-01, PC530J P/N 906-162002-01, PC530S P/N 906-162004-01, PC600 P/N 906-160002-01, PC700 P/N 906-161001-01, PC730 P/N 906-162005-01, PC730J P/N 906-162006-01, PC730S P/N 906-162008-01, PC800 P/N 906-161002-01; Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #372); AES (Certs. #299 and #300); Skipjack (Cert. #16); DSA (Cert. #142); ECDSA (Cert. #10); RSA (Cert. #88); SHS (Certs. #373 and #374); RNG (Cert. #126) -Other algorithms: MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); KEA Multi-chip standalone "The LYNKS Series II Hardware Security Module (HSM) supports the new "Suite B" algorithms, including elliptic curve cryptography with ECDSA signatures, AES, and the "SHA-2" algorithms. Available with either PCMCIA or USB interfaces."
678	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-8020S and LX-8040S Series Console Servers (Hardware Versions: B/L 350-6003 Rev: D, P/N 500-8722 Rev: A and B/L 350-6003 Rev: D, P/N 500-8724 Rev: A and B/L 350-6005 Rev: G, P/N 500-8732 Rev: A and B/L 350-6004 Rev: C, P/N 500-8730 Rev: A and B/L 350-6003 Rev: D, P/N 500-8723 Rev: B and B/L 350-6003 Rev: D, P/N 500-8725 Rev: B and B/L 350-6005 Rev: G, P/N 500-8733 Rev: A and B/L 350-6004 Rev: C, P/N 500-8731 Rev: A and B/L 350-6003 Rev: D, P/N 500-8726 Rev: A and B/L 350-6003 Rev: D, P/N 500-8728 Rev: A and B/L 350-6005 Rev: G, P/N 500-8736 Rev: A and B/L 350-6004 Rev: C, P/N 500-8734 Rev: A and B/L 350-6003 Rev: D, P/N 500-8727 Rev: B and B/L 350-6003 Rev: D, P/N 500-8729 Rev: B and B/L 350-6005 Rev: G, P/N 500-8737 Rev: A and B/L 350-6004 Rev: C, P/N 500-8735 Rev: A; Firmware Version: linuxito Version: 3.7.2 and ppciboot Version: 3.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #117); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 194-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 194-bits of encryption strength) Multi-chip standalone "The LX-8000S 20 and 40 port Dual AC and DC units with an optional internal modem add high-end NEBS console management to MRV's LX Series Console Servers. The Linux based system is tuned for optimal performance, security and reliability. The LX-8000S models are designed for telco and data center applications that demand high quality and reliability standards, dual power and NEBS Level-3 Certification."
677	Gemalto and ActivIdentity Inc. Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Thierry Deffontaines TEL: +33 (0)4 42 36 60 17 -David Wen TEL: 510-745-6215 x6225	GemCombiXpresso R4 E72 PK - FIPS with ActivIdentity Digital Identity Applet Suite v2 (Hardware Versions: GCX4-M2569420, GXP4-M2569430 and GCX4-M2569422; Firmware Versions: GCX4-FIPS EI07 and GXP4-FIPS EI07, Applet Versions: ACA v2.6.1, PKI/GC v2.6.1, ASC library package v2.6.1; ACA v2.6.2, PKI/GC v2.6.2, ASC library package v2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/12/2006; 12/19/2006; 03/01/2007	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.1 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2.1 standards."
676	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module (Hardware Version: Chassis:6506, 6509, 6506-E, 6509-E,7606,7609; Backplane chassis: Hardware Version 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Version 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); VPNSM Blade: Hardware Version 1.3; Firmware Version: 12.2(18)SXE2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2006	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #132 and 155); SHS (Cert. #117); HMAC (Cert. #33); RNG (Cert. #123) -Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 96-bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
675	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150, and nC4032P-10 Build Standard ER; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
674	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150 and nC4032P10 Build Standard ER; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
673	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1and 7301 with VAM2+ (Hardware Version: 7206VXR; NPE-G1 Version: 2.1, Board Version A0; VAM2+ Version: 1.0, Board Version: C0; 7301 Version: 5.0, Board Version: A0; Firmware Version: 12.3(11)T10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/15/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Cert. #173); Triple-DES (Cert. #275); SHS (Certs. #404 and #258); HMAC (Cert. #39); RNG (Certs. #150 and #83) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES; HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
672	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A and B; Firmware Versions: 2.22.17-2 and 2.22.34-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
671	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A and B; Firmware Versions: 2.22.17-3 and 2.22.34-3) (When operated in FIPS mode and initialized to Overall 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
670	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standard L; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
669	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standard L; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006	Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
668	Oberthur Card Systems, Inc. 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D (Hardware Version: HW P/N 77; Firmware Version: FW Version E303-063684 with PIV Applet Suite v1 (PIV Applet v1.08 or v1.09 and SSO Applet v1.08)) (PIV Card Application: Cert. #1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 07/27/2007	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The PIV EP v1 is a fully validated PIV-II « End Point » smart card to answer HSPD12. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption and secure post issuance management. To increase flexibility and customization capabilities, the card supports all PIV optional data containers from SP800-73-1, plus additional non-PIV containers and keys configurable during manufacturing. A built-in Card Single Sign-On application allows multiple on card applications to share the same Card Holder Verification Method (Global PIN)."
667	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, 16547 Germany -Clemens Heinrich TEL: +49-3303-525-619 FAX: +49-3303-525-609	Postal Revenector Canada (Hardware Version: 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0009.00/01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 06/26/2007	Overall Level: 3 -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #20); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Postal Revenector Canada is an embedded hardware module which provides security critical services for postage meters in the Canadian market. It is used to support new secure methods of applying postage."
666	Francotyp-Postalia GmbH Triftweg 21-26 D-16547 Birkenwerder Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609	Revenector (Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 05/30/2006	Overall Level: 3 -Physical Security: Level 3 +EFP -FIPS-approved algorithms: RSA (Cert. # 109); SHS (Cert. #400) -Other algorithms: Multi-chip embedded "Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
665	Francotyp-Postalia GmbH Triftweg 21-26 16547 Birkenwerder Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49/3303/525/656 FAX: +49/3303/525/609	Postal Revenector (Hardware Version: P/N 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0006.00/03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006	Overall Level: 3 -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #19); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
664	Zix Corporation 2711 N. Haskell Avenue Suite 2300 Dallas, TX 75204-2960 USA -Dena Bauckman TEL: 214-370-2008 FAX: 613-288-2456	S/MIME Gateway Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/26/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Microsoft Linux Red Hat Enterprise 3 Operating System (in single user mode) -FIPS-approved algorithms: AES (Cert #321); Triple-DES (Cert #385); RSA (Cert #108); SHS (Cert #394); HMAC (Cert #127); RNG (Cert #145) -Other algorithms: DSA (non compliant); Diffie-Hellman (key agreement); Elliptic Curve (non compliant); MD2; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength) Multi-chip standalone "The S/MIME Gateway for ZixVPM® provides gateway-to-gateway email encryption using a FIPS 140-2 level 1 validated cryptographic module. The S/MIME Gateway for ZixVPM adheres to the standards set out in the Open Group S/MIME Gateway Profile and is interoperable with other certified S/MIME Gateway solutions. The approved cryptographic algorithms included in the module are: AES, Triple-DES, RSA, SHA-1, HMAC SHA-1, and FIPS 186-2 Appendix 3.1 RNG."
663	3e Technologies International, Inc. 9175 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-010F-A-2 Cryptomodule and 3e-010F-C-2 Cryptomodule (Software Version: 3e-010F-A-2 Version 2.0, Build 18; 3e-010F-C-2 Version 2.0, Build 15; and 3e-010F-C-2 Version 2.0, Build 15, Revision 1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/26/2006; 08/01/2006; 08/29/2007	Overall Level: 1 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional with SP4 and Microsoft Windows XP with SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #225, #287 and #288); Triple-DES (Cert. #316); RNG (Cert. #67); CCM (Certs. #5 and #6); HMAC (Cert. #32); SHS (Cert. #306); RSA (Cert. #112) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The 3e-010F-A-2 and 3e-010F-C-2 Crypto Clients provide standard 802.11a/b/g wireless access along with enhanced protection through a variety of cryptographic features, providing a high level of security for wireless environments. In FIPS 140-2 mode (highly secure), encryption can be set for None, Static AES, Static 3DES, Dynamic Key Exchange and WPA2 Enterprise and Personal (AES-CCM). In non-FIPS mode, one can select None, Static AES, Static 3DES, Dynamic Key Exchange, Static WEP, WPA-Enterprise and Personal (TKIP or AES-CCM) and WPA2-Enterprise and Personal (TKIP or AES-CCM)."
662	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 FAX: 813-288-7389	AirFortress ® AF1100 Wireless Cryptographic Module (Hardware Version: AF-1100; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006	Overall Level: 2 -FIPS-approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant) Multi-chip standalone "The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression."
661	International Business Machines (IBM) 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM eServer Cryptographic Coprocessor Security Module (Hardware Version: P/Ns 12R6536, 12R8241, 12R8561, 41U0438, Model 4764-001; Firmware Versions: 2096a16d and c16f4102) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006; 06/14/2006; 04/30/2007; 09/25/2007	Overall Level: 4 -FIPS-approved algorithms: AES (Cert. #103); Triple-DES (Cert. #215); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132) -Other algorithms: DES (Cert. #237); MD5, RSA (ISO 9796, non-compliant) Multi-chip embedded "The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptographic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in IBM eServer zSeries and iSeries servers; and for use in IBM eServer xSeries."
660	Authenex, Inc. 1489 Salmon Way Hayward, CA 94544 USA -Harry Lee TEL: 510-324-0230 x114 FAX: 510-324-0251	Authenex A-Key (Hardware Version: P/N AKEY2T0-01, Version 2.0.0; Firmware Version: 3.6.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006	Overall Level: 3 -FIPS-approved algorithms: RSA (Cert. #84); AES (Cert. #294); SHS (Cert. #367); RNG (Cert. #119) -Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Authenex A-Key provides two factor strong authentication for the mobile user, with an embedded suite of applications."
659	Neopost Technologies 113 rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	C20ND-C21ND Secure Metering Module (Hardware Version: 4124558P Version B; Firmware Versions: 30.20 and 30.24) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006; 10/03/2006; 12/19/2006	Overall Level: 3 -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA (Cert. #61); ECDSA (Cert. #16); HMAC (Cert. #122); Triple-DES (Cert. #119); SHS (Cert. #391); RNG (Cert. #141) -Other algorithms: Multi-chip embedded "The C20ND module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes with ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
658	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With IPSec VPN SPA (Hardware Versions: 6506, 6509, 6506-E, 6509-E, 7606, 7609; Backplane chassis: Hardware Versions 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); IPSec VPN SPA: Hardware Version 1.0; Firmware Version: 12.2(18)SXE2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/20/2006; 05/16/2006	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #258 and #298); SHS (Certs. #285 and #422); HMAC (Certs. #15 and #153); RNG (Cert. #123); AES (Certs. #156 and #209) -Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
657	Tutarus Corporation 6767 Old Madison Pike Suite 292 Huntsville, AL USA -Ray Clayton TEL: 256-922-1555	TRAKRON (Software Version: 2.2) Validated to FIPS 140-2 Security Policy Certificate	Software	04/13/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode) -FIPS-approved algorithms: AES (Cert. #313); SHS (Cert. #383); RSA (Cert. #99); RNG (Cert. #133) -Other algorithms: N/A Multi-chip standalone "The TRAKRON module is a software module packaged as a Dynamic-link Library (DLL) on Windows. The library can be used on Microsoft Windows NT, 2000, and XP operating systems. The TRAKRON module provides high-level encryption for Tutarusªs security products."
656	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 515 and PIX 515E (Hardware Versions: 515 and 515E; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2006; 03/20/2007	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124); RSA (Certs. #105 and #107); DSA (Certs. #150 and #152) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-todeploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
655	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5510, ASA 5520 and ASA 5540 (Hardware Versions: 5510, 5520, and 5540; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2006	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #217 and #384); AES (Certs. #105 and #320); RNG (Certs. #143 and #144); SHS (Certs. #196 and #393); HMAC (Certs. #124 and #125); RSA (Certs. #105 and #106); DSA (Certs. #150 and #151) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
654	Tutarus Corporation 6767 Old Madison Pike Suite 292 Huntsville, AL USA -Ronn Cochran TEL: 256-922-1555	SRKCRYPTO (Software Version: 3.4.1) Validated to FIPS 140-2 Security Policy Certificate	Software	04/06/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode) -FIPS-approved algorithms: AES (Cert. #314); SHS (Cert. #384); RSA (Cert. #100); RNG (Cert. #134) -Other algorithms: N/A Multi-chip standalone "SRKCRYPTO is a digital data encryption library that provides encryption services for Tutarus products. SRKCRYPTO is a unique encryption engine in that it generates a new random key each time data needs to be encrypted. This provides a higher level of security required for the most sensitive data protection."
653	CipherOptics, Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A; Firmware Versions: 3.1 and 3.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 08/16/2006	Overall Level: 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
652	nCipher Inc. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA TEL: 800-NCIPHER FAX: 781-994-4001	nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-50 [3]; Build Standard M; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 06/29/2006; 12/20/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
651	nCipher Inc. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA TEL: 800-NCIPHER FAX: 781-994-4001	nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-50; Build Standard M; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 06/29/2006; 12/20/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
650	Ian Donnelly Systems, Inc. 17752 Preston Road Dallas, TX 75252 USA -Ian B. Donnelly TEL: 888-980-8887 FAX: 972-380-8866	KEY-UP (Hardware Version: P/N KEY-UP Version II-A; Firmware Version: 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Cert. #361); Triple-DES MAC (Cert. #361; vendor affirmed); SHS (Cert. #359); RNG (Cert. #127) -Other algorithms: DES; DUKPT Multi-chip standalone "KEY-UP V5.0 security encryption devices for electronic funds transfer applications utilize the latest security specifications mandated by the American National Standard Institute (ANSI) while offering significant performance improvements and lower cost per transaction."
649	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Douglas TEL: 571-334-4300	Aruba 800, 5000 and 6000™ Mobility Controller with ArubaOS FIPS Software (Hardware Versions: (Aruba 800) HW-800-CHAS-SPOE-SX, HW-800-CHAS-SPOE-T; (Aruba 5000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; (Aruba 6000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-256-C2 (3300027 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; Software Versions: A800_2.4.1.0-FIPS, A800_2.4.8.2-FIPS, A800_2.4.8.3-FIPS, A800_2.4.8.8-FIPS, A800_2.4.8.9-FIPS, A800_2.4.8.10-FIPS, A800_2.4.8.11-FIPS, A800_2.4.8.12-FIPS, A5000_2.4.1.0-FIPS, A5000_2.4.8.2-FIPS, A5000_2.4.8.3-FIPS, A5000_2.4.8.8-FIPS, A5000_2.4.8.9-FIPS, A5000_2.4.8.10-FIPS, A5000_2.4.8.11-FIPS and A5000_2.4.8.12-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006; 08/10/2006; 03/01/2007; 04/30/2007; 06/21/2007; 08/31/2007; 10/12/2007; 10/22/2007	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #315 and #159); Triple-DES (Certs. #382 and #261); SHS (Certs. #386 and #244); HMAC (Certs. #116 and #118); RNG (Cert. #135); RSA (Certs. #101 and #102); CCM (Cert. #4) -Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
648	3Com 350 Campus Drive Marlborough, MA 01752-3064 USA -Victoria Van Spyk TEL: 408-326-8581	3Com Embedded Firewall PCI Cards (Hardware Versions: 03-0229-501 and 03-0347-501; Firmware Version: Runtime: 03.101.015, Diagnostic: 03.101.015, Sleep: 03.101.015) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006	Overall Level: 1 -FIPS-approved algorithms: Triple-DES (Cert. #212); RNG (Cert. #139); SHS (Certs. #188 and #189); HMAC (Certs. #120 and #130) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Offers hardware embedded encryption and authentication and Fast Ethernet Connectivity for fiber and copper cabled lan."
647	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite V2 on Axalto Cyberflex Access 64K V2 (Hardware Versions: P/Ns A1002057 and A1002631, Hardmask 1v3; Firmware Versions: V2.3.0c suite: ACA applet package version 2.3.0c, PKI/GC applet package version 2.3.0c, ASC library package version 2.3.0c; V2.6.1 suite: ACA applet package version 2.6.1, PKI/GC applet package version 2.6.1, ASC library package version 2.6.1; V2.6.2 suite: ACA applet package version 2.6.2, PKI/GC applet package version 2.6.2, ASC library package version 2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006; 05/26/2006; 08/29/2006	Overall Level: 2 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64) -Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed) Single-chip "This product can be configured to use with suite V2.3.0c for GSC-IS v2.1 support, and with suite V2.6.1 for both GSC-IS v2.1 support and SP800-73 Transitional Card Edge support (for HSPD12/PIV)."
646	PostX Corporation 3 Results Way Cupertino, CA 95014-5924 USA -Robert Olson TEL: 408-861-3513	PostX FIPS Cryptography Kernel (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "The PostX Messaging Application Platform is a trusted email solution that is an enterprise-class platform for encrypting ad hoc emails internal and external to the customer's network. As a compliance and enterprise solution, PostX MAP provides companies the options of deployment, when and how to encrypt, and policy enforcement from 100% on the desktop, 100% at the gateway, or any combination of gateway and desktop. The PostX FIPS Cryptography Kernel is the software module that provides the basic cryptographic functionality for the Messaging Application Platform."
645	SafeNet, Inc. 8029 Corporate Drive Baltimore, MD 21236 USA -Joel Rieger TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version: 3.21.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Solaris 8 2/02 on Sun Blade 2000 -FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403) -Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
644	SafeNet, Inc. 8029 Corporate Drive Baltimore, MD 21236 USA -Joel Rieger TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version: 3.21.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 1 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Linux 2.4.18-3 and Solaris 8.2/02 -FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403) -Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
643	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet Enterprise ATM Encryptor II, Model 600 (Hardware Versions: 901-11001-00x, 901-27001-00x, 901-37001-00x, 901-77001-00x, 901-41001-00x, 901-61001-00x, 901-51001-00x, 901-81001-00x; Firmware Version: 3.0) (Note: Refer to the cryptographic module’s security policy for the details on the letter x designation) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Certs. #268, #269 and #270); AES (Certs. #166, #167 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM ATM Encryptor II provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in ATM T1, E1, T3, E3, OC-3c and OC-12c networks."
642	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: OpenSSLfips1.0.tar.gz; Resultant Compiled Software Version: 1.0) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Not Available Security Policy Certificate	Software	03/22/2006; 03/29/2006; 06/21/2006	Overall Level: 1 -Operational Environment: Tested as meeting Leve 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) -FIPS-approved algorithms: Triple-DES (Cert. #256); AES (Cert. #146); DSA (Cert. #108); SHS (Certs. #235 and #360); HMAC-SHA-1 (Cert. #95); RSA (Cert. #78); RNG (Cert. #111) -Other algorithms: DES ((Cert. #258); Diffie-Hellman (key agreement, key establishment methodology provides between 80-bits and 256-bits of encryption strength) Multi-chip standalone
641	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust TruePass™ Applet Cryptographic Module (Software Version: 8.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/22/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4 and Windows XP SP2 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1; and Netscape Navigator Browser 7.0, (Certs. #7, #45, #47) or Microsoft Internet Explorer 6.0 SP1, (Certs. #76, #103); (operated in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #377); SHS (Cert. #379); RNG (Cert. #129); RSA (Cert. #91) -Other algorithms: CAST 128; RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Entrust TruePass Applet Cryptographic Module 8.0 performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
640	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-525A-3 and 3e-525V-3 AirGuard™ Wireless Access Point (Hardware Versions: 3e525A-3: HW V1.0(A), HW V1.0(B), HW V1.0(C), HW V1.0(D), and HW V1.0(E); 3e-525V-3: HW V1.0(E)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006; 08/01/2006; 02/12/2007; 04/26/2007	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. 238); HMAC (Cert. #13); SHA-1 (Cert. #278); RNG (Cert. #22); CCM (Cert. #1) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The AirGuardTM model 525A-3 and model 525V-3 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3 incorporates an extra video module to provide capability for remote video surveillance and camera control."
639	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite v1/v2 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Versions E302, E303-063683, E303-063684, E303-063792; Firmware Versions: ActivIdentity Applet Suite V1.1.6: ID applet v1.0.0.23, PKI applet v1.0.0.29, GC applet v1.0.0.27, SKI applet v1.0.0.16; ActivIdentity Applet Suite V1.1.6p: ID applet v1.0.0.25, PKI applet v1.0.0.32, GC applet v1.0.0.29, SKI applet v1.0.0.18; ActivIdentity Applet Suite V2.6.1: ACA applet v2.6.1, PKI/GC applet v2.6.1, ASC library v2.6.1; ActivIdentity Applet Suite V2.6.2: ACA applet v2.6.2, PKI/GC applet v2.6.2, ASC library v2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006; 05/26/2006; 08/29/2006; 10/03/2006; 07/24/2007	Overall Level: 2 -Roles, Services, and Authentication: Level 3 : -Physical Security: Level 3: -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v1.1.6 for enterprise deployment or with v2.6.1for the support of GSC-IS v2.1 and NIST SP800-73 Transitional Card Edge (for HSPD-12/PIV)."
638	Secure Computing Corporation 2340 Energy Park Drive St. Paul, MN 55108 USA -Chuck Monroe TEL: 651-628-2799 FAX: 651-628-2701	Cryptographic Module for SecureOS® (Software Version: 9.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with SecureOS® V6.1 by Secure Computing Corporation -FIPS-approved algorithms: Triple-DES (Cert. #368); AES (Cert. #295); DSA (Cert. #141); SHS (Cert. #368); HMAC (Cert. #106); RSA (Cert. #85); RNG (Cert. #120) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder G2® Security Appliance™ and Sidewinder G2 Enterprise Manager(tm). Sidewinder G2 is a line of comprehensive unified threat management (UTM) security appliances consolidating a variety of Internet security functions including Application Defenses™ firewall, anti-virus, anti-spam, traffic anomaly detection, IDS/IPS, and more. It is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
637	D'Crypt Private Limited 20 Ayer Rajah Crescent #08-08 Technopreneur Centre Singapore, 139964 Singapore -Quek Gim Chye TEL: (65) 6776-9210 FAX: (65) 6873-0796	d'Cryptor ZE Cryptographic Module (Hardware Versions: P/N DC-ZEN2-30 v3.0, DC-ZEN4-30 v3.0; Firmware Versions: Kernel v3.0, LFM v1.0, AFM v1.0 (builds 1124783674, 1124783679) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2006	Overall Level: 3 -FIPS-approved algorithms: AES (Cert. #298); Triple-DES (Cert. #371); SHS (Cert. #372); RSA (Cert. #90); HMAC (Cert. #108); RNG (Cert. #125) -Other algorithms: DES (Cert. #328) Multi-chip embedded "d'Cryptor ZE is a micro-token targeted at high security embedded applications. Central to the next generation d'Cryptor products, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
636	Renesas Technology Corporation 450 Holger Way San Jose, CA 95134-1368 USA -Victor Tsai TEL: 408-382-7735 FAX: 408-382-7490	Aspects Software OS755 for Renesas XMobile Card Module (Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2006	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Cert. #327); Triple-DES MAC (Cert. #327; vendor affirmed); RNG (Cert. #75); RSA (Cert. #57); SHS (Cert. #315) -Other algorithms: DES (Cert. #305); DES MAC (Cert. #305; vendor affirmed); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant) Single-chip "Aspects OS755 for Renesas XMobile Card Module is the combination of a Java Card compliant Operating System that implements FIPS Approved cryptographic functions and a secure Single Chip Silicon hardware. This module is a flexible platform capable of post-issuance customization and updates, and that offers Java Card 2.1.1 technology and GlobalPlatform 2.1 services in addition to a range of FIPS Approved on-board random-number generator, hardware accelerated Triple-DES and RSA algorithms, especially designed for the XMobile Card."
635	Cranite Systems, Inc. 121 Albright Way Los Gatos, CA 95032 USA -Don Beery TEL: 703-608-1263 FAX: 408-340-9800	WirelessWall Client (Software Version: 3.3) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode), Windows 2000 SP4 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #301); AES (Cert. #211); SHS (Cert. #288); HMAC (Cert. #18); RSA (Cert. #41); RNG (Cert. #55) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5 Multi-chip standalone "The Cranite WirelessWall Client enables laptop, desktop, and handheld computer users to securely connect to WirelessWall-protected networks. The Client authenticates users, encrypts wireless network traffic, and blocks malicious attacks. Additionally, the Client optionally seamlessly roam from subnet to subnet without re-authenticating. The Client optionally integrates with the Windows logon, providing secure single signon functionality. Cranite's WirelessWall Client is simple to use and is validated to the government's rigorous FIPS-2 security standard."
634	Check Point Software Technologies Ltd. Jabotinsky 3A Ramat Gan, 52520 Israel -Malcolm Levy TEL: +972 3 753 4552	VPN-1 (Firmware Version: NG with Application Intelligence R54) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/03/2006	Overall Level: 1 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 - Tested: Dell Optiplex GX-1 running Secure Platform Operating System version NG with Application Intelligence R54 -FIPS-approved algorithms: Triple-DES (Cert. #333); AES (Cert. #88); SHS (Cert. #325); HMAC (Cert. #56); RSA (Cert. #63); RNG (Cert. #30) -Other algorithms: DES (Cert. #311); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 97 bits of encryption strength); RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NG with Application Intelligence R54 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
633	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3251 Mobile Access Router Card (Hardware Version: 3.2; Firmware Version: 12.3(14)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2006; 12/06/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant) Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
632	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3220 Mobile Access Router Card (Hardware Version: 3.2; Firmware Version: 12.3(14)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2006; 12/06/2006	Overall Level: 1 -Cryptographic Module Specification: Level 2 -Cryptographic Module Ports and Interfaces: Level 2 -Roles, Services, and Authentication: Level 2 -Finite State Model: Level 2 -Cryptographic Key Management: Level 2 -EMI/EMC Level 2 -Self-Tests: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant) Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
631	Good Technology, Inc. 4250 Burton Drive Santa Clara, CA 95054 USA -Daphne Won TEL: 408-327-6227	FIPSCrypto on Windows Mobile (Software Version: 4.7.0.50906) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006	Overall Level: 1 -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 Operating System -FIPS-approved algorithms: AES (Cert. #134); Triple-DES (Cert. #240); SHS (Cert. #217); HMAC (Cert. #126) -Other algorithms: Multi-chip standalone "The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
630	PGP Corporation 3460 West Bayshore Palo Alto, CA 94303 USA -Stephan Somogyi TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006; 05/08/2007	Overall Level: 1 -Cryptographic Module Specification:Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with MAC OSX 10.4.2; Windows XP SP2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #379); AES (Cert. 308); DSA (Cert. #144); SHS (Cert. #381); HMAC (Cert. #114); RSA (Cert. #97); RNG (Cert. #131) -Other algorithms: CAST-5; IDEA; Two-Fish; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal Encrypt/Decrypt (key wrapping; key establishment methodology provides between 112 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 to 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers the same core crypto that is at the heart of PGP products."
629	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper NetScreen-5GT (Hardware Version: P/N NS-5GT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.t and 5.0.0r9b.t) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2 -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #239); Triple-DES (Cert. #329); DSA (Cert. #125); SHS (Cert. #286); RSA (Cert. #59); HMAC (Cert. #16); RNG (Cert. #58) -Other algorithms: DES (Cert. #307); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates multiple security functions - Stateful and Deep Inspection firewall, IPSec VPN, denial of service protection, antivirus and Web filtering. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security. The NetScreen-5GT Ethernet is available with five Ethernet interfaces that can be deployed in a wide variety of configurations."
628	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondLink/CL100 (Hardware Versions: P/Ns 5010D26200-4 Rev. C, 5010D26200-4 Rev. D, 5010D26200-5 Rev. D and 5010D26200-5 Rev. E; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondLink is a managed secure network appliance that features DiamondTEK's self protecting security computer. DiamondLink automatically identifies and authenticates the user to the network, encrypts communications and determines which data and servers the user is authorized to access. Security functions include token based user I&A, firewall filtering, IPSec, Data Driven Access Control (DDAC) capabilities and centralize management using the DiamondTEK DiamondCentral."
627	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondVPN/CV100 (Hardware Versions: P/Ns 5010D27450 Rev. D and 5010D27450 Rev. F; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondVPN is a rack-mounted network security appliance that can be installed to enforce a single security policy for a workgroup or department operating on your enterprise network. The DiamondVPN can also be deployed at the edge of a corporate LAN for outbound communications security and control of access to the LAN. The DiamondVPN supports secure pass-through to devices protected by other DiamondTEK products. This allows full-path, end-to-end security in combination with conventional site-to-site and remote-to-site tunneled communications."
626	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondPak/CP106 (Hardware Versions: P/Ns 5010D27630 Rev. C and 5010D27630 Rev. D; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondPak is a rack-mounted network appliance designed for protecting multiple servers, each having DiamondTEK's self-protecting security computer with a single security profile. With DiamondPak's advanced access-control system for protecting critical backend systems, DiamondPak provides the same security protection that is used for our governement's most sensitive information."
625	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 1750, 2700 and 5000 with VPN Router Security Accelerator (Hardware Versions: 1750, 2700 and 5000 with DM0011085; Firmware Version: 5.05_150) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 02/12/2007; 06/21/2007	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #158 and #367); AES (Certs. #48 and #292); SHS (Certs. #143 and #366); HMAC (Certs. #102 and #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
624	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 1700, 1750, 2700 and 5000 with Hardware Accelerator (Hardware Versions: 1700, 1750, 2700 and 5000 with DM0011052; Firmware Version: 5.05_150) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 04/26/2007; 06/21/2007	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #29 and #367); AES (Cert. #292); SHS (Certs. #51 and #366); HMAC (Certs. #101 and #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
623	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 600, 1700, 1750, 2700 and 5000 (Hardware Versions: 600, 1700, 1750, 2700 and 5000; Firmware Version: 5.05_150) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 04/26/2007; 06/21/2007	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Cert. #367); AES (Cert. 292); SHS (Cert. #366); HMAC (Cert. #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
622	Lexmark International, Inc. 740 West Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000	Lexmark PrintCryption (Firmware Version: 1.3.0) Validated to FIPS 140-2 Security Policy Certificate	Firmware	01/19/2006; 12/13/2006; 01/04/2007	Overall Level: 1 -Tested: T630, T632, T634, T640, T642, T644, C534, C760, C762, C912, C920, W820, W840, Lexmark ver. 2.4 O/S -FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360 and #470); AES (Certs. #273, #274, #275, #276, #277 and #452); RSA (Certs. #73, #74, #75, #76, #77 and #171); SHS (Certs. #350, #351, #352, #353, #354 and #515); HMAC (Certs. #89, #90, #91, #92, #93 and #215); RNG (Certs. #100, #101, #102, #103, #104 and #237) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Lexmark PrintCryption Card is an option for the Lexmark series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
621	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Rose Quijano-Nguyen TEL: 408-473-1313 FAX: 408-473-1307 -Chris Winter TEL: 408-473-1393 FAX: 408-473-1307	CryptoStor Tape 702 and 704 (Hardware Versions: FC702 - P/N 820-0004-01 Rev 2 and FC704 - P/N 820-0005-01 Rev 1; Firmware Version: 2.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/19/2006	Overall Level: 3 -FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and #183); SHS (Certs. #258 and #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Certs. #35 and #83) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a readily deployable, high-speed tape security appliance that compresses, encrypts and digitally signs data as it goes to tape media or virtual tape--without disrupting backup processes. CryptoStor dynamically intercepts backup/restore communications between hosts and tape libraries-centrally managing and fully off-loading tape media security functions. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery with the appliance or with a software-only utility."
620	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM- VPN/EPII-Plus (Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #219, #181 and #100); Triple-DES (Certs. #311, #283 and #213); SHS (Certs. #300, #267 and #401); HMAC (Certs. #29, #27 and #38); RNG (Cert. #31) -Other algorithms: DES (Certs. #292, #275 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
619	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus (Hardware Version: 2851; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #219, #96 and #100); Triple-DES (Certs. #311, #210 and 213); SHS (Certs. #300, #317 and #401); HMAC (Certs. #84, #50 and #38); RNG (Cert. #97) -Other algorithms: DES (Certs. #292, #233 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
618	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 Integrated Services Router with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Router with AIM-VPN/HPII-Plus (Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -FIPS-approved algorithms: Triple-DES (Certs. #210, #213 and #311); AES (Certs. #96, #100 and #219); RNG (Cert. #97); SHS (Certs. #300, #317 and #401); HMAC (Certs. #38, #50 and #84) -Other algorithms: DES (Certs. #233, #235 and #292); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 3800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
617	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Router with AIMVPN/ EPII-Plus (Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #219 and #100); Triple-DES (Certs. #311 and #213); SHS (Certs. #300 and #401); HMAC (Certs. #84 and #38); RNG (Cert. #97) -Other algorithms: DES (Certs. #292 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip Standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
616	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 and Cisco 2801 Integrated Services Router (Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31) -Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
615	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Donovan Deakin TEL: 206-217-7500 FAX: 206-217-7515	Reflection Security Component for Java (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/06/2006	Overall Level: 1 -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Mac OS X 10.3.5 and Apple Java Runtime Environment 1.4.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20) -Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength) Multi-chip Standalone "Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
614	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan Taiwan 326, Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HICOS PKI Smart Card (Hardware Version: HD65145C1; Software Version: GINA Applet: 1.0, PKI Applet: 1.0, FISC II Applet: 1.2; Firmware Version: HardMask: 1.0, SoftMask: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #72); Triple-DES (Cert. #355); SHS (Cert. #357); RNG (Cert. #107); AES (Cert. #272); HMAC (Cert. #87); Triple-DES MAC (Cert. #355, vendor affirmed) -Other algorithms: Single-chip "The HICOS PKI smart card module is a single chip implementation of a cryptographic module. The HICOS PKI smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."

Need Assistance?

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, All

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All